Menu

After Dark Stories

Write

Create Story My Stories Saved Stories Published Stories

Profile & Support

Sign In About & Contact
Create Story Sign In

Privacy Notice

Private by design, explainable by default.

This notice explains how After Dark Stories handles account data, private drafts, published story previews, reports, and EU privacy rights. It is a product notice, not legal advice.

Last updated: May 27, 2026.

Controller and contact

The service operator for After Dark Stories acts as the controller for account, profile, story, report, and operational data.

Use the Acknowledgement & Contact form for privacy rights, safety, takedown, or account requests.

Data we process

  • Account data: email, public handle, password hash, verification status, billing readiness fields, and security status.
  • Profile data: display name, public bio, private notes, profile visibility, and processed profile photo URL.
  • Story data: prompts, generation settings, chats, drafts, published story previews, story status, and creator actions.
  • Security data: sessions, CSRF tokens, hashed API tokens, device/session metadata, IP address, user agent, and logged break-glass access.
  • Reports: contact details, report type, country, related URL, message, review status, and review due date.

Purposes and legal bases

We process data to provide accounts, authenticate users, generate and store private fiction, publish creator-selected story previews, protect the service, answer reports, and comply with legal duties.

Typical EU legal bases include contract performance, legitimate interests in security and service integrity, consent where the user chooses optional profile/public content, and legal obligation where applicable. Do not submit personal data about real third parties, minors, or illegal content.

EU privacy rights

EU users can request access, correction, deletion, restriction, portability, objection, and withdrawal of consent where consent applies. Privacy rights requests are routed through the contact form and assigned a 30-day review target.

You may also contact your local data protection authority. We may need to verify account ownership before acting on a request.

Retention and transfers

Account, story, and profile data are retained while the account or story remains active, unless deletion or legal hold applies. Web sessions and verification codes expire. Contact reports are retained for safety, legal, privacy, and audit review.

Local development uses local storage. Production hosting, mail, storage, billing, and story-engine providers should be configured with appropriate EU transfer and processor terms before launch.

Make a privacy request