FableKit

Privacy Policy for FableKit

Last Updated: 2 November 2025

Introduction

Welcome to FableKit. We at Simpaira Ltd. ("we," "us," "our") are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, mobile application, and services (collectively, the "Service"). It also describes your data protection rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our company, Simpaira Ltd., is the "data controller" for the personal information we process.

  • Company Name: Simpaira Ltd.
  • Contact Email: info@simpaira.com

1. What is our "Legal Basis" for Using Your Data?

Under UK GDPR, we must have a "legal basis" (a valid legal reason) for using your data. We rely on the following:

  • To Fulfill Our Contract: We need to process your data to provide the Service you've signed up for (e.g., to create your account, generate your novel, and take your payment).
  • Legitimate Interest: We may use your data for our "legitimate interests," such as improving our Service or preventing fraud. We only do this when your rights and interests do not override ours.
  • Your Consent: In some specific cases, we may ask for your consent to use your data (e.g., for marketing emails, which you can opt-out of at any time).
  • Legal Obligation: We may be required to process your data to comply with a legal or regulatory obligation.

2. What Personal Data Do We Collect?

We collect data in two ways: data you give us, and data we collect automatically.

A. Data You Provide to Us:

  • Account Data: When you sign up using Firebase Authentication (Sign in with Google), we receive and store your name, email address, and Google profile picture URL from your Google account. We do not receive or store a password.
  • User-Generated Content: We collect and store the Prompts you submit to the AI. We also store the Outlines and Novels you generate.
  • Payment Data: When you buy Credits, you provide payment information (like your credit card number) directly to our payment processor, Stripe. We do not see or store your full credit card number. We only receive a transaction confirmation, the last four digits of your card, and your billing country.
  • Communications: When you contact us at info@simpaira.com, we store a record of our correspondence.

B. Data We Collect Automatically:

  • Service & Log Data: When you use our Service, our servers, which are hosted on Google Cloud Platform (GCP) Cloud Run, automatically record log data. This includes your IP address, browser type, device type, operating system, and the dates and times of your requests. This is essential for security, logging, and diagnostics.
  • Usage Data (Analytics): We do not currently use third-party analytics services like Google Analytics. We may collect anonymized, internal data about which features are used to help us fix bugs and improve the App. If we implement a formal analytics service in the future, we will update this policy.

3. How Do We Use Your Personal Data?

We use your data for specific purposes, linked to our legal basis:

  • To Fulfill Our Contract:
    • To authenticate you using "Sign in with Google."
    • To process your Prompts with our AI models (Gemini 2.5 Pro for Outlines and Gemini 2.5 Flash for Novels) to generate your content.
    • To process your Credit purchases via Stripe.
    • To display your published Novels on the "Browse" page (if you choose).
  • To Improve Our Service (Our Legitimate Interest):
    • To analyze server logs to monitor for bugs, crashes, and security threats.
    • To understand which features are most popular to guide future development.
  • To Communicate With You (Our Legitimate Interest):
    • To respond to your support requests.
    • To send you important service-related announcements (e.g., changes to our Terms or downtime).
  • To Protect Our Service (Our Legitimate Interest):
    • To monitor for fraud, spam, or violations of our Acceptable Use Policy.

4. Who Do We Share Your Data With? (Our Sub-processors)

We do not sell your personal data. We only share it with trusted third-party services ("sub-processors") who are essential for running the App. We have legal agreements with all of them, and they are not permitted to use your data for their own purposes.

Our sub-processors are:

  • Google (Firebase, GCP, and AI Models):
    • Purpose: Google is our primary technology partner.
    • Firebase Authentication handles your secure sign-in.
    • Firestore (Database) securely stores your account data, Prompts, and Novels.
    • GCP Cloud Run (Hosting) runs our application and logs technical data.
    • Gemini AI Models receive your Prompts to generate your content.
    • Our AI Data Pledge: As stated in our Terms, your creative content (Prompts and Novels) is not used to train the AI models.
  • Stripe (Payments):
    • Purpose: To securely process your payments for Credits.

We may also disclose your data if required by law, such as in response to a court order or a valid request from law enforcement.

5. How Do We Keep Your Data Secure?

We take the security of your data very seriously. We use industry-standard technical and organizational measures to protect it, including:

  • Encryption: All data is encrypted in transit (between you and us) using SSL/TLS and at rest (in our Firestore database).
  • Access Control: Access to your personal data is strictly limited to authorized Simpaira Ltd. personnel who need it to perform their jobs (e.g., for customer support).
  • Secure Authentication: By using Google Sign-in, we rely on Google's robust security to protect your login.
  • Secure Payments: We use Stripe, which is PCI-compliant, meaning your payment details are handled at the highest level of security.

However, no system is 100% secure. We cannot guarantee the absolute security of your data.

6. How Long Do We Keep Your Data? (Data Retention)

We keep your personal data for as long as you have an account with us.

  • Account Data & Novels: We retain this data as long as your account is active. If you delete your account, we will permanently delete this data from our live systems within a reasonable timeframe (e.g., 30-60 days).
  • Payment Records: We do not store your payment data, but our processor, Stripe, may be legally required to retain records of your transactions for several years for financial and tax compliance.
  • Backup Data: We may keep data in secure, isolated backups for a limited time (e.g., for disaster recovery), but it will be permanently deleted after our backup cycle.

7. Your Data Protection Rights (Under UK GDPR)

You have specific rights over your personal data. You can exercise these rights at any time by contacting us at info@simpaira.com.

  • The Right to Access: You can request a copy of the personal data we hold about you.
  • The Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
  • The Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data. We will do so unless we have a legal reason to keep it.
  • The Right to Object: You can object to us processing your data for our "legitimate interests."
  • The Right to Data Portability: You can request that we provide your data in a structured, machine-readable format to transfer to another service.
  • The Right to Complain: If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with data protection laws.

8. International Data Transfers

Your data is processed in data centers run by our sub-processors (Google and Stripe), many of which are located in the United States.

We ensure your data is protected when it is transferred outside the UK by using legally-approved transfer mechanisms, such as Standard Contractual Clauses (SCCs) (and the UK Addendum), which require our partners to uphold UK GDPR-level data protection standards.

9. Our Use of Cookies

We use a minimal number of cookies.

  • Strictly Necessary Cookies: We use cookies from Firebase Authentication to keep you securely logged in. These are essential for the App to function.
  • Analytics Cookies: As stated, we do not currently use analytics cookies.

Because we only use strictly necessary cookies, we do not currently show a pop-up cookie banner. If we add analytics or marketing cookies in the future, we will update this policy and implement a consent banner.

10. Changes to This Privacy Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or with an in-app notification at least 30 days before the changes take effect.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us.

Simpaira Ltd.
info@simpaira.com

    We Value Your Privacy

    We use essential cookies to make our site work. With your permission, we would also like to use non-essential analytics cookies to help us improve your experience. By clicking “Accept All,” you agree to our use of all cookies. You can change your settings at any time. For more details, see our Privacy Policy.