Skip to main content
Legal

Privacy Policy

How we collect, use, and protect your personal information

Last updated: March 2026

Introduction

Welcome to Mythopia ("we", "us", or "our"). We operate the website https://mythopia.io - a cultural preservation platform dedicated to African oral traditions, myths, and folklore.

This Privacy Policy explains what personal information we collect when you use our platform, how we use it, who we share it with, and the choices you have. By using Mythopia you agree to the practices described here. If you do not agree, please discontinue use of the platform.

Information We Collect

Account Information

When you register for an account, we collect your email address and a display name through our authentication provider (Keycloak). We do not store passwords directly - authentication is handled securely by our identity service at auth.mythopia.io.

Content You Submit

When you create a story, post a comment, or submit a like, that content is stored on our servers. Story content, comments, and author names are publicly visible to all visitors unless otherwise stated.

Usage Data

We automatically collect certain information when you interact with our platform, including:

  • Pages visited and features used
  • Time spent on pages
  • Referring URLs
  • Browser type, device type, and operating system
  • IP address (anonymised for analytics)

Cookies and Tracking Technologies

We use cookies and similar technologies to operate the platform and measure performance. These include session cookies for authentication, analytics cookies (Google Analytics), and advertising cookies (Google AdSense). You can manage cookie preferences through your browser settings; however, disabling certain cookies may affect platform functionality.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Mythopia platform
  • Authenticate your identity and manage your account
  • Display your published stories and comments to other users
  • Enable social features such as likes and comments
  • Analyse how visitors use the platform to improve our content and user experience
  • Serve contextually relevant advertisements through Google AdSense
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with our legal obligations
  • Respond to your enquiries sent to [email protected]

We do not sell your personal information to third parties. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

Third-Party Services

We integrate with third-party services to operate the platform. Each has its own privacy policy and data practices:

ServicePurposeData Shared
Google AnalyticsUsage analyticsAnonymised usage data, device info
Google Tag ManagerAnalytics tag managementPage URL, event data
Google AdSenseDisplay advertisingIP address, cookie identifiers
Spotify EmbedPodcast audio playerIP address when player loads
Google FontsTypographyIP address on font request
Keycloak (auth.mythopia.io)User authenticationEmail, display name

We encourage you to review the privacy policies of these providers for full details on how they handle your data.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the platform. Specifically:

  • Account data - retained until you request deletion of your account.
  • Stories and comments - retained indefinitely unless you request removal, as they form part of our cultural archive.
  • Analytics data - retained per Google Analytics' default retention settings (14 months for user-level data).
  • Server logs - retained for up to 90 days for security and debugging purposes.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - request correction of inaccurate or incomplete data.
  • Erasure - request deletion of your account and associated personal data.
  • Portability - request your data in a structured, machine-readable format.
  • Restriction - request that we limit how we process your data in certain circumstances.
  • Objection - object to processing based on our legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. Note that publicly published stories may be retained in our cultural archive even after account deletion, but will be anonymised upon request.

Children's Privacy

Mythopia is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us at [email protected] and we will promptly delete such information.

Security

We take the security of your personal data seriously and implement industry-standard technical and organisational measures, including:

  • HTTPS encryption for all data in transit (enforced via HSTS)
  • Secure authentication via Keycloak with token-based sessions
  • Content Security Policy (CSP) to mitigate injection attacks
  • Regular security audits and dependency updates

However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you of any data breach as required by applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of Mythopia after any changes constitutes acceptance of the updated policy.

Questions?

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us.

[email protected]