Privacy Notice

Date of entry into force: 03.10.2025

Please read this Privacy Notice carefully before using the Website.

This Privacy Notice (hereinafter “Privacy Notice”) constitutes an agreement between PRICKLE LTD, registration number HE 466702, registrered address at A.G. Leventi, 5, THE LEVENTIS GALLERY TOWER, 13th floor, Flat/Office 1301, 1097, Nicosia, Cyprus, (hereinafter – “Storypics.AI”, “We”, “Our”, “Us”) and a capable natural person (hereinafter “User”, “You”, “Your”)and a capable natural person (hereinafter “User”, “You”, “Your”), who uses Our Website and purchases the Products according to the Terms of Use, in regard to Your Personal Data Processing.

You agree that by accessing the Website, using Services and purchasing the Products, You have read, understood, and agreed to be bound by this Privacy Notice. If You do not agree with this Privacy Notice, You are expressly PROHIBITED from accessing the Website, using Services and/or the Products.

Supplemental Terms and Conditions or documents that may be posted on the Website are hereby expressly incorporated herein by reference.

This Privacy Notice is an integral part of the Terms and Conditions.

     I.         Terminology.

• Consent. Any freely given, specific, informed and unambiguous expression of will of the Personal Data Subject, which means his/her consent to the processing of personal data.
• Controller. A natural or legal person who determines the purposes and means of processing personal data.
• Co-controller. A natural or legal person who determines the purposes and means of processing with the controller.
• Data protection authority. A government agency that protects data subjects from unlawful processing.
• Personal Data Subject. An individual whose Personal Data is processed by Storypics.AI or its partners.
• Grounds for processing. One of the grounds specified in the legislation on which the processing of personal data is allowed.
• Personal Data. Any information relating to an identified or identifiable individual. Identification may be by name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• Personal Data Security Breach. A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to Personal Data.
• Data Processing. Any action or set of actions with Personal Data.
• Processor. A natural or legal person who processes Personal Data on behalf of the controller.
• Profiling. Any form of automated processing of Personal Data that involves the use of Personal Data to assess certain personal aspects related to an individual, in particular, to analyse or predict aspects related to that individual’s work, economic status, health, personal preferences, interests, reliability, behaviour, location or movement.
• Third Party. Any person other than the Personal Data Subject, the Controller or Processor and the Data Protection Authority to which the Controller or Processor transfers Personal Data.

Other terms have their meanings in the Terms and Conditions and Cookie Notice.

   II.         Information about the Controller.

• The controller of the processing of Personal Data on the Website is PRICKLE LTD, registration number HE 466702, registrered address at A.G. Leventi, 5, THE LEVENTIS GALLERY TOWER, 13th floor, Flat/Office 1301, 1097, Nicosia, Cyprus

 III.         Personal Data.

This section describes what Personal Data is collected and processed by Storypics.AI. Data is collected based on the information you provide and automatically when you use our Website.

Storypics.AI may collect the following information about you for the following purposes:

Identification data:

• Full name of the Personal Data Subject: Collected to create and personalise your account.
• Email: Used for authentication, communication and sending information materials with the user’s consent.

Account details:

• Google-avatar (profile photo in your Google account) and Google account name: Automatically imported when you sign up with a Google account.

Data on the use of the Website:

• Activity data: The actions of the Personal Data Subject on the Website are recorded, including the start and end time of the session, clicks, and page views.

Financial information:

• Payment information: Collected for payment processing and billing purposes, including information about payment methods used.

Data for advertising and marketing:

• Data about user preferences: Collected to customise targeted advertising.
• Country of location, city: Collected for the purposes of local marketing initiatives.

Data on interaction with support:

• Technical support requests: Any information provided by the Personal Data Subject in connection with the use of the Platform and directed to Storypics.AI representatives for technical support.

Storypics.AI does not use any data in its activities or processing:

• Personal Data of children. We do not process Personal Data of people under the age of 18.
• Profiling: Automatic decisions. We do not use profiling to process Personal Data Subjects.
• Sale of Personal Data: We do not sell Personal Data of Personal Data Subjects.

 IV.         Sources of data collection

• Directly from Personal Data Subjects: The primary source of data collection is the Personal Data Subject when they submit information through the Website, fill out forms or communicate with our support team.
• Automatically when using the Website: We automatically collect data about the Personal Data Subject’s activity on the Webs
• Other sources: In some cases, we may receive data from Personal Data Subjects from third parties, such as payment service providers or marketing partners with whom we have previously interacted.

   V.         Processing of Personal Data

Storypics.AI processes Personal Data on the following legal bases:

• Consent: Where the Personal Data Subject has given his or her explicit consent to the processing of his or her Personal Data.
• Performance of a contract: Processing is necessary for the performance of a contract to which the Personal Data Subject is a party or to take steps at the request of the Personal Data Subject prior to the conclusion of such a contract.
• Legal obligations: Processing is necessary to comply with legal obligations imposed on Storypics.AI.
• Legitimate interest: The processing is necessary for the legitimate interests of Storypics.AI or third parties, provided that these interests do not override the rights and interests of the Personal Data Subject.

We use your Personal Data to operate our Website properly and provide services.

 VI.         Processors and co-controllers

• Processors. Storypics.AI may engage third-party companies to act as processors of your Personal D These processors provide services such as hosting, payment processing, technical support, analytics and other operations necessary for the operation of our Website and the provision of the Services.
• Co-Controllers. In some cases, Storypics.AI may work with organisations or companies that jointly determine the purposes and means of processing Personal Data with us. In such cases, we act as a co-controller with these organisations.
• Cross-border data transfers. Storypics.AI transfers Personal Data only to countries that provide adequate data protection as determined by the European Commission.
• Ensuring data protection. Storypics.AI takes all necessary technical and organisational measures to ensure the protection of Personal Data transferred to processors or co-controllers. We regularly conduct security assessments and monitor compliance with data protection policies.

Storypics.AI reserves the right to transfer the Personal Data of the Data Subject to other Processors when necessary to provide Services and operate the Website or the Platform.

VII.         Advertising and marketing:

• Consent to receive marketing materials. Storypics.AI may send you marketing communications, promotional materials and information about new products or services only if we have your prior consent. You have the right to grant or withdraw your consent to receive such materials at any time.
• Personalised advertising. AI may use your Personal Data to customise and personalise marketing materials according to your preferences and interests. This includes analysing your interactions with our Website, your account and other information that helps us offer you relevant content.
• Right to opt-out. You have the right to withdraw from receiving marketing communications at any time by contacting us via the contact details provided. Withdrawal of your consent to receive marketing communications does not affect the processing of data that was carried out prior to the withdrawal of consent.
• Retargeting. Storypics.AI may use retargeting technologies to show you ads on third-party websites based on your activity on our Webs This may involve the use of cookies and other technologies that collect information about your online activities.
• Marketing Platforms. AI may partner with third-party marketing platforms, such as social media or advertising networks, to deliver targeted advertising to you. These platforms may collect and use your data in accordance with their privacy policies.
• Analysing marketing effectiveness. AI may use your data to analyse the effectiveness of our marketing campaigns, including to measure the success of our advertising, identify our audience, and improve our marketing strategies

Duration. We process your Personal Data until you withdraw your consent or exercise your right to object.

VIII.         Processing time of Personal Data

• AI retains Personal Data only for the period necessary to fulfil the purposes for which it was collected or as required by applicable law. Upon expiry of this period, the data will be deleted or anonymised, unless otherwise required by law.
• Personal Data shall be processed in a form that allows for the identification of an individual to whom it relates for no longer than is necessary for the legitimate purposes for which such data was collected or processed.

Retention periods for data associated with the account:

• All data related to your account, including registration, usage, account settings and payment processing, will be retained indefinitely until your account is deleted.
• After deleting an account, all data associated with it will be deleted 15 calendar days after the account is deleted.

Retention periods for other data

• We will retain your Personal Data for the period necessary to resolve your request and provide appropriate support in accordance with our contractual obligations. Once the request has been resolved, if there is no further need to retain the data, it will be deleted unless we are legally obliged to keep it.
• Other data is stored indefinitely, but in accordance with the requirements of the current Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

Deleting data:

• Upon expiry of the storage period or at the request of the user, Storypics.AI deletes or anonymises Personal Data in accordance with internal policies and procedures.

 IX.         Transfer of Personal Data:

• General rules. We may transfer your Personal Data to Processors, Co-Controllers and Third Parties on a lawful basis, by court order or by decision of another governmental authority.
• Transfer in specific situations. By default, we may transfer your Personal Data to countries designated by the EU Commission as providing an adequate level of protection for Personal Data in whole or in part, or in specific situations.
• Cross-border data transfers. Storypics.AI transfers Personal Data to countries that provide an adequate level of data protection, including the European Union and the United States of America. Data transfers to the United States are subject to the requirements set forth in international agreements and European Court of Justice rulings, such as the Privacy Shield, or other applicable mechanisms that ensure an adequate level of data protection.
• Ensuring security. Storypics.AI takes all necessary technical and organisational measures to ensure the protection of Personal Data during its transmission, including data encryption, use of secure communication channels and compliance with confidentiality requirements.

   X.         Your rights:

• The right to access Personal Data. You can obtain confirmation of whether Personal Data related to you is being processed.
• Right to rectification. You can correct your Personal Data if it has been changed or incorrectly provided.
• The right to delete. You can delete your personal data.
• The right to restrict data processing. You may temporarily restrict the processing of Personal Data.
• The right to data portability. You may receive Personal Data in human-readable and machine-readable formats for transfer to another Controller.
• Right to object. You may object to the processing of your Personal Data on the basis of legitimate interest.
• Profiling. You have the right not to be subject to a decision based solely on automated data processing.
• The right to protection of rights. You may pursue legal remedies and apply to a data protection authority or a court of law to complain about the processing of your Personal Data.
• The right to withdraw consent. You may withdraw your consent if we process Personal Data based on it.
• The right to receive information. You have the right to receive information about the conditions for granting access to Personal Data, including information about third parties to whom Personal Data is transferred.
• The right to information about sources. You have the right to receive information about the sources of collection, the location of your Personal Data, the purpose of its processing, the location or domicile of the controller or processor of Personal Data.
• Exercising your rights. You can contact us to exercise your rights using the contact details provided in this Privacy Notice.

 XI.         Protection of Personal Data:

• Technical security measures. Storypics.AI implements state-of-the-art technical measures to ensure the security of Personal Data processed on our platform. This includes data encryption, the use of secure data transfer protocols (SSL/TLS), multi-factor authentication for account access, and continuous network monitoring for threats.
• Organisational security measures. We have organisational measures in place to ensure confidentiality and data protection, such as restricting access to data to only those employees who need it to perform their duties, conducting regular cybersecurity training for staff, and developing data protection policies and procedures.
• Internal audits and risk assessments. We conduct regular internal audits and risk assessments to ensure that our data protection processes comply with legal requirements and best practices. Any identified threats or vulnerabilities are addressed immediately.
• In the event of a breach of Personal Data protection, Storypics.AI has a clearly defined action plan, which includes immediate notification of the affected Personal Data Subjects and relevant regulatory authorities, as well as measures to minimise the consequences of the breach.

XII.         Notification of a breach of Personal Data security:

Notification of Personal Data Protection Authorities.

We will notify the relevant Personal Data Protection Authority within 10 business days after we become aware of a Personal Data security breach and provide the following information:

• The nature of the data leak;
• Name and contact details of the responsible person from whom more information can be obtained;
• Description of the possible consequences of a data breach;
• A description of the measures we have taken or proposed to take to remediate the breached data.

Notification of Personal Data Subjects.

If a breach of Personal Data security may lead to a violation of your rights and freedoms, we immediately notify the Personal Data Subject of the fact of a breach of Personal Data security and provide the following information:

• The nature of the Personal Data security breach;
• Name and contact details of the responsible person from whom more information can be obtained;
• Description of the possible consequences of a breach of Personal Data security;
• A description of the measures we have taken or proposed to take to address the breach of Personal Data security;
• Recommendations and tips to help the Personal Data Subject reduce the risks of a Personal Data security breach.

XIII.         Contact information:

• To contact us. You can contact us with any questions regarding your Personal Data or file a complaint by sending an email to our email address: [email protected]. We will respond as soon as possible, up to 30 calendar days from the date of receipt of the request or complaint.
• To contact our Co-Controllers. You can send an enquiry or submit a complaint to our Co-Controllers using the available means of communication on their websites.
• To contact the Personal Data Protection Authorities. You can send us a request regarding your Personal Data or file a complaint to the relevant Data Protection Authority of your country. The timing and procedure for responding depends on the internal policies of the Personal Data Protection Authorities.

XIV.         Other conditions:

• Effective Date. This version of the Privacy Notice is effective as of the above effective date.
• Changes. We may make changes to this Privacy Notice from time to time without your consent. The new version comes into force from the moment it is published on the Website.
• Applicable law. This Privacy Notice shall be interpreted in accordance with the laws of Cyprus, taking into account the provisions of the European Union General Data Protection Regulation.
• Language. This Privacy Notice may be available in several languages for the convenience of the Users. In case of any discrepancies between versions in different languages, the English version shall prevail.