Privacy Policy

Last updated: 2026-06-11

Privacy Policy

Last updated: 11 June 2026

Azories Ltd ("Azories", "we", "us") operates the Azories platform at azories.com and via our mobile apps. This policy explains what personal data we collect, why, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

Azories Ltd is the data controller for personal data collected through this platform. Contact us at books@azories.com for any privacy-related queries.

2. Data We Collect

Account data: Email address, display name, and hashed password when you register. If you sign in with Apple or Google, we receive your name and email from those providers.

Content you create: Books, stories, characters, images, and audio narrations you generate on the platform. This content is stored on our servers and Cloudinary (our image CDN).

Payment data: We do not store card details. Payments are processed by Stripe, who are PCI-DSS compliant. We store transaction records (amount, date, credits purchased) without any card information.

Usage data: Pages viewed, features used, reading progress, and session information. Collected via PostHog (analytics) and our own database.

Device data: Browser type, device type, IP address, and crash reports collected automatically when you use the platform.

Children's data: Azories is intended for use by adults creating content for children, or by children aged 13+ with parental consent. We do not knowingly collect personal data directly from children under 13. If you believe a child under 13 has created an account without parental consent, contact us at books@azories.com and we will delete the account promptly.

3. Why We Use Your Data

| Purpose | Legal Basis |
|---|---|
| Providing the service (account, books, generation) | Contract |
| Processing payments | Contract |
| Preventing abuse and content moderation | Legitimate interest |
| Improving the platform (analytics) | Legitimate interest |
| Sending transactional emails (password reset, receipts) | Contract |
| Marketing emails (if you opt in) | Consent |

4. Who We Share Data With

We use the following third-party processors:

  • Stripe — payment processing (UK/EU data centre)
  • Cloudinary — image storage and delivery (US, with Standard Contractual Clauses)
  • fal.ai — AI image generation (prompts and generated images)
  • OpenAI — story text generation and image generation (prompts only; we do not send personal data)
  • ElevenLabs — audio narration generation (text content only)
  • PostHog — product analytics (anonymised usage data)
  • Brevo — transactional email delivery
  • MongoDB Atlas — database hosting

    • We do not sell your personal data to any third party.

    5. Data Retention

  • Account data: Retained while your account is active, plus 30 days after deletion to allow recovery.
  • Books and content: Deleted immediately when you delete them or delete your account.
  • Payment records: Retained for 7 years to comply with UK financial regulations.
  • Usage logs: Retained for 90 days then deleted.
  • Anonymised analytics: Retained indefinitely (no personal identifiers).

    • 6. Your Rights

    Under UK GDPR you have the right to:

  • Access your personal data (email books@azories.com)
  • Correct inaccurate data (via your profile settings)
  • Delete your account and all associated data (Settings → Delete Account)
  • Export your data — email books@azories.com and we will provide a JSON export within 30 days
  • Object to processing based on legitimate interest
  • Withdraw consent for marketing emails at any time via the unsubscribe link

    • To exercise any right, email books@azories.com. We will respond within 30 days.

    7. Cookies

    We use:

  • Essential cookies: Session token, preferences. Cannot be disabled.
  • Analytics cookies: PostHog session recording and event tracking. You can decline these via the cookie banner.

    • We do not use advertising or tracking cookies.

    8. International Transfers

    Some of our processors (Cloudinary, OpenAI, fal.ai, PostHog) are based in the US. Transfers are covered by Standard Contractual Clauses approved by the UK ICO.

    9. Security

    We use HTTPS for all data in transit, bcrypt for password hashing, and JWT for session tokens. We conduct regular dependency audits. No security system is perfect — if you discover a vulnerability, please email books@azories.com.

    10. Changes to This Policy

    We will notify registered users by email of any material changes to this policy at least 14 days before they take effect.

    11. Contact and Complaints

    Email: books@azories.com

    If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

    We use cookies to improve your experience. Learn more