Privacy Policy

2.1 Personal Information You Provide

We may collect personal information that you voluntarily provide when you:

• Register for an Account — Name, email address, username, password
• Subscribe to Packages — Email address, domain name, payment information
• Contact Us — Name, email address, phone number, message content
• Subscribe to Newsletters — Email address, communication preferences
• Participate in Surveys or Promotions — Demographic information, preferences, feedback

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing behavior:

• Log Data — IP address, browser type and version, operating system, referral URLs, pages viewed, time spent, access times and dates
• Cookies and Tracking Technologies — Information about your browsing behavior through cookies, web beacons, and similar technologies (see Section 5)
• Device Information — Device type, screen resolution, device identifiers
• Analytics Data — User behavior, session duration, bounce rates, conversion metrics

2.3 Payment Information

When you purchase subscription packages, we collect:

• Billing Information — Name, billing address, email address
• Payment Data — Credit card information or payment processor details, processed securely through third-party payment processors

2.4 Plugin Usage Data

When you install and use the AI Story Maker WordPress plugin, we may collect:

• Domain Information — Your WordPress site domain
• Subscription Status — Package type, credits remaining, subscription expiration
• Usage Metrics — Number of stories generated, API calls made, feature usage

2.5 Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at automattic.com/privacy. After approval of your comment, your profile picture is visible to the public in the context of your comment.

2.6 Media Uploads

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

2.7 Contact Forms

When you submit a contact form on our website, we collect your name, email address, and message content. We retain contact form submissions for up to 12 months for customer service purposes. We do not use the information submitted through contact forms for marketing purposes unless you have separately opted in.

2.8 Embedded Content from Other Websites

Articles and pages on this site may include embedded content (e.g. videos, images, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website directly. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including if you have an account and are logged in to that website.

3.1 Service Provision

• Provide, operate, and maintain our website and plugin services
• Process subscriptions and manage user accounts
• Deliver purchased packages and credits
• Provide customer support and respond to inquiries
• Send transactional emails — order confirmations, subscription updates, technical notices

3.2 Service Improvement

• Analyze usage patterns to improve website functionality and user experience
• Develop new features and services
• Conduct research and analytics
• Perform testing and troubleshooting

3.3 Marketing and Communication

• Send promotional emails, newsletters, and marketing materials (with your consent)
• Notify you about new features, updates, and special offers
• Conduct surveys and collect feedback
• Display personalized advertisements

3.4 Security and Compliance

• Monitor and prevent fraudulent activities
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests
• Protect the rights, property, and safety of our users and third parties

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us improve your browsing experience and provide personalized services.

5.2 WordPress Cookies

Our website runs on WordPress, which sets the following cookies:

Comment Cookies

If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies for convenience so you do not have to fill in your details again. These cookies last for one year.

Login & Session Cookies

• Browser check cookie — Set temporarily on the login page to determine if your browser accepts cookies. Contains no personal data; discarded when you close your browser.
• Login cookies — Set when you log in to save your login information. Last for two days.
• Screen options cookies — Save your screen display choices. Last for one year.
• “Remember Me” cookie — If selected at login, your session persists for two weeks.
• Post edit cookie — Saved when you edit or publish an article. Contains only the post ID (no personal data). Expires after one day.

Analytics Cookies (Optional)

• Google Analytics — Track website usage, visitor demographics, and behavior patterns
• Heatmaps (Hotjar) — Understand how users interact with our pages

Marketing Cookies (Optional)

• Social Media — Enable social sharing features and track performance
• Retargeting — Show relevant ads to previous website visitors

5.3 Managing Cookies

You can control cookie settings through your browser preferences. However, disabling essential cookies may affect website functionality.

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Options → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Privacy → Cookies

6.1 Third-Party Service Providers

6.2 Plugin Integration Services

The AI Story Maker plugin integrates with external APIs:

• OpenAI — AI content generation
• Unsplash — Royalty-free image retrieval
• Social Media Platforms — Facebook, Twitter/X, LinkedIn, Instagram (when configured)

Please refer to their respective privacy policies for information about how they handle your data.

6.3 Spam Detection

Visitor comments may be checked through an automated spam detection service. Comment data (including email address hash, IP address, and message content) is submitted to the spam filter to determine whether the comment should be approved.

6.4 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or to comply with legal processes, enforce our Terms of Service, protect our rights and safety, or prevent fraud or illegal activities.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your rights regarding your personal information.

7.1 Technical Safeguards

• SSL/TLS Encryption — All data transmitted between your browser and our servers is encrypted using industry-standard SSL certificates
• Secure Databases — Encrypted storage of sensitive information
• Regular Security Audits — Periodic vulnerability assessments and penetration testing
• Firewall Protection — Network-level security to prevent unauthorized access

7.2 Administrative Safeguards

• Access Controls — Limited employee access to personal data on a need-to-know basis
• Employee Training — Regular security awareness and privacy training
• Vendor Management — Strict agreements with third-party service providers

7.3 Physical Safeguards

• Secure Data Centers — Third-party hosting in secure, monitored facilities
• Backup Systems — Regular automated backups with encryption

7.4 Data Breach Procedures

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by applicable law)
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Document all breaches internally, including facts, effects, and remedial actions taken

To report a suspected security vulnerability or data breach, please contact privacy@exedotcom.ca immediately.

8.1 Retention Periods

8.2 Data Deletion

You can request deletion of your personal information at any time, subject to legal retention requirements. See Section 9 for details on how to submit a request.

9.1 General Rights (All Users)

9.2 Additional Rights for EEA/UK Residents (GDPR)

• Right to Restrict Processing — Limit how we use your personal information
• Right to Object — Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent — Withdraw consent for processing that requires it
• Right to Lodge a Complaint — File a complaint with your local data protection authority

9.3 Additional Rights for California Residents (CCPA)

• Right to Know — Request disclosure of categories and specific pieces of personal information collected
• Right to Delete — Request deletion of personal information (with certain exceptions)
• Right to Opt-Out — Opt-out of the sale of personal information. Note: we do not sell personal information.
• Right to Non-Discrimination — Equal service regardless of exercising privacy rights

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us through one of the following channels. We will respond within 30 days, or as required by applicable law.

11.1 Data Transfer Locations

Our servers and service providers may be located outside your jurisdiction. When you use our services, your information may be transferred to:

• Canada — Primary business operations
• United States — Cloud hosting and third-party services
• European Union — CDN and hosting services

11.2 Safeguards

• Standard Contractual Clauses — EU-approved data transfer agreements
• Privacy Shield — Compliance with applicable frameworks where applicable
• Adequate Protection — Transfers only to countries with adequate data protection laws

14.1 Notification of Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Effective Date” at the top of this policy
• Notify you via email (for registered users)
• Display a prominent notice on our website
• Request your consent if required by law

14.2 Review Responsibility

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.