Privacy Policy

Last updated: April 27, 2026

1. Introduction

Welcome to Nightscribe. Your privacy is important to us, and we are committed to handling your personal data with care and transparency.

This Privacy Policy explains what personal data we collect, how and why we use it, how long we retain it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable privacy laws.

2. Who We Are (Data Controller)

Nightscribe is operated by:

  • Legal entity: Zunless, a sole proprietorship registered in the Netherlands, operating under the trade name Nightscribe

  • Country of establishment: The Netherlands

  • Contact email: [email protected]

Zunless acts as the data controller as defined under the GDPR.

We have not appointed a Data Protection Officer (DPO), as we are not legally required to do so. For any privacy-related questions or requests, you may contact us using the details above.

3. Personal Data We Collect

We only collect personal data that is necessary to operate the Nightscribe platform, provide its features, and comply with legal obligations.

3.1 Account & Profile Information

  • Email address

  • Username and display name

  • Avatar image

  • Profile description (bio)

  • Social media links

3.2 Authentication Data

  • Encrypted password (email/password accounts)

  • OAuth data when signing in via Google:

    • Email address

    • Name

    • Provider user ID

3.3 User-Generated Content

  • Stories and story drafts

  • Comments

  • Likes, ratings, follows, and favorites

  • Story lists and tags

  • Story cover images and avatar images

  • Narrations

  • Report messages and contact submissions

3.4 Technical & Usage Data

  • IP address

  • Browser type and version

  • Device and operating system information

  • Log files (access and error logs)

  • Timestamps of actions (e.g. login, publishing, interactions)

3.5 Notifications & Communication

  • Email notification preferences

  • In-app notifications

  • Push notification tokens (Firebase Cloud Messaging / Apple Push Notification service)

4. How and Why We Use Your Data (Legal Basis)

We process personal data only when legally permitted, based on the following grounds:

Performance of a Contract

  • Creating and managing user accounts

  • Enabling publishing, reading, and interaction features

  • Delivering service-related notifications

Legitimate Interests

  • Maintaining platform security and preventing abuse

  • Moderating content and enforcing community rules

  • Improving the Service through anonymized analytics

We carefully balance these interests against your privacy rights.

Consent

  • Sending marketing or promotional communications (if enabled)

  • Introducing optional future features such as advertising or paid subscriptions

You may withdraw your consent at any time.

Legal Obligations

  • Complying with applicable laws

  • Responding to lawful requests from authorities

5. Cookies & Tracking Technologies

This section applies to both the Nightscribe website and our mobile applications.

Nightscribe uses first-party cookies only, which are necessary for the Service to function correctly.

5.1 Cookies We Use

  • Session cookies (to maintain logged-in sessions)

  • Authentication cookies (to secure account access)

  • CSRF cookies (to protect against malicious requests)

  • Preference cookies (to remember user settings)

These cookies are essential and cannot be disabled without affecting core functionality.

5.2 Analytics

We use self-hosted Matomo analytics with privacy-friendly settings:

  • IP anonymization enabled

  • No cross-site tracking

  • No data sharing with third parties

  • Analytics data retained for 24 months

Analytics are processed based on our legitimate interest in improving the Service. No advertising or profiling cookies are used.

5.3 Affiliate Links

Some links on Nightscribe are affiliate links (for example, links to Amazon). If you click these links, you will be redirected to third-party websites.

These third-party websites may use their own cookies or tracking technologies to track purchases and attribute commissions. This tracking occurs outside of Nightscribe and is governed by the respective third party’s own privacy policies.

Nightscribe does not control and is not responsible for the data collection practices of these external websites.

6. Data Sharing & Third Parties

We do not sell personal data and do not allow third parties to use your data for their own marketing purposes.

However, Nightscribe may contain affiliate links to third-party websites (such as Amazon). When you follow these links, you interact directly with those third parties under their own terms and privacy policies.

We only share personal data with trusted service providers acting as data processors, where necessary to operate Nightscribe. These include:

  • Hosting: Hetzner

  • Email delivery: Mailcoach

  • Push notifications: Google Firebase

  • Error tracking: Sentry

  • AI content analysis: Copyleaks

7. International Data Transfers

Some service providers may process data outside the European Economic Area (EEA).

Where applicable, we rely on vendor GDPR commitments and appropriate contractual safeguards, such as Standard Contractual Clauses.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy.

  • Account deletion:

    • When you delete your account, it enters a pending deletion period of 14 days

    • During this period, your account and content are inaccessible

    • After deletion, stories, comments, and personal content are permanently removed

    • Encrypted residual data may remain in backups for up to 3 months, after which it is irreversibly deleted

  • Log files: retained for up to 3 months

  • Backups: retained for up to 3 months

  • Analytics data: retained for 24 months (anonymized)

9. Your Privacy Rights

Under the GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion of your data

  • Restrict or object to certain processing

  • Withdraw consent at any time

  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

You can exercise these rights by contacting us via email or our contact form. We may request verification of your identity before processing your request.

10. Children's Privacy

Nightscribe is not directed at children and is intended only for users aged 16 and older.

If we discover that a user is under the age of 16:

  • Their account will be terminated

  • Associated personal data will be deleted

11. Moderation & Platform Integrity

We manually moderate content to enforce community guidelines and maintain platform safety and integrity.

Content may be removed if it violates our rules or applicable law.

12. Future Features

Some features described below are not yet active and may be introduced in the future, such as:

  • Advertising

  • Paid subscriptions

Any new data processing related to these features will be clearly communicated, and consent will be requested where legally required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the email address associated with your account.

14. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at:

Email: [email protected]