Privacy Policy

Your privacy is our priority.

We attach great importance to the confidentiality of your data. This privacy policy explains how we collect, use, and protect your personal information when you visit our website or purchase our products.

Last updated: January 08, 2026

1. Introduction

This Privacy Policy aims to inform users of the website and the product Autoya, operated by The Next Stories SAS, in a clear and transparent manner about how their personal data is collected, used, stored, and protected.

Autoya is a software solution for content generation assisted by artificial intelligence. As such, certain data processing is necessary for the proper functioning of the service, the management of user accounts, and the continuous improvement of the platform.

The use of the site or services implies acceptance of this Policy.

2. Data Controller

The data controller is:

The Next Stories SAS
Simplified joint-stock company
Head office: 40 rue de la Tour d’Auvergne – 44200 Nantes (France)
Company registration number (RCS Nantes): 931 621 114
Contact email: hello@thenextstories.com

Autoya is a registered trademark and a commercial product published by The Next Stories SAS.

3. Affected Persons

This Policy applies to:

  • visitors to the Autoya website

  • professional prospects and clients

  • users with an Autoya account

  • anyone interacting with the services provided

The services are exclusively intended for adults with the required legal capacity.

4. Collected Personal Data

Depending on the use of the services, The Next Stories may collect the following categories of data:

  • identity data (first name, last name)

  • contact data (email, phone)

  • professional data (company, position)

  • billing and payment data

  • connection and usage data (logs, history, credit consumption)

  • technical data (IP address, browser, system, cookies)

  • contents provided by the user as part of the service use

No sensitive data as defined by the GDPR is intentionally collected.

5. Purposes of Processing

The data is collected and processed for the following purposes:

  • creation and management of user accounts

  • provision and operation of Autoya services

  • billing, subscription management, and payments

  • customer support and operational communication

  • improvement of performance and features

  • security, fraud prevention, and abuse

  • compliance with legal and regulatory obligations

  • marketing communication (with consent)

6. Legal basis for processing

The processing is based on:

  • the execution of the contract binding the user to The Next Stories

  • The legitimate interest of The Next Stories to improve its services

  • the explicit consent of the user when required

  • the compliance with applicable legal obligations

7. Artificial Intelligence Services

Autoya provides access to artificial intelligence services through third-party provider APIs (e.g. OpenAI, Anthropic, Google, Runway, ElevenLabs, etc.).

In this context:

  • The Next Stories acts as a technical intermediary

  • some data may be transmitted to AI providers for processing

  • each provider applies its own terms and privacy policies

  • the data is only used to provide the requested service

The Next Stories is committed to selecting providers compliant with GDPR and the European AI Regulation (AI Act).

8. Hosting and Security

The data is primarily hosted within the European Union:

  • Amazon Web Services (Ireland)

  • OVH (France)

  • Vercel (application infrastructure)

Technical and organizational measures compliant with industry standards are implemented, including:

  • data encryption

  • access control

  • regular backups

  • security monitoring and audits

Despite these measures, no system is completely free of risks.

9. Retention Period

Data is retained only for the time necessary for the purposes pursued:

  • account data: duration of registration

  • billing data: 10 years (legal obligation)

  • usage data: 3 years after the last activity

  • technical data and cookies: a maximum of 13 months

Longer durations may apply in cases of legal obligation or litigation.

10. Recipients of the Data

The data may be transmitted to the following recipients:

  • authorized internal teams of The Next Stories

  • technical and hosting providers

  • AI service providers

  • payment providers

  • administrative or judicial authorities if required by law

No data is sold to third parties.

11. Cookies

Autoya uses cookies that are necessary for the operation of the site, as well as analytical and personalization cookies.

Users can manage their preferences via:

  • the consent banner

  • the browser settings

Refusing certain cookies may impair the user experience.

12. User Rights

In accordance with the GDPR, users have the following rights:

  • right of access

  • right to rectification

  • right to erasure

  • right to restriction of processing

  • right to data portability

  • right to object

  • right to withdraw consent

  • right to contest an automated decision

Requests can be sent to: hello@thenextstories.com
A maximum response time of one month is guaranteed for all requests.

13. Transfers Outside the European Union

When data is transferred outside the EU, The Next Stories implements appropriate safeguards, including standard contractual clauses validated by the European Commission.

14. Modification of the Policy

This Policy may be modified at any time. The modifications take effect 30 days after their publication, unless otherwise required by law.

15. Contact

For any questions regarding data protection:

📧 hello@thenextstories.com
📍 The Next Stories SAS – 40 rue de la Tour d’Auvergne – 44200 Nantes (France)