Privacy
Last updated: 2026-07-09
What we collect
- Account data: email, authentication identifiers, and profile fields (username, display name, avatar selection, bio).
- Content: stories, branches, frames, and associated generated assets (text, images, audio). Private unless published.
- Usage & billing: generation counts, public view/copy counts, credits, plan status, and Stripe subscription/payment metadata.
- Device & telemetry (minimal): timestamps, coarse IP (for abuse prevention), and basic event logs to enforce fair use. No third‑party ad tracking.
How we use data
- Authenticate you and maintain your session.
- Store and render your stories, including private storage via signed URLs.
- Enforce free limits, credit packs, and premium subscriptions.
- Operate social features (likes, comments) on published stories with basic moderation.
- Protect the service against abuse and fraud.
Where your data lives
- Database & auth: Supabase (Postgres + Auth). RLS policies limit access to your own data by default.
- Media storage: Supabase Storage (private buckets). Accessed via short‑lived signed URLs.
- Payments: Google Play and Stripe processes payments; we never store card numbers on our servers.
- AI providers: Google AI Studio (Gemini/Imagen), Seedream 4.5 and Google Cloud TTS process prompts/content to generate outputs, with more being added in the future.
Data sharing
We do not sell your personal information. We share data only with processors necessary to provide the service (Supabase, Stripe, AI providers) under their terms. Public content you choose to publish is visible to everyone.
Connected social accounts
When you choose to connect a social account, Myria uses OAuth permissions granted by that platform. We never receive or store your social-account password.
- Data stored: encrypted access and refresh tokens, token expiry and granted scopes, basic account identity, and analytics snapshots that the granted permissions allow.
- Permissions may include YouTube upload/read access; X profile, read, media, and post access; TikTok basic profile, video list, draft upload, and direct publish access; and Instagram business profile, insights, and content-publish access. Myria requests only permissions approved for the current integration stage.
- Use: to display the connected identity, provide channel analytics and recommendations, and publish content only after you manually confirm a post or explicitly enable auto-publishing for an automation.
- Sharing: social-account data is sent only to the corresponding platform API as needed to perform an action you requested. We do not sell this data.
- Retention: connection data remains until you disconnect the account or delete your Myria account. Disconnecting revokes the provider token where supported and deletes the encrypted tokens, profile details, and cached analytics stored with that connection. Posts already published remain subject to the social platform’s own controls.
Retention
- Account and stories persist until you delete your account or content.
- Billing records are retained as required by law.
- Abuse and security logs are kept for a limited period.
Your rights
- Access, update, or delete profile data in the app.
- Delete stories you own at any time.
- Request account deletion via support; we will remove your personal data unless retention is required by law.
Cookies
We use essential cookies/session storage to keep you logged in and operate features. No third‑party advertising cookies.
Children
The service is not directed to children under 13 (or minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take steps to delete the information.
Changes
We may update this policy. Material changes will be indicated by updating the date above.
Contact
Questions or requests: myriastory@outlook.com