Privacy Policy

Last Updated: February 23, 2026

Introduction

This Privacy Policy explains how Storypie LLC (“Storypie”, “we”, “us”, or “our”) collects, uses, and shares information about you when you use the Storypie website (mystorypie.com), mobile applications, or any related services (collectively, our “Services”). By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

This Privacy Policy takes into account the requirements of various privacy laws including the General Data Protection Regulation (GDPR) for users in the European Union and United Kingdom, and the California Consumer Privacy Act (CCPA) for California residents. Additional rights for these users are detailed in specific sections below.

Information We Collect

Personal Information

We collect the following types of information when you use our Services:

• Identity Data: Name, birth year, birth month, Gender, Profile information, and other information you choose to provide.
• Contact Data: Email address.
• Account Information: Login credentials, Password, and account preferences.
• Financial Data: Payment information (processed through third-party payment processors), transaction history, and subscription details.
• Usage Information: Stories you create, reading preferences, app interactions, feature access, session information, and usage patterns and statistics.
• Technical Data: IP address, browser type, device information, operating system, cookie data, and log data.
• Content Data: Stories and content you create, saved preferences, interaction history, and other user-generated content.

Sensitive Information

We do not actively request or collect sensitive information about you. If at any time we need to collect sensitive information, unless otherwise permitted by law, we will first obtain your consent and only use it as required or authorized by law.

How We Collect Information

We collect information in various ways:

• Direct interactions when you: Create an account, use our Services, contact customer support, participate in surveys or promotions, or communicate with us.
• Automated technologies, including: Cookies, web beacons, analytics tools, and app usage tracking.
• Third parties, including: App stores, payment processors, analytics providers, and marketing partners.

How We Use Your Information

We use your information for the following purposes:

Core Service Delivery

• To provide and maintain our Services
• To process and fulfill your story creation requests
• To manage your account and subscription
• To provide customer support
• To send service-related communications
• To enable features and personalize your experience

Business Operations

• To improve and optimize our Services
• To analyze usage patterns and trends
• To develop new features and services
• To maintain security of our Services
• To prevent fraud and abuse
• To enforce our Terms of Use
• To comply with legal obligations

Communication and Marketing

• To send administrative messages
• To provide updates about our Services
• To send promotional content (with your consent)
• To communicate about features and offers
• To respond to your inquiries

Data Sharing and Disclosure

Third-Party Service Providers

We share information with:

• AI Service Providers: We use various AI technologies to generate stories and images. To personalize the content, we send a calculated age and an obfuscated, predefined placeholder names to our AI partners. Under no circumstances are a child's real name, birthdate, or any other personally identifiable information (PII) shared with these providers.
• Payment Processors: Including Stripe, the Apple App Store, and Google Play Store. Payment information is processed directly by these platforms. We only receive transaction confirmations.
• Google Analytics: We use Google Analytics with consent mode defaults set to denied, which prevents Google from setting cookies or collecting user-identifying information. Only aggregate, anonymous page-level data is transmitted to Google.

Refund and Data Sharing Practices

As part of processing refund requests through the Apple App Store or Google Play Store, we may share:

• Transaction Information: Purchase dates and times, transaction identifiers, purchase history.
• Usage Information: Content access logs, access frequency and duration, download status and completion, content usage metrics, progress tracking data.
• Account Information: Device information, account status, eligibility information, subscription patterns.

This information is shared solely to validate refund eligibility, prevent fraudulent requests, and comply with platform policies. Data sharing is conducted securely and retained only for the necessary duration to process refunds and comply with applicable laws.

Legal Requirements

We may disclose information to comply with laws, respond to legal requests, protect our rights, prevent fraud or abuse, and ensure platform safety.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

Data Shared with Third Parties

We use third-party AI service providers for content generation (story text and audio) and cloud infrastructure providers for hosting, storage, and operations. Only de-identified data — such as calculated ages and user-provided story prompts — is shared with these providers. No child names, birthdates, or personal information is transmitted to any third-party service.

We do not sell, rent, or share personal information with third parties for advertising or marketing purposes.

Data Security

We implement reasonable security measures to protect your information, including industry-standard encryption, secure data storage, access controls, regular security assessments, and employee training. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Mixed-Audience App & Child Data Handling

Storypie operates as a mixed-audience app, designed for both adults and children under parental supervision. We collect child names and birth information solely for content personalization but implement strict data protection measures:

• Child Names: Stored securely and never shared with third-party AI providers. Names are obfuscated when generating content and restored only in the final story.
• Birth Information: Only calculated age (not birthdate) is used for content generation. Birth month/year data is never shared with AI providers.
• Parental Control: All child data collection and story creation is controlled by parents/guardians.

Our Policy Towards Children

Our Services are intended for adults (parents and guardians) to create stories and experiences for their children. The Services are not directed to children under the age of 13 to use independently. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Users who are at least 13 years of age but under 18 must have the permission of a parent or legal guardian to use our Services.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@mystorypie.com. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information from our servers.

Any information collected about a child, such as their first name or birth month and year, is provided by the parent or guardian for the purpose of personalizing the content created through our Services. Parents and guardians are responsible for the information they provide about their children and have the right to review, update, or request the deletion of this information at any time by contacting us.

COPPA Compliance (Children's Online Privacy Protection Act)

Storypie is a mixed-audience platform. We comply with the Children's Online Privacy Protection Act (COPPA) and the 2025 COPPA amendments through the following measures:

• Age Screening: We require a neutral age screen at registration. Users are asked for their birth year before account creation. This screen does not incentivize selecting an older age.
• Parental Verification: Users who indicate they are under 13 are presented with a parental math-challenge verification (a multiplication problem) that must be completed before proceeding. This ensures a parent or guardian is present during account creation.
• No Direct Collection from Children: Account creation is performed by parents or guardians. Child profile information (first name, birth month/year) is entered by the parent, not the child.
• Data Minimization: We collect only the minimum information necessary to personalize content. Child names are never shared with third-party AI providers. Only calculated age is transmitted for content generation.
• No Third-Party Behavioral Tracking: We do not use any third-party behavioral tracking tools (such as session replay or heatmap services) on any Storypie web property. Google Analytics is configured with consent mode denied, which prevents cookies from being set and limits data collection to anonymous, aggregate metrics.
• Parental Rights: Parents may review, update, or request deletion of their child's personal information at any time by contacting privacy@mystorypie.com or through account settings.
• Internal Operations Exception: Our first-party analytics (described in the "First-Party Analytics" section below) uses anonymous identifiers that qualify under COPPA's "internal operations" exception — they contain no personally identifiable information, are not shared with third parties, and are used solely for aggregate internal analytics.

Student Data and Schools (FERPA Compliance)

Storypie for Schools is our educator platform that allows teachers to manage classrooms, assign content, and track student progress. We handle student data in accordance with the Family Educational Rights and Privacy Act (FERPA):

• Student Data Collected: First name, last name, optional parent/guardian email, grade level, age band, and engagement data (time spent on content, quiz scores, assignment progress). This information is provided by the teacher or school administrator.
• Data Control: Teachers and school administrators maintain control over their students' data. They can view, edit, and delete student records at any time through the educator dashboard.
• Data Deletion: When a teacher removes a student from a classroom, all associated data is permanently deleted, including engagement records, quiz progress, and assignment status. This is a hard deletion — the data cannot be recovered.
• No Sale or Sharing: Student data is never sold, rented, or shared with third parties for advertising or marketing purposes.
• Data Retention: Student engagement data is retained only while the student is actively enrolled in a classroom. Upon removal, all data is immediately and permanently deleted.
• Access Controls: Only the teacher who created a classroom can access student data within that classroom. Storypie administrators may access data for technical support purposes only.

Cookies, Analytics, and Similar Technologies

Types of Technologies Used

We use cookies and similar technologies, such as web beacons, device identifiers, and analytics tools.

• Cookies: Session cookies (temporary) and persistent cookies (remain until deleted). These include essential cookies (required for basic functions) and analytical/performance cookies.
• Other Technologies: Web beacons, device identifiers, and analytics tools.

How We Use These Technologies

We use these technologies to remember your preferences, understand platform performance, analyze usage patterns, improve user experience, customize content, and maintain security.

First-Party Analytics

In addition to Google Analytics (configured with consent mode denied), we operate our own first-party analytics system to understand how users interact with our Services. This system:

• Anonymous Visitor Cookie: We set a first-party cookie (_sp_vid) containing a random identifier (UUID). This cookie expires after 30 days and contains no personally identifiable information. It is used solely to count unique visitors and sessions.
• Data Collected: Page views, scroll depth, click interactions, time on page, audio play/completion events, quiz engagement, Web Vitals performance metrics, and JavaScript errors. All data is anonymous and aggregate.
• No PII Stored: No user IDs, email addresses, names, or other personally identifiable information is included in analytics events. IP addresses are used server-side for geographic region lookup only and are immediately discarded — they are never stored.
• No Third-Party Sharing: All analytics data is stored on our own infrastructure (Amazon Web Services DynamoDB). It is never shared with third parties.
• No Cross-Site Tracking: The analytics cookie is first-party only and does not enable tracking across other websites.

Your Cookie Choices

You can modify your browser settings to decline cookies, delete existing cookies, or opt out of analytics tracking. Clearing your cookies will reset the anonymous analytics identifier. Google Analytics cookies are not set due to our consent mode configuration. Please note that declining essential cookies (such as session authentication cookies) may affect some functionality of our Services.

International Data Transfers

Data Location

Our servers are located in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

Transfer Safeguards

We ensure lawful data transfers through standard contractual clauses, appropriate safeguards, data protection agreements, and compliance with applicable laws.

Consent to Transfer

By using our Services, you consent to international data transfers, processing in other countries, and storage in the United States, understanding that privacy laws may differ from your country.

Your Rights and Choices

Access and Control

Depending on your jurisdiction, you may have the right to: access your personal information, correct inaccurate data, delete your personal information, restrict or object to processing of your data, export your data (data portability), and withdraw consent for processing.

How to Exercise Your Rights

Contact us at privacy@mystorypie.com to submit a request, ask questions, or get help with exercising your rights. We will verify your identity, respond within applicable timeframes, and assist with your request.

Region-Specific Privacy Rights

California Residents (CCPA)

California consumers have specific rights regarding their personal information. We do not "sell" personal information as defined by the CCPA. To exercise your rights under the CCPA (such as the right to know, delete, or opt-out), please contact us at privacy@mystorypie.com.

European Union and UK Users (GDPR)

If you are located in the European Union or the United Kingdom, you have specific rights under the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes contract performance, legitimate interests, legal obligations, and your consent. Your rights include:

• The right to access: You can request a copy of the personal data we hold about you.
• The right to rectification: You can ask us to correct any inaccurate information about you.
• The right to erasure (the "right to be forgotten"): You can request that we delete your account and all associated personal data.
• The right to restrict processing: You can ask us to temporarily halt the processing of your personal data under certain conditions.
• The right to data portability: You can request that we provide you with your data in a structured, commonly used, and machine-readable format.
• The right to object: You can object to us processing your data for certain purposes, such as direct marketing.
• The right to withdraw consent: You can withdraw your previously given consent for processing your data at any time.

To exercise any of these rights, please contact us at privacy@mystorypie.com. You also have the right to lodge a complaint with your local data protection authority.

Changes to This Privacy Policy

We may update this policy periodically. The date at the top shows the latest version. We will notify you of material changes via in-app notification, email, or a notice on our website. Your continued use of the Services after we post any modifications will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Data Retention

We retain your information according to the following schedules:

• Account Data: Retained while your account is active. Deleted upon account deletion request or after 2 years of inactivity.
• Child Profiles: Retained while the parent/guardian account is active. Parents may delete individual child profiles at any time.
• Student Records (Schools): Engagement data, quiz progress, and assignment status are permanently deleted when a teacher removes a student from a classroom.
• Stories and Content: User-created stories are retained while the account is active. Deleted upon account deletion request.
• Analytics Data: Anonymous visitor cookies expire after 30 days. Analytics event data is retained for operational and product improvement purposes.
• Payment Records: Transaction records are retained as required by applicable tax and financial regulations.

When the retention period ends, we will delete or anonymize your data. You may request early deletion at any time by contacting privacy@mystorypie.com.

Contact Information

For any questions or concerns about this policy or your data, please contact us.

• General & Privacy Inquiries: privacy@mystorypie.com
• Technical Support & Security: support@mystorypie.com

We strive to respond to all inquiries within a reasonable timeframe.

Terms and Conditions

For more information about the terms of use for our services, please visit our Terms and Conditions.