Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and login)
• Username (optional - you can use a pseudonym)
• Password (encrypted using industry-standard bcrypt hashing)
• Account preferences and settings

1.2 Content You Create

All content is end-to-end encrypted using AES-256 encryption. This includes:

• Stories and text you write or generate
• Audio files you create
• Prompts and creative inputs
• Tags, categories, and organization metadata

Zero-Knowledge Architecture: Encryption keys are stored only on your device. Ollala employees and systems cannot decrypt or access your content.

1.3 Usage Data

We collect anonymous usage analytics to improve the platform:

• Feature usage statistics (which features are most popular)
• Performance metrics (generation speed, error rates)
• Device and browser information (for compatibility)
• IP address (for security and fraud prevention)

Note: We do NOT track the content of your stories or what you create. We only track technical usage patterns.

1.4 Payment Information

Payment processing is handled by Stripe, a PCI-DSS compliant payment processor. We do not store your credit card details on our servers. We receive only:

• Last 4 digits of your card (for billing identification)
• Payment status (successful/failed)
• Billing address (if required by payment processor)
• Transaction history

2. How We Use Your Information

We use collected information for:

2.1 Service Delivery

• Providing AI story generation and voice synthesis services
• Storing your encrypted content securely
• Authenticating your account access
• Processing payments and managing subscriptions

2.2 Platform Improvement

• Analyzing anonymous usage patterns to improve features
• Identifying and fixing technical issues
• Optimizing performance and generation speed
• Developing new features based on user needs

2.3 Communication

• Sending important account notifications (security alerts, payment issues)
• Providing customer support responses
• Optional marketing emails (you can opt-out anytime)

2.4 Security and Fraud Prevention

• Detecting and preventing unauthorized access
• Identifying fraudulent payment activity
• Monitoring for abuse or violations of Terms of Service

3. How We Protect Your Information

3.1 Encryption

• AES-256 encryption: Military-grade encryption for all stored content
• End-to-end encryption: Content encrypted on your device before transmission
• TLS 1.3: All data transmission uses latest encryption standards
• Zero-knowledge architecture: Encryption keys never leave your device

3.2 Infrastructure Security

• Hosted on SOC 2 Type II certified cloud infrastructure
• Regular security audits and penetration testing
• Automated intrusion detection and prevention systems
• 24/7 security monitoring
• Regular security patches and updates

3.3 Access Controls

• Role-based access control for employees (principle of least privilege)
• Two-factor authentication for all staff accounts
• Comprehensive audit logging of all system access
• Background checks for employees with system access

3.4 Data Isolation

Each user's encrypted content is isolated and cannot be accessed by other users or Ollala staff. Even if our systems were compromised, your encrypted content would remain protected.

4. Data Sharing and Disclosure

We never sell your personal data. We may share limited information only in these specific circumstances:

4.1 Service Providers

We use third-party service providers who are bound by strict confidentiality agreements:

• Stripe: Payment processing (PCI-DSS compliant)
• Cloud hosting providers: Infrastructure hosting (SOC 2 certified)
• Email service: Transactional emails only
• Analytics providers: Anonymous usage statistics only

These providers cannot access your encrypted content and receive only minimal data necessary for their services.

4.2 Legal Requirements

We may disclose information if required by law:

• In response to valid legal process (court order, subpoena)
• To protect Ollala's rights and property
• To prevent illegal activity or violations of Terms of Service
• To protect the safety of users or the public

Note: Due to zero-knowledge encryption, we cannot decrypt your content even if legally compelled to do so.

4.3 Business Transfers

If Ollala is acquired or merged with another company, your information may be transferred. You will be notified of any such change, and your encrypted content remains protected under the same privacy standards.

5. Your Rights and Choices

5.1 Access and Control

You have complete control over your data:

• Access: View all your account information and content anytime
• Export: Download all your stories and audio files
• Delete: Permanently delete individual stories or your entire account
• Update: Modify your account information and preferences

5.2 GDPR Rights (European Users)

If you are in the EU/EEA, you have additional rights under GDPR:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing anytime

To exercise these rights, contact us at privacy@gpterotica.com

5.3 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (we never sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

5.4 Marketing Communications

You can opt out of marketing emails anytime by clicking "unsubscribe" in any email or updating your account preferences. You will still receive essential account notifications (security alerts, payment issues).

6. Data Retention

6.1 Active Accounts

Your content and account information are retained as long as your account is active and you maintain a subscription.

6.2 Canceled Accounts

• Grace Period: Content remains accessible for 30 days after cancellation
• After 30 Days: Encrypted content is permanently deleted from our servers
• Account Data: Basic account information retained for 90 days for potential reactivation
• After 90 Days: All account information permanently deleted

6.3 Permanent Deletion

You can request immediate permanent deletion at any time through account settings or by contacting support@gpterotica.com. Deletion is irreversible.

6.4 Legal Requirements

We may retain certain information longer if required by law (e.g., tax records, fraud investigation records).

7. Children's Privacy

Ollala is an adult platform (18+ only). We do not knowingly collect information from anyone under 18 years of age.

If we discover that a user under 18 has created an account, we will immediately terminate the account and delete all associated data.

If you believe a minor has accessed Ollala, please contact us immediately at safety@gpterotica.com

8. International Data Transfers

Ollala operates globally. Your information may be transferred to and processed in countries other than your own, including the United States.

We ensure all international transfers comply with applicable data protection laws:

• EU-US Data Privacy Framework: Certified for EU data transfers
• Standard Contractual Clauses: Used where required by GDPR
• Encryption: All data encrypted regardless of location

Your encrypted content remains protected by AES-256 encryption regardless of physical server location.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

Required for platform functionality (cannot be disabled):

• Authentication cookies (keep you logged in)
• Security cookies (prevent fraud and protect your account)
• Session cookies (maintain your active session)

9.2 Analytics Cookies

Help us understand how users interact with Ollala (can be disabled):

• Anonymous usage statistics
• Feature popularity metrics
• Performance monitoring

9.3 Your Choices

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality. You can opt out of analytics cookies in your account preferences.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

• Email notification to your registered email address
• In-app notification upon next login
• Prominent notice on the website

Continued use of Ollala after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

For privacy-related questions, concerns, or requests, contact us: