← Back to Home

Privacy Policy

Effective Date: May 25, 2026  |  Last Updated: May 25, 2026

The short version: We collect your email and payment info to run the service. We don't sell your data. Your story content is yours. You can opt out of marketing emails at any time.

Contents

1. What We Collect 2. How We Use Your Data 3. Data Sharing 4. Data Storage & Security 5. Marketing Communications 6. Your Rights 7. Cookies 8. Children's Privacy 9. Changes to This Policy 10. Contact

1. What We Collect

Account Data: Email address, name (optional), encrypted password, subscription tier, and account creation date.

Payment Data: Payments are processed by Stripe. We store only a Stripe Customer ID and subscription ID — we never store full credit card numbers or CVVs. See Stripe's Privacy Policy.

Usage Data: A count of AI generations used per billing period. We do not log the full content of your generations by default.

Content Data: Text you enter into StoryEngine (loglines, scene descriptions, character notes) is processed in real time to generate AI output. We do not persistently store your raw prompts beyond what is required to serve the response.

Vault Data: Content you explicitly save to your Vault is stored in our database associated with your account until you delete it or close your account.

Technical Data: Standard server logs including IP address, browser type, and request timestamps for security and debugging purposes.

2. How We Use Your Data

We do not use your specific story content to train AI models, and we do not sell your content to third parties.

3. Data Sharing

We share data only with the following service providers, strictly to operate the Service:

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Render.com servers in the United States. Passwords are hashed using bcrypt with a work factor of 12 — they are never stored in plaintext. Authentication tokens (JWT) are transmitted over HTTPS only and stored in your browser's local storage. All communication with our servers is HTTPS-only; plain HTTP access is rejected.

We implement rate limiting, CORS restrictions, and security headers to protect against common web attacks. No system is 100% secure. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery.

Data retention. We retain your account data (email, name, subscription status) for as long as your account is active. Content you save to your Vault is retained until you delete it or close your account. After account closure or deletion, account and Vault data are removed within 30 days. Server and security logs (such as IP addresses and request metadata) are retained for up to 90 days for security and abuse-prevention, then deleted or anonymized. We do not retain the raw text of your generation prompts beyond what is needed to return your result.

Data Processing Agreement (DPA). Institutional and Studio customers (schools, university programs, and production organizations) may request a signed Data Processing Agreement naming our sub-processors and covering applicable data-protection terms, including international transfer mechanisms. Contact privacy@storyenginehq.com.

5. Marketing Communications

We only send marketing emails (product updates, new features, writing tips) if you have explicitly opted in at registration or through your account settings. You can withdraw consent at any time by:

Transactional emails (billing receipts, password resets, account security notices) are sent regardless of marketing preferences as they are necessary to operate the service.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

California residents have additional rights under CCPA. EU/UK residents have rights under GDPR. To exercise any of these rights, contact privacy@storyenginehq.com. We will respond within 30 days.

7. Cookies

StoryEngine stores a single authentication token (se_token) in your browser's local storage. This token is strictly necessary to maintain your login session and expires after 7 days of inactivity. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not set any third-party cookies.

8. Children's Privacy

StoryEngine is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact privacy@storyenginehq.com and we will delete the account promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers by email at least 14 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights:
privacy@storyenginehq.com
The Secret Squirrel Society Entertainment Group Inc., Los Angeles, CA