TaleSpace

Privacy Policy

TaleSpace LLC — Privacy Policy
Effective date: 26 April 2026

INTRODUCTION
TaleSpace LLC (“TaleSpace”, “we”, “us”, or “our”) operates the talespace.club website and related services (the “Service”), which provide paid subscriptions to text-based stories and related features. This Privacy Policy explains what personal data we collect, how we use and share it, the legal bases for processing (where applicable), the rights you have, and how we protect your information.

By using the Service you accept this Privacy Policy. If you do not agree, do not use the Service.

  1. MINIMUM AGE
    The Service is intended only for persons aged 18 or older (or older if your local law sets a higher age). If you are under the minimum age required in your jurisdiction, do not create an account or use the Service. If we learn that a child under the required age has created an account, we will take steps to delete the account and associated personal data.

  2. WHAT WE COLLECT
    2.1 Information you provide directly: email address, name or display name, profile information, content you upload or submit (User Content), communications with support, and billing contact details.
    2.2 Payment data: we do not store full card details on our servers; payment card data is processed by our payment processor and we store only tokenized references and transaction records.
    2.3 Automatically collected information: device identifiers, IP address, browser and device type, operating system, referral data, times and dates of access, reading progress and usage events, error and crash logs, and cookies or other local storage identifiers.
    2.4 Aggregated / de-identified data: we may aggregate or anonymize data for analytics and product improvement; aggregated data is not treated as personal data.

  3. HOW WE USE PERSONAL DATA
    We use personal data to:
    • provide, operate, and maintain the Service (authentication, content delivery, saving reading progress);
    • process and manage subscriptions, payments, receipts and refunds;
    • send service-critical communications (account verification, password resets, security alerts, billing notices);
    • send marketing communications where you have opted in or where we rely on lawful bases permitted by law for occasional messages;
    • improve the Service and perform analytics and A/B testing;
    • detect, prevent and address fraud or other illegal or abusive activity;
    • comply with legal obligations.

  4. CONSENT TO SERVICE MESSAGES AND MARKETING; PROTECTION AGAINST “SPAM” CLAIMS
    4.1 Service messages: by providing your email during account creation or in any Service form, you consent to receive service-related emails that are necessary for account operation (e.g., password reset, billing notices, security alerts). These are essential messages and cannot be unsubscribed from.
    4.2 Marketing messages: where required by law we will obtain your explicit consent before sending marketing emails. In other jurisdictions, we may send occasional marketing emails under our legitimate interests, while always respecting your opt-out choices.
    4.3 Frequency and evidence: we limit the frequency of marketing messages. We log and store consent records (timestamp, method of consent, IP address and form used) and maintain unsubscribe records to demonstrate compliance and to defend against spam allegations.
    4.4 How to opt out: you may unsubscribe from marketing communications at any time via the “unsubscribe” link in emails or by contacting support@talespace.club. Unsubscribing does not affect service messages.

  5. SUBPROCESSORS (WHO WE SHARE DATA WITH)
    We do not sell your personal data. To provide the Service, we share data with trusted third-party processors. Current subprocessors include the following (listed once):
    PostHog
    Stripe
    Google Ads
    Google Analytics
    Meta Platforms
    TikTok
    Resend

We enter into written data processing agreements with our subprocessors requiring adequate security measures and limiting processing to our documented instructions. A current, complete list of subprocessors is available on request; we will notify users of material additions.

  1. LEGAL BASES FOR PROCESSING (EU/EEA/UK)
    Where applicable, our legal bases include: performance of a contract (providing subscriptions and account services); compliance with legal obligations; legitimate interests (product improvement, fraud prevention, security, limited marketing when balanced against user rights); and consent (for marketing and certain cookies). For residents subject to GDPR, you may request the legal basis applied to your processing.

  2. DATA RETENTION
    • Transaction and accounting records: retained for at least 7 years for accounting, tax and dispute resolution.
    • Account information and reading progress: retained while your account is active and for a reasonable time after deletion unless you ask for earlier deletion and it is technically feasible.
    • Raw analytics logs: retained for up to 24 months by default, then aggregated or deleted; aggregated/anonymized analytics may be kept longer.
    • Backups and archival copies: retained according to internal policies and applicable legal obligations; deletion from backups may be delayed.

  3. INTERNATIONAL TRANSFERS
    Personal data may be transferred and stored outside your country of residence. Where transfers occur from the EEA/UK we rely on appropriate safeguards (for example Standard Contractual Clauses) or other legal mechanisms. You may request copies of the safeguards used.

  4. COOKIES AND TRACKING TECHNOLOGIES

    Technical signals. We use technical signals (rate-limits, bot detection, session tokens, invisible challenge widgets such as Cloudflare Turnstile) to protect the Service from abuse and automated scraping. These signals operate on standard HTTP, cookie, and behavioral metadata and do not collect Personal Data beyond what is described elsewhere in this Privacy Policy.We use cookies and similar technologies for authentication, preferences, analytics, and advertising. You can manage cookie preferences via in-app controls (where provided) or via your browser settings. Essential cookies required for the Service to function will be used regardless of marketing consent.

  5. YOUR PRIVACY RIGHTS
    Depending on your jurisdiction, you may have rights to: access, correct, delete, restrict processing of, or port your personal data; object to certain processing (including direct marketing); withdraw consent where relied upon. To exercise rights, contact support@talespace.club. We may need to verify your identity before responding; we will respond within applicable legal timeframes.

  6. SECURITY
    We implement reasonable technical and organizational measures to protect personal data (encryption, access controls, monitoring). No system is perfectly secure; in the event of a data breach we will notify affected individuals and regulators as required by law.

  7. CHILDREN
    The Service is not intended for children under 18 (or the higher local minimum age). If you believe we have collected personal data from a child under the applicable minimum age, contact support@talespace.club and we will take steps to delete it.

  8. LINKS TO THIRD-PARTY SITES
    The Service may contain links to third-party websites or resources. We are not responsible for the privacy practices or content of third parties.

  9. DMCA / COPYRIGHT ISSUES (IF APPLICABLE)
    If you believe that content on the Service infringes your copyright, send a takedown notice to support@talespace.club containing the information required under applicable law (identification of the copyrighted work, location of the infringing material, a statement of good faith, and your contact details). We will respond and act in accordance with applicable law.

  10. CHANGES TO THIS POLICY
    We may update this Privacy Policy. Material changes will be communicated via the Service and/or email prior to taking effect. Continued use after changes constitutes acceptance.

  11. CONTACT / DATA PROTECTION INQUIRIES
    For privacy inquiries, data subject requests, or questions about this Policy, contact: support@talespace.club.

APPENDIX — DPA SUMMARY (Controller ⇄ Processor)
Below is a concise summary of the key commitments we require from subprocessors. This summary is provided for transparency:

• Purpose and scope: processor will only process data on our documented instructions for the purpose of providing the named service.
• Security: processor will implement appropriate technical and organizational measures.
• Confidentiality: processing personnel must be bound by confidentiality obligations.
• Subprocessing: processor may engage subprocessors only with our authorization and must provide an up-to-date list of subprocessors.
• Data subject rights: processor will assist us in responding to data subject requests.
• Breach notification: processor will notify us without undue delay upon becoming aware of a personal data breach.
• Return/deletion: at the end of the contract the processor will delete or return personal data unless retention is required by law.
• Cross-border transfers: processor will implement appropriate safeguards (e.g., SCCs).