Privacy Policy

At Story Studio AI, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered story creation platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address - Used for authentication and account recovery
• Password - Stored securely using bcrypt hashing (we never see your plain password)
• Name - Optional display name for your account
• Account creation date - To track when you joined our service

1.2 Content You Create

We store all content you generate through our Service:

• Projects - Your story projects, including titles, genres, and metadata
• Characters - Character profiles, descriptions, and associated images
• Messages - Story text, chat history, and AI-generated content
• Generated Media - Images, audio files, and PDFs you create using our AI tools

1.3 Usage Data

We automatically collect:

• Credit usage - How many credits you consume for AI generations
• Session data - JWT tokens stored in your browser for authentication
• Technical logs - Server logs for debugging and security purposes

2. How We Use Your Information

2.1 To Provide the Service

• Authenticate your account and maintain sessions
• Store and retrieve your projects and content
• Generate AI-powered stories and illustrations
• Track your credit balance and usage
• Send transactional emails (password resets, account notifications)

2.2 To Improve Our Service

• Analyze usage patterns to improve features
• Debug technical issues and improve performance
• Monitor for security threats and abuse

2.3 We Do NOT:

• Sell your personal information to third parties
• Use your content to train AI models (your stories remain yours)
• Share your data with advertisers
• Track you across other websites

3. How We Store Your Data

3.1 Account & Project Data

We securely store:

• User account-related data (email, securely encrypted password)
• Project metadata and settings
• Character information and story content
• Credit transaction history

3.2 Media Files

All generated media files (images, audio, PDFs) are:

• Stored securely on our servers with encryption
• Accessible only through your authenticated session token
• Protected and isolated - only you can access your files
• Not accessible by our staff or third parties

3.3 Browser Storage

We store authentication tokens in your browser:

• localStorage - JWT token for persistent login
• sessionStorage - Temporary session data
• No tracking cookies or analytics cookies

4. Third-Party Services

4.1 Payment Processing

Stripe - We use Stripe to process credit card payments. We do not store your credit card information on our servers. Stripe's privacy policy applies to payment data: https://stripe.com/privacy

4.2 AI Generation Services

We use secure APIs powered by open-source models running on GPU servers for:

• Image Generation - Creating illustrations and character visuals
• Text Generation (LLMs) - Story content and character descriptions
• Audio Generation (TTS) - Voice narration

Privacy Guarantee: Your prompts and generated content are processed securely and never stored by these services. Data is transmitted over encrypted connections and immediately discarded after generation. These services do not retain, log, or use your data for training purposes.

4.3 Email Service

We use an SMTP email service to send transactional emails (password resets, account verification). These emails are sent securely and are not used for marketing purposes.

5. Your Rights and Choices

5.1 Access Your Data

You can access all your data through your Profile page:

• View your account information
• See your credit balance and transaction history
• Access all your projects and generated content

5.2 Delete Your Account

You can delete your account at any time from your Profile page:

• Immediate Deletion: All your projects, stories, characters, generated images, audio files, and PDFs are permanently deleted immediately
• Your account will be deactivated and you will no longer be able to log in
• Retained for Analytics Only: We only retain your email address and credit transaction history for accounting and analytics purposes
• No personal content, media files, or creative work is retained after deletion

What gets deleted immediately: Projects, characters, messages, images, audio, PDFs, and all generated content.
What we keep: Email address and purchase history (for legal/accounting compliance only).

5.3 Export Your Data

You can export your content:

• Download your stories as PDF files
• Save generated images and audio files
• Contact us to request a full data export

5.4 Update Your Information

You can update your account information anytime:

• Change your name in your profile
• Reset your password (email cannot be changed for security reasons)

6. Data Security

6.1 Security Measures

We implement industry-standard security practices:

• Password Hashing - Passwords are hashed using bcrypt (never stored in plain text)
• HTTPS Encryption - All data transmitted is encrypted in production
• JWT Authentication - Secure token-based authentication
• Input Validation - All user inputs are validated and sanitized
• Rate Limiting - Protection against brute force attacks

6.2 Data Breach Protocol

In the event of a data breach:

• We will notify affected users within 72 hours
• We will provide details about what data was compromised
• We will take immediate action to secure the breach
• We will report to relevant authorities as required by law

7. Data Retention

7.1 Active Accounts

For active accounts, we retain:

• Account information indefinitely while your account is active
• Project and content data indefinitely
• Usage logs for up to 90 days
• Server logs for up to 30 days

7.2 Deleted Accounts

After account deletion:

• Immediately Deleted: All projects, media files (images, videos, audio), characters, stories, and generated content are permanently erased
• Account is deactivated immediately
• Retained for Compliance: Only email address and credit transaction history are kept for accounting and analytics purposes
• Financial records may be retained as required by law

8. Age Requirement

Story Studio AI is for adults only. You must be 18 years of age or older to use our Service. We do not accept registrations from minors under any circumstances.

We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe a minor has created an account, please contact us immediately at support@story-studio.ai, and we will permanently delete the account and all associated data.

9. International Users

Our services and datacenters are hosted in the United States. If you are accessing our Service from outside the USA, your data may be transferred to and processed in the United States. By using our Service, you consent to this transfer and processing.

9.1 GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to Access - Request a copy of your data
• Right to Rectification - Correct inaccurate data
• Right to Erasure - Request deletion of your data
• Right to Data Portability - Receive your data in a machine-readable format
• Right to Object - Object to processing of your data

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes

Your continued use of the Service after changes constitutes acceptance of the new Privacy Policy.

11. Contact Us