Privacy Policy

1. Introduction

Welcome to Mythscribe Nexus ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using Mythscribe Nexus, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our service:

• Account Information: Username, email address, and encrypted password
• Profile Information: Display name, bio, location, website URL, and profile picture (if you choose to provide them)
• Library Data: Books, movies, and games you add to your library, including ratings, reviews, and progress tracking
• Gamification Data: XP, levels, achievements, stats, and activity history
• Social Data: Lists you create, reviews you write, and users you follow (when implemented)

2.2 Automatically Collected Information

When you access our service, we automatically collect certain information:

• Log Data: IP address, browser type, operating system, referring URLs, and pages visited
• Usage Data: Features you use, actions you take, and time spent on the service
• Cookies and Similar Technologies: Session cookies for authentication and local storage for theme preferences

2.3 Information from Third-Party Services

We use external APIs to provide media metadata:

• Google Books API: Book metadata including titles, authors, descriptions, and cover images
• TMDb API: Movie and TV show metadata
• IGDB API: Video game metadata

These services may have their own privacy policies. We cache this metadata locally but do not share your personal information with these services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: Enable you to track your media consumption, earn XP, and manage your library
• Personalization: Customize your experience, recommend content, and track your gamification progress
• Communication: Send you account-related emails (verification, password reset, important updates)
• Improve Our Service: Analyze usage patterns to enhance features and fix issues
• Security: Detect and prevent fraudulent activity, abuse, and security incidents
• Legal Compliance: Comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

• Contract Performance: Processing is necessary to provide the service you requested (account creation, library management)
• Consent: You have given explicit consent for specific purposes (e.g., marketing communications)
• Legitimate Interests: Processing is necessary for our legitimate interests (improving service, security) that don't override your rights
• Legal Obligation: Processing is required to comply with laws

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 When We Share Information

We may share your information only in the following limited circumstances:

• Public Profile Information: If you choose to make your profile public, your username, library, and reviews may be visible to other users
• Service Providers: Third-party companies that help us operate our service (hosting, email delivery) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred to the new owner

6. Your Rights (GDPR & CCPA)

6.1 European Users (GDPR Rights)

If you are in the EEA, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

6.2 California Users (CCPA Rights)

California residents have additional rights:

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (note: we don't sell data)
• Right to Non-Discrimination: Equal service regardless of exercising privacy rights

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@mythscribe.com or use the settings page while logged in. We will respond within 30 days.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal compliance (e.g., financial records for tax purposes).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Passwords are hashed using bcrypt; sensitive data is encrypted in transit (HTTPS)
• Access Controls: Limited employee access to personal data on a need-to-know basis
• Regular Security Audits: Periodic reviews and updates of security practices
• Secure Infrastructure: Hosted on secure servers with regular backups

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Ensuring data processors provide adequate protection
• Compliance with Privacy Shield principles (where applicable)

10. Children's Privacy

Mythscribe Nexus is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately, and we will delete it.

11. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (session cookies)
• Preference Cookies: Remember your settings (theme preference via localStorage)
• Analytics Cookies: (If implemented) Help us understand usage patterns

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

12. Third-Party Links

Our service may contain links to third-party websites (e.g., external media sources, creator pages). We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page with an updated "Last Updated" date
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our homepage

Your continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

15. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.