ChainTale — Privacy Policy

DRAFT — requires review by qualified counsel before publication. This is a working draft grounded in ChainTale's actual code and infrastructure (the iOS privacy manifest PrivacyInfo.xcprivacy; the backend routers under backend/app/routers/; the AI-generation pipeline in backend/app/generation.py; the payments/receipt code in backend/app/routers/purchases.py, store.py, and appstore.py; the moderation pipeline in backend/app/worker/media.py and toxicity.py; and the Terraform infrastructure under infra/). It is not legal advice. Company, contact, jurisdiction, and effective-date details are now filled in (Tygart Nexus LLC), but qualified-counsel legal review has not been performed. The audience posture is RESOLVED: 13+ (teen audience, audience_mode = teen_open_ugc) per docs/compliance/age-policy.md — a posture that knowingly re-opens child-privacy obligations (COPPA, GDPR Art. 8).

Last updated: 2026-06-18 (draft). Effective date: June 18, 2026.

1. Who we are

ChainTale (the "App"; identified internally and in the App Store build as "StoryChainMVP", bundle ID com.jontygart.StoryChainMVP) is a short-form, branching video application in which users create video "clips," continue ("branch") one another's clips into evolving stories, and can also generate video clips using AI. The App is operated by Tygart Nexus LLC ("we", "us", "our"), the data controller for the personal data described in this policy.

Contact / privacy enquiries: jon.tygart@tygartnexus.com
Postal address: 200 E Robinson St., Suite 1120, Orlando, FL 32801, United States
Governing jurisdiction: the State of Florida, United States

If you are in the EU/EEA or the UK, our representative and (where required) our Data Protection Officer are identified in Section 13.

2. Summary (plain-language)

We collect the email address you sign up with, the video and audio content you create or generate, identifiers from our login provider (Amazon Cognito) and an internal user ID, a device / push token if you enable notifications, and purchase history for the in-app purchases you make through Apple.
We use this data to run the App, deliver your clips and branches to other users, generate AI video at your request, process purchases of credits and subscriptions, keep the service safe (content moderation), and send you notifications you ask for.
ChainTale lets you generate video using a third-party AI provider, Higgsfield. When you generate a clip, your text prompt and a seed image derived from the parent clip are sent to Higgsfield to render the video. See Section 6.
We store your data on Amazon Web Services (AWS) infrastructure. AWS, Higgsfield, and Apple are the third parties that process your data on our behalf or in connection with the App. We do not sell your personal data, and the App does not track you across other companies' apps or websites (our iOS privacy manifest declares no tracking).
You must be at least 13 years old to use ChainTale (see Section 10). The App is not directed to children under 13, and minors who use it must have a parent or guardian's consent. Because we admit teen users, we handle some data of minors and apply the children's-data measures in Section 10.

3. Data we collect (matched to our iOS privacy manifest)

The table below maps the data types declared in our App Store privacy manifest (ios/StoryChainMVP/StoryChainMVP/Resources/PrivacyInfo.xcprivacy) to what we actually collect. Every type below is declared as linked to your identity, not used for tracking, and collected for app functionality.

Manifest data type	What it is in ChainTale	Source
Email address	The email you register and sign in with (via Amazon Cognito)	You, at sign-up
Photos or Videos	The video clips you record/upload and the AI clips you generate, plus thumbnails/derivatives we create	You, when you create, upload, or generate
Audio data	The audio track contained in your video clips	You, when you create or upload
User ID	Your Amazon Cognito subject identifier and our internal account ID	Generated at sign-up/login
Device ID	Your Apple Push Notification service (APNs) device/push token	Your device, if you enable notifications
Purchase history	Records of the credit packs and the subscription you buy through Apple in-app purchase	Apple / your transactions

In addition to the manifest types above, operating the App necessarily produces the following service-side records, which are derived from or attached to the data you provide:

Category	Examples	Source
Content metadata & relationships	Clip IDs, captions/prompts, the parent/branch ("continuation") relationships between clips, stories you start, continue, save, like	The App
AI-generation data	The text prompt you submit, the seed image derived from the parent clip's last frame, generation parameters, and the `is_ai_generated` label applied to generated clips (Section 6)	You + the App
Moderation results	Automated safety verdicts and tiers about your clips and comments (Section 7)	Generated by our moderation pipeline
Social graph & safety actions	Follows, blocks, and reports you make or that are made about your content	You / other users
Credits ledger	An immutable record of credits granted (purchase, subscription renewal, daily free allowance) and spent (one credit per AI generation), with refunds on failed generations	The App
Date of birth & age-gate result	The date of birth you enter at the age gate (used to confirm you are at least 13) and the resulting age-verified status (see below)	You, at the age gate
Support / safety correspondence	Emails you send us; abuse and DMCA reports	You

A note on the age gate. ChainTale requires you to be at least 13. When you pass the age gate (POST /v1/profiles/me/age), you enter your date of birth so the App can confirm you are at least 13 and block anyone younger. We collect and store your date of birth for age verification and to evidence that we enforce the 13+ floor; it is retained with your account record and deleted (nulled) when your account is deleted. Age is self-attested — we do not run additional age-assurance checks. See Section 10.

We do not intentionally collect special-category / sensitive data, precise geolocation, contacts, or health data. We do not operate facial-recognition or face-swap features, and we do not use the App to track you across other companies' apps or sites (our privacy manifest declares NSPrivacyTracking = false with no tracking domains).

4. Why we use your data (purposes & legal bases)

Where the GDPR applies, the corresponding legal basis is shown.

Purpose	Data used	GDPR legal basis
Create and authenticate your account	Email, user ID	Contract (Art. 6(1)(b))
Store, process, and display your clips and branches to other users	Video/audio content, content metadata, user ID	Contract (Art. 6(1)(b))
Generate AI video at your request via Higgsfield	Prompt, seed image, generation parameters	Contract (Art. 6(1)(b))
Process in-app purchases of credits and the subscription	Purchase history, user ID	Contract (Art. 6(1)(b))
Content moderation and platform safety	Video/audio, comments, moderation results	Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) for unlawful content
Operate social features (follow, block, report)	Social graph & safety actions	Contract / legitimate interests
Enforce the 13+ age gate and protect minors	Date of birth, age-verified status	Legal obligation (Art. 6(1)(c)); legitimate interests in keeping under-13s off the service and protecting teen users
Send push notifications you enable	Device/push token, user ID	Consent (Art. 6(1)(a)); withdraw in device settings
Respond to support, rights, and DMCA requests	Support correspondence, user ID	Legal obligation / legitimate interests
Comply with law and enforce our Terms	As needed	Legal obligation (Art. 6(1)(c))

We do not use your data for advertising profiling, and we do not run third-party advertising or cross-app tracking SDKs.

5. AI-generated content and your prompts

ChainTale lets you generate a video clip by submitting a text prompt to continue another clip. To do this:

We screen your prompt for prohibited content (e.g. child sexual abuse material, sexualisation of minors, certain self-harm and weapons content) before any generation is attempted.
We send your prompt text, a seed image derived from the parent clip's last video frame, and generation parameters (model, aspect ratio, duration, resolution) to our AI generation provider, Higgsfield (see Section 6), which renders the video.
The resulting clip is labelled as AI-generated (is_ai_generated) and runs through the same content-moderation pipeline as camera uploads (Section 7).
Generating a clip spends one credit (Section 8). If generation fails, the credit is automatically refunded to your balance.

AI generation involves automated processing of the prompt and seed image. Output is machine-generated and may be inaccurate, unexpected, or not what you intended; we do not guarantee any particular result.

We do not sell your personal data and we do not share it for cross-context behavioural advertising. We share data only with the service providers ("sub-processors") below, who process it on our behalf under contract, and where the law requires.

Infrastructure & processing — Amazon Web Services, Inc. (AWS):

AWS service	What it does with your data
Amazon Cognito	Account sign-up, login, and identity tokens (passwords are handled by Cognito; we never store them)
Amazon S3	Stores your raw uploads, processed video, and thumbnails (encrypted at rest with our KMS keys)
Amazon RDS (PostgreSQL)	Stores account records, clip and story metadata, branch relationships, moderation results, and the credits ledger (encrypted at rest with our KMS key in production)
Amazon CloudFront	Content delivery (CDN) for processed video and thumbnails over HTTPS
Amazon Rekognition	Automated image-frame safety classification of uploaded/generated video (Section 7)
Amazon Transcribe	Speech-to-text on clip audio, used to screen spoken content
Amazon Comprehend	Text toxicity analysis of transcripts and comments (Section 7)
Amazon SQS / Secrets Manager	Job queuing for processing/notifications; encrypted secrets storage

Higgsfield (AI generation provider). When you generate a clip, your prompt text, a seed image derived from the parent clip, and generation parameters are sent to Higgsfield to render the video. Higgsfield processes this data to produce the requested output. [Counsel/engineering: confirm Higgsfield's data retention and whether it uses submitted data for model training, and reflect that here; link to Higgsfield's terms/privacy.]

Apple, Inc. Apple operates the in-app purchase system: Apple is the merchant of record for your purchases of credits and the subscription, and processes your payment. We receive purchase/transaction records (not your full payment-card details) to grant credits and manage your subscription. If you enable notifications, your push token is used with the Apple Push Notification service (APNs). App Store distribution and any crash/usage reporting are governed by Apple's own privacy terms.

Other recipients:

Legal / safety: law enforcement or regulators where we are legally required to disclose, and to protect users (e.g. credible threats, suspected child-safety violations, including reports to NCMEC where required by law).
Corporate transactions: a successor entity in a merger, acquisition, or asset sale, subject to this policy.
Rights holders: the limited information necessary to handle a DMCA notice or counter-notice (see docs/legal/DMCA_POLICY.md).

A current, itemised sub-processor list is available on request at jon.tygart@tygartnexus.com. We will give notice of material changes to our sub-processors where required.

7. Content moderation

Because ChainTale hosts user-generated and AI-generated video and comments, content is screened by automated moderation. Uploaded and generated clips are not made public until moderation has run (the pipeline fails closed — content stays pending rather than auto-publishing). Moderation uses AWS managed services:

Amazon Rekognition — image safety classification of frames sampled from your video (e.g. nudity, sexual activity, graphic violence, hate symbols).
Amazon Transcribe — speech-to-text on clip audio to screen spoken content.
Amazon Comprehend — text-toxicity scoring of transcripts and (where enabled) comments.

Moderation assigns a safety tier to your content and a decision (allowed, limited, or blocked). Blocked content does not surface publicly; limited content may have reduced reach. AI-generated clips are moderated the same way as camera content. You can contact us at jon.tygart@tygartnexus.com to dispute a decision.

8. Purchases, credits, and subscriptions

ChainTale uses Apple in-app purchase for two things:

Credit packs — one-time purchases of virtual "credits" (e.g. 20, 50, or 120 credits). One credit is spent per AI generation. You may also receive a small daily free credit allowance.
Studio Monthly — an auto-renewing subscription that grants a monthly allotment of credits.

Apple is the merchant of record. We do not process or store your payment card. We validate Apple's signed transaction records to grant credits and to manage your subscription, and we receive App Store server notifications about renewals, refunds, and revocations. We keep an internal credits ledger of grants and spends linked to your account. For the commercial terms of credits and the subscription (non-refundability, no cash value, auto-renewal, cancellation), see the Terms of Service.

9. International data transfers

Our infrastructure runs on AWS in the United States, and our AI generation provider (Higgsfield) and Apple may process data in the United States and other countries. If you access the App from the EU/EEA, the UK, or another region, your personal data is transferred to and processed in those locations. Where required, such transfers rely on appropriate safeguards (e.g. the EU Standard Contractual Clauses and the UK Addendum, and/or the EU–US Data Privacy Framework where applicable). Contact jon.tygart@tygartnexus.com for a copy of the relevant safeguards.

10. Minors and children's data (13+ service)

You must be at least 13 years old to use ChainTale. The App is not directed to children under 13, and we do not knowingly collect personal data from anyone under 13. Because we admit teen users (13 and older), this section describes how we treat the data of minors.

The 13+ age gate. At the age gate (POST /v1/profiles/me/age) you provide your date of birth so the App can confirm you are at least 13; see Section 3 for how we handle that date of birth. Anyone who attests an age under 13 is blocked from creating an account. Age is self-attested — we rely on the date of birth you enter and do not run further age-assurance checks.

Under-13s who slip the gate (COPPA). Because the age gate relies on self-attested date of birth, a child under 13 could enter a false date of birth and create an account. We take reasonable measures to keep under-13s off the service (the age gate, our content rules, and account action on reports). If we obtain actual knowledge that a user is under 13 — or are notified of this by a parent, guardian, or other person — we will promptly delete that child's account and personal data and will not condition deletion on anything further. We do not knowingly collect, use, or disclose personal information from children under 13 in violation of the U.S. Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe a child under 13 has provided us personal data, contact jon.tygart@tygartnexus.com and we will act promptly to delete it.

Teen users (13–17) and parental consent (GDPR Art. 8). Some laws set the age at which a person can consent to the processing of their personal data without parental authorisation higher than 13. In the EU/EEA, GDPR Art. 8 lets member states set that digital-consent age anywhere from 13 to 16, and several states use 15 or 16. Where you are below the applicable digital-consent age in your country, a parent or legal guardian must provide or authorise consent for your use of the App, and must agree to our Terms of Service on your behalf. Parents and guardians may contact us at jon.tygart@tygartnexus.com to review, request deletion of, or withdraw consent for their child's data.

Minor-design and age-appropriate-design laws. Because ChainTale is available to minors, children's-privacy and age-appropriate-design regimes — including COPPA, the UK Age-Appropriate Design Code, and the California Age-Appropriate Design Code — may apply to our service. We aim for high-privacy defaults (no behavioural advertising, no cross-app tracking, data minimisation), but our compliance with these regimes for a minor audience is still being established and has not been reviewed by qualified counsel.

11. How long we keep your data (retention)

Data	Retention
Account data (email, user ID, date of birth)	Retained until you delete the content or your account; deleting your account (`DELETE /v1/profiles/me`) scrubs your PII and takes down your content, and date of birth is deleted (nulled) at that time. Subject to backups and moderation/legal holds.
Video/audio content and derivatives	Retained until you delete the clip or your account; removed when the clip or account is removed, subject to backups and moderation/legal holds
Raw uploads in storage	Raw uploaded source files are retained only as long as needed to process and serve the resulting content
AI prompts & generation records	Retained with the clip and our generation/credits records
Moderation results	Retained with clip/comment metadata while content exists, and for a limited period afterwards for safety/audit
Credits ledger & purchase records	Retained as needed for accounting, fraud prevention, and tax/legal obligations
Push token	Until you disable notifications or your account is removed
Support / DMCA records	Retained as needed to handle disputes and meet legal-hold obligations

[Counsel / Engineering note — verify before publishing.] ChainTale's backend does not currently expose a self-service data-export or account-deletion endpoint (confirmed: there is no GET /v1/profiles/me/export or account-delete route). Until such endpoints exist, deletion and export are handled manually on request to jon.tygart@tygartnexus.com. Do not describe in-app self-service export/delete in this policy or in app metadata until the endpoints are built. Confirm that backups, snapshots, and CDN caches also expire within any stated deletion SLA.

12. Your rights and choices

Depending on where you live, you may have rights to access, export, correct, and delete your personal data, and to object to or restrict certain processing.

Access / export and deletion — ChainTale does not yet provide in-app self-service export or account deletion. To request a copy of your data or deletion of your account, email jon.tygart@tygartnexus.com and we will handle the request manually within the time required by applicable law.
Manage notifications — turn push notifications on/off in your device settings; this revokes notification consent.
Manage purchases / subscription — manage or cancel the Studio Monthly subscription through your Apple ID subscription settings (Apple handles billing and refunds).
Contact us about any privacy request at jon.tygart@tygartnexus.com.

We may need to verify your identity (typically by confirming control of the account email) before acting on a request.

If you are in the EU/EEA or the UK, you have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with your local supervisory authority.

Controller: Tygart Nexus LLC, 200 E Robinson St., Suite 1120, Orlando, FL 32801, United States.
EU/UK representative (Art. 27 GDPR), if appointed: [EU/UK REPRESENTATIVE].
Data Protection Officer, if appointed: [DPO CONTACT].
Legal bases: see Section 4. International transfers: see Section 9.
Automated processing: AI generation (Section 5) and content moderation (Section 7) involve automated processing; contact us to query a moderation decision.

To exercise any right, contact jon.tygart@tygartnexus.com.

14. California residents (CCPA / CPRA)

If you are a California resident, you have the right to know/access, delete, and correct your personal information, to opt out of "sale" or "sharing" (we do not sell or share personal information as those terms are defined, so there is nothing to opt out of), to limit use of sensitive personal information (we do not use it for purposes that trigger this right), and to non-discrimination for exercising your rights.

Categories of personal information collected in the last 12 months map to Section 3 (identifiers; commercial information / purchase history; internet and other usage activity; audio/visual UGC; and account contact data). To exercise these rights, contact jon.tygart@tygartnexus.com. An authorised agent may submit a request with proof of authorisation. We do not sell or share personal information. We do not knowingly sell or share the personal information of consumers under 16; because ChainTale admits users aged 13 and older, the CCPA/CPRA affirmative opt-in rule for minors would apply to any such sale or share — and we conduct none.

15. Security

We protect your data with administrative, technical, and organisational measures, including encryption in transit (HTTPS/TLS), encryption at rest for our database (Amazon RDS) and media storage (Amazon S3) using AWS KMS keys in production, access controls, signed/private content delivery via CloudFront, automated content moderation, and logging. Authentication is handled by Amazon Cognito; we do not store your password.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

16. Changes to this policy

We may update this policy. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you in-app or by email before the changes take effect.

17. Contact

Questions, requests, or complaints: jon.tygart@tygartnexus.com Tygart Nexus LLC, 200 E Robinson St., Suite 1120, Orlando, FL 32801, United States