← Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to Sekaiko ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you understand how we collect, use, store, and protect your personal information. This Privacy Policy explains our practices regarding data collection and use when you access and use Sekaiko, an AI-assisted fiction writing platform.

By using our service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth authentication, we collect:

  • Email address (from your Google account)
  • Name (display name from your Google account)
  • Profile picture URL (from your Google account)
  • Google account identifier (used for authentication)
  • Account creation and last login timestamps

2.2 User-Generated Content

We collect and store all content you create and upload to Sekaiko, including:

  • Fictional universes, characters, places, items, projects, and scenes
  • Text content, descriptions, and story content
  • Media files: images, videos, and audio files you upload or generate
  • Custom prompts and prompt libraries
  • Custom voice configurations
  • Video editing data (cuts, timelines, final exports)
  • Character conversations and messages

2.3 Usage and Analytics Information

We automatically collect information about how you use the service, including:

  • Token usage and AI generation operations (text, image, video, audio generation)
  • API requests and responses
  • Feature usage statistics
  • Error logs and debugging information
  • Device information (browser type, operating system, IP address)
  • Access timestamps and session duration

2.4 Payment Information

When you purchase tokens, payment information is processed by third-party payment providers (Stripe, PayPal). We do not store your full payment card information. We do collect:

  • Transaction IDs and amounts
  • Token purchase history
  • Token balance information

2.5 Social Media Integration Information

If you connect your social media accounts (YouTube, TikTok), we collect:

  • Platform account IDs and usernames
  • Access tokens and refresh tokens (encrypted and stored securely)
  • OAuth scope permissions granted
  • Sharing activity and post metadata

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the service: Store your content, enable AI generation features, and ensure service functionality
  • Process AI generation requests: Send your prompts and content to AI service providers to generate text, images, videos, and audio
  • Manage your account: Authenticate you, manage account settings, and track token usage
  • Enable social media sharing: Connect with your social media accounts and post content on your behalf when requested
  • Improve the service: Analyze usage patterns, identify bugs, and develop new features
  • Provide customer support: Respond to your inquiries and troubleshoot issues
  • Ensure security: Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations: Meet legal requirements and respond to legal requests

4. Third-Party Services and Data Sharing

Sekaiko integrates with various third-party services to provide functionality. We share information with these services as necessary:

4.1 Authentication Services

Google OAuth:We use Google OAuth for user authentication. Google receives your authentication request and provides us with your email, name, and profile picture. Your use of Google OAuth is subject to Google's Privacy Policy.

4.2 AI Service Providers

To generate content, we send your prompts, User Content, and generation parameters to third-party AI providers. Each provider processes data according to their own privacy policies:

  • OpenAI: Processes text generation requests
  • Replicate: Processes text, image, video, and audio generation requests
  • Fal AI: Processes image, video, audio, and voice generation requests
  • Google (Gemini API): Processes text generation requests

These providers may retain prompts and generated content for service improvement and compliance purposes as outlined in their respective privacy policies. We recommend reviewing their privacy policies for more information.

4.3 Storage Services

Cloudflare R2:We store media files (images, videos, audio) in Cloudflare R2 object storage. Files are stored in geographic regions determined by Cloudflare. Cloudflare's Privacy Policy governs their handling of stored data.

PostgreSQL Database: Your account information, User Content metadata, and structured data are stored in PostgreSQL databases hosted by cloud providers. Data is backed up regularly and encrypted at rest.

Redis Cache: We use Redis for caching to improve service performance. Cached data includes temporary session information and frequently accessed data. Cached data may be stored in memory or persistent storage.

4.4 Social Media Platforms

When you connect social media accounts or share content:

  • YouTube: We use YouTube API to upload and manage videos. Your use of YouTube integration is subject to YouTube's Terms of Service and Privacy Policy.
  • TikTok: We use TikTok API to upload and manage videos. Your use of TikTok integration is subject to TikTok's Terms of Service and Privacy Policy.

We store encrypted access tokens to enable API access. You can revoke access at any time through your account settings or through the respective platform's settings.

4.5 Payment Processors

Stripe and PayPal: Payment processing is handled by Stripe and PayPal. These providers collect and process payment information according to their privacy policies. We do not receive or store your full payment card information.

4.6 Service Providers

We may share information with service providers who perform services on our behalf, such as:

  • Hosting and infrastructure providers
  • Analytics and monitoring services
  • Customer support platforms
  • Email delivery services

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to manage sessions and improve your experience:

5.1 Session Management

NextAuth.js Session Cookies: We use NextAuth.js to manage user authentication sessions. Session cookies store encrypted session information and authentication tokens. These cookies are essential for the service to function.

5.2 Authentication Tokens

JWT Tokens:We use JSON Web Tokens (JWT) for backend authentication. Tokens are stored in your browser's local storage or session storage and are sent with API requests to authenticate you.

5.3 Functional Cookies

We use cookies for:

  • Maintaining your login session
  • Storing user preferences (theme, language)
  • Tracking feature usage for service improvement

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the service.

6. Data Storage and Security

6.1 Data Storage Locations

Your data may be stored in data centers located in various geographic regions:

  • PostgreSQL databases: Cloud-hosted databases with geographic distribution
  • Cloudflare R2: Media files stored in Cloudflare's global network
  • Redis cache: Cached data may be stored in various regions
  • AI service providers: Data processed in regions determined by each provider

6.2 Security Measures

We implement reasonable security measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest (access tokens, passwords)
  • Authentication and authorization controls
  • Regular security audits and vulnerability assessments
  • Secure API endpoints with rate limiting
  • Access logging and monitoring

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention and Deletion

7.1 Account Data

We retain your account information and User Content for as long as your account is active and as needed to provide the service. If you delete your account, we will:

  • Delete or anonymize your account information within 30 days
  • Delete your User Content and media files from our storage systems
  • Disconnect your social media account integrations
  • Delete cached data associated with your account

Some information may be retained longer if required by law or for legitimate business purposes (e.g., transaction records for accounting purposes).

7.2 AI Service Provider Retention

AI service providers may retain prompts and generated content according to their own data retention policies. We do not control how long these providers retain your data. Please review their privacy policies for information about data retention and deletion.

7.3 Backups

Deleted data may remain in backups for a limited period. Backups are retained for disaster recovery purposes and are deleted according to our backup retention schedule, typically within 90 days.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to:

  • Access your personal information and User Content
  • Request a copy of your data in a portable format
  • View your token usage and transaction history

8.2 Correction and Updates

You can update most of your information through your account settings. For account information managed by Google OAuth, you must update it through your Google account.

8.3 Deletion

You have the right to request deletion of your personal information and User Content. You can:

  • Delete individual content items through the service interface
  • Delete your entire account and all associated data
  • Request deletion by contacting us

8.4 Data Processing Restrictions

You may have the right to object to or restrict certain processing of your personal information. However, some processing is necessary to provide the service, and restricting it may limit your ability to use certain features.

8.5 Opt-Out Rights

You can:

  • Disconnect your social media accounts at any time
  • Disable cookies through your browser settings
  • Request to opt out of certain data processing activities (where applicable)

To exercise these rights, please contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request within 30 days, subject to applicable law.

9. International Data Transfers

Sekaiko operates globally and may transfer your information to countries other than your country of residence. Your information may be processed and stored in:

  • The United States (where our primary servers are located)
  • European Union countries (for EU data processing)
  • Other countries where our service providers operate

These transfers are necessary to provide the service. We ensure that appropriate safeguards are in place to protect your information, including:

  • Standard contractual clauses for data transfers
  • Compliance with applicable data protection laws
  • Working with service providers that meet international data protection standards

By using the service, you consent to the transfer of your information to these countries.

10. Children's Privacy

Sekaiko is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. We will work with you to address your concerns and delete any information collected from children under 13.

For users between 13 and 18 years of age (or the age of majority in your jurisdiction), we recommend obtaining parental or guardian consent before using the service. Parents and guardians are responsible for supervising their children's use of online services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by:

  • Email (sent to the email address associated with your account)
  • Posting a notice on the service
  • Updating the "Last updated" date at the top of this Privacy Policy

Material changes will become effective thirty (30) days after such notice. Your continued use of the service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: [Your Contact Email]
Website: [Your Website URL]

For privacy-related inquiries, please use the subject line "Privacy Inquiry" to help us respond more quickly.

If you are located in the European Economic Area (EEA) or United Kingdom, you may also have the right to lodge a complaint with your local data protection authority.

By using Sekaiko, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.