This policy describes what Nightshelf (nightshelf.net) collects, why, and what never happens to your data. The short version: we collect what the service needs to run, we run our own minimal analytics instead of installing trackers, your payment details go to our payment provider rather than to us — and your private stories stay private.
1. What we collect
- Account data. Your email address, a display name if you set one, and — if you sign in with Google — the name and profile picture Google shares. Passwords are stored only as salted hashes.
- Story activity. Your saves: the text of your playthroughs, including what you type into stories, plus the structured state the engine keeps (location, clock, facts) so stories can resume. Stories you create in the workroom are stored with your account.
- Wallet history. An itemized ledger of credit grants and spends (needed for honest billing), including the real computational cost of your turns.
- Feedback. Messages you send through the feedback page, with the contact email you provide.
- Page views. First-party only — see section 3.
2. How your content is processed
Generating a story turn requires sending the relevant context — including text you typed — to third-party AI model providers, routed through OpenRouter, which process it to produce the story’s response. This processing serves your request; we do not use your private story content to train AI models, and we do not permit our sub-processors to use it for training under the terms we rely on.
Private stories stay private. The content of your saves and of stories you keep private is never shown to other users, never published, and never used for model training. Stories you explicitly submit for publication are reviewed by a human before appearing publicly.
3. Analytics without tracking
We run our own first-party page-view counter. It records which page surface was visited and when. For visitors who are not signed in, the visit is attributed to an anonymous identifier derived from your network address and browser through a one-way hash whose key rotates daily — so we can count daily unique visitors, but the identifier cannot be linked across days and your raw IP address is never stored. There are no third-party analytics, no advertising trackers, and no ad SDKs on the site.
4. Cookies
Nightshelf uses only essential cookies: the session cookie that keeps you signed in. There are no advertising or cross-site tracking cookies, which is why the site has no cookie banner.
5. Service providers
We use a small set of infrastructure providers, each receiving only what its role requires:
- Railway — application hosting
- Neon — database hosting (account, saves, ledger)
- Cloudflare — network routing and security in front of the site
- OpenRouter and the AI model providers it routes to — story-turn generation (section 2)
- Resend — transactional email (verification, password reset)
- Paddle — payments, as merchant of record. Checkout happens with Paddle; we receive confirmation of what was purchased but never your full payment details. Paddle’s own privacy policy applies to checkout.
- Google — only if you choose Google sign-in
6. What we never do
- We do not sell your personal data.
- We do not run ads or share data with ad networks.
- We do not train AI models on your private stories.
- Pricing never depends on what you write — there is no content-based price discrimination.
7. Retention and deletion
Your data is kept while your account is active so your shelf and saves persist. You can delete individual saves at any time. To delete your account and its data, ask through the feedback page from the account in question; we will honor the request within 30 days, except records we must keep (for example, purchase records required for tax and accounting).
8. Your rights
Depending on where you live (including under the GDPR and California’s CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Exercise any of these through the feedback page; we honor them for everyone regardless of jurisdiction.
9. Children
Nightshelf is not directed to children and requires users to be at least 18. We do not knowingly collect data from anyone under that age; if we learn we have, we will delete it.
10. Changes
If this policy changes materially, we will announce it on the site before the change takes effect. The date above always reflects the current version.