Story StreamStory Stream
Loading account

Privacy

At Story Stream, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information.

1. Information We Collect

We collect information that you provide directly to us, such as when you create an account, upload manuscripts, or contact customer support. This may include:

  • Contact information (name, email address)
  • Account credentials
  • Payment information
  • Manuscript content and analysis data

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Develop new products and services

3. Data Security

We implement appropriate security measures to protect your personal information. For more details on our security practices, please see our Data Security page.

4. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data.

5. Third-Party Services & Analytics

We use various services to improve our product, understand how it's used, and diagnose technical issues. These services are divided into two categories: third-party services (which require your consent) and first-party analytics (which we collect directly).

5.1 Third-Party Services (Consent Required)

With your consent, we use the following third-party services. These services only load after you accept cookies via our cookie consent banner:

  • Microsoft Clarity: Provides session recordings and heatmaps to help us understand how users interact with our site. This helps us identify usability issues and improve the user experience.
  • Sentry: Error tracking and performance monitoring service that helps us identify and fix technical issues quickly. Sentry collects error reports, stack traces, and performance metrics.
  • Google Tag Manager: Event tracking platform that helps us understand user behavior, measure conversions, and optimize our marketing efforts.

You can withdraw consent at any time by clearing your browser cookies and declining consent when prompted again. When you decline consent, these third-party services will not load or collect any data about your visit.

5.2 First-Party Analytics (No Consent Required)

In addition to third-party analytics, we collect basic usage information directly on our servers to understand how our site is used and to improve our services. This first-party analytics collection occurs regardless of your cookie consent preferences, as it does not involve sharing data with third parties.

What We Collect

We automatically log the following information when you visit our site:

  • Page URLs: The pages you visit on our site, including the path and any query parameters (excluding sensitive data)
  • Referrer Information: The website that referred you to us (e.g., Google, Facebook, or another site)
  • Device Information: Browser type, operating system, and device type (e.g., desktop, mobile, tablet) derived from your user agent string
  • Session Identifier: A privacy-safe identifier created by hashing your IP address with a daily-rotating salt. This allows us to understand session flows and user journeys without storing your actual IP address. The hash changes daily, preventing long-term tracking.
  • Timestamps: When you visited each page, used to understand usage patterns and peak traffic times
  • Account Linkage: For logged-in users, we link analytics events to your user account to better understand how our service is used and to provide personalized improvements
  • Event Data: Specific actions you take on the site (e.g., button clicks, form submissions, feature usage)

What We Don't Collect

Our first-party analytics explicitly do NOT collect:

  • Your exact IP address (only a hashed, privacy-safe version that changes daily)
  • Personal identifiable information beyond what you voluntarily provide when creating an account
  • Cross-site tracking data or browsing history from other websites
  • Precise geolocation data (we do not track your physical location)
  • Keystroke logging or form field contents (except when you explicitly submit a form)
  • Sensitive personal data such as financial information, health data, or biometric data

How We Use This Data

We use first-party analytics data to:

  • Improve User Experience: Understand which features are most valuable and identify areas for improvement
  • Fix Technical Issues: Identify bugs, errors, and performance problems that affect user experience
  • Optimize Performance: Monitor site speed and reliability to ensure a smooth experience
  • Inform Product Development: Make data-driven decisions about which features to build or improve
  • Understand User Journeys: See how users navigate through the site to optimize conversion funnels
  • Measure Feature Adoption: Track which features are being used and which need better promotion or redesign

Data Storage & Retention

First-party analytics data is stored securely in our database (hosted by Supabase) and is automatically deleted after 90 days. We implement the following safeguards:

  • Automatic Deletion: A daily automated process removes all analytics data older than 90 days
  • Secure Storage: Data is stored in encrypted databases with row-level security policies
  • No Third-Party Sharing: This data is never shared with, sold to, or made available to any third parties
  • Access Controls: Only authorized team members can access analytics data, and all access is logged

Legal Basis (GDPR)

We collect this first-party analytics data based on our legitimate interest in understanding and improving our service (GDPR Article 6(1)(f)). We have carefully balanced our business needs against your privacy rights and have implemented appropriate safeguards:

  • Data Minimization: We only collect the minimum data necessary to achieve our purposes
  • Privacy by Design: IP addresses are hashed and cannot be reversed to identify individuals
  • Limited Retention: Automatic 90-day deletion ensures data is not kept longer than necessary
  • No Profiling: We do not use this data for automated decision-making or profiling
  • Transparency: We clearly disclose what we collect and why

Your Rights

While we believe this first-party analytics collection is necessary for operating and improving our service, you have the right to object to this processing under GDPR Article 21. If you wish to exercise this right:

  • Contact us at info+privacy@storystreameditor.com with your request
  • We will evaluate your objection and may cease processing your data if we cannot demonstrate compelling legitimate grounds
  • Note that opting out may limit our ability to provide certain features or improve the service based on your usage patterns

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our services. Cookies are small text files stored on your device that help us remember your preferences and understand how you use our site.

Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled:

  • Authentication Cookies: Keep you logged in as you navigate the site
  • Security Cookies: Protect against fraudulent activity and secure your account
  • Session Cookies: Maintain your session state and preferences

Analytics Cookies (Require Consent)

These cookies help us understand how visitors use our site:

  • Microsoft Clarity: Session recording and heatmap cookies
  • Google Tag Manager: Event tracking and conversion measurement

Preference Cookies

These cookies remember your choices and preferences:

  • Cookie Consent: Remembers your cookie consent preferences
  • Theme Preference: Remembers your light/dark mode choice

Managing Cookies

You can control cookies in several ways:

  • Cookie Consent Banner: Accept or decline analytics cookies when you first visit our site
  • Browser Settings: Most browsers allow you to block or delete cookies through their settings
  • Opt-Out Tools: Use browser extensions or privacy tools to manage tracking

Note that blocking essential cookies may prevent certain features from working properly.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

Retention Periods

  • Account Data: Retained while your account is active and for 30 days after account deletion (to allow for account recovery)
  • Manuscript Data: Retained while your account is active and deleted within 30 days of account deletion
  • First-Party Analytics: Automatically deleted after 90 days
  • Payment Records: Retained for 7 years to comply with tax and accounting regulations
  • Support Communications: Retained for 2 years to provide consistent support
  • Legal Compliance Data: Retained as required by applicable laws

Account Deletion

When you delete your account:

  • Your personal information is deleted or anonymized within 30 days
  • Your manuscripts and analysis data are permanently deleted
  • Analytics data is anonymized (user ID is removed)
  • Payment records are retained for legal compliance but are not linked to your identity

8. International Data Transfers

Story Stream is based in the United States, and our service providers may be located in various countries. When you use our service, your data may be transferred to and processed in countries outside your country of residence.

We ensure that any international data transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses: We use EU-approved standard contractual clauses with our service providers
  • Adequate Safeguards: We ensure that appropriate technical and organizational measures are in place
  • Service Provider Vetting: We only work with service providers who commit to protecting your data

9. Children's Privacy

Our service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as quickly as possible.

If you believe we have collected information from a child, please contact us immediately at info+privacy@storystreameditor.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you via email or a prominent notice on our website
  • We encourage you to review this policy periodically

Your continued use of our service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: info+privacy@storystreameditor.com
  • Data Protection Inquiries: For GDPR-related requests (access, deletion, portability, etc.), please use the subject line "Data Protection Request"
  • Response Time: We will respond to all privacy inquiries within 30 days

For general support questions, please visit our FAQ page or contact support@storystreameditor.com.

Last Updated: October 16, 2025