Your work is yours. We protect it like it.

StoryEngine is built for writers handing over unpublished, unprotected material. Here's exactly how we keep your account, your payment, and your pages safe.

Our core promise: we never use your story content to train models, and we never sell it. Your script is yours, start to finish. You direct every choice and own every word you keep.

Payments

Stripe-secured
All payments are processed by Stripe. We never see or store your full card number or CVV — only a Stripe customer/subscription reference.
PCI-minimized
Card data never touches our servers, which keeps your payment details out of our systems entirely.

Accounts & data

Encrypted passwords
Passwords are hashed with bcrypt (work factor 12) and never stored in plaintext.
HTTPS-only
All traffic is encrypted in transit. Plain HTTP is rejected.
Hardened
Rate limiting, CORS restrictions, and security headers guard against common web attacks.
Breach notice
If a breach ever affects your data, we notify affected users within 72 hours of discovery.

How your script is processed

To produce a result, the text you submit is processed by a third-party generation engine. That text is used only to generate your output — it is never used to train any model, and we don't retain the raw prompt beyond what's needed to return your result. Content you choose to save to your Vault is stored, encrypted in transit, under your account until you delete it.

Sub-processors

We use a small set of trusted providers: Stripe (payments), Render (US hosting & database), and an LLM provider for generation. A signable Data Processing Agreement is available to Studio and Institutional customers.

Your control

Questions or a security concern? Email security@storyenginehq.com. See also our Privacy Policy and Terms.

← Back to StoryEngine