Privacy Policy

1. Introduction

Story Glider Limited ("we," "us," or "our") operates StoryGlider.com ("the Service"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required)
• Name (optional)
• Clerk User ID (unique identifier)
• Account role and permissions

2.2 Content and Project Data

When you use our Service, we collect and store:

• Script Projects: Video topics, formats, scripts, keywords, audience information, YouTube metadata, AI-generated content, and project configurations
• Research Library: Uploaded documents, research queries, content, tags, and search statistics
• Ad Templates: Template names, descriptions, and configuration settings
• File Uploads: Documents and files you upload to the Service (stored securely in cloud storage)

2.3 Usage Data

We automatically collect information about how you use the Service:

• Project creation and modification timestamps
• Last viewed dates for projects
• Sharing tokens and expiration dates
• Feature usage patterns

2.4 Technical Data

We collect technical information automatically:

• IP address
• Browser type and version
• Device information
• Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Provision: To provide, maintain, and improve our Service
• Account Management: To create and manage your account, authenticate you, and provide customer support
• Content Processing: To process your content, generate AI-powered scripts and materials, and store your projects
• Communication: To send you service-related notifications, updates, and respond to your inquiries
• Analytics: To analyze usage patterns, improve our Service, and develop new features
• Security: To detect, prevent, and address technical issues, fraud, or security threats
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

We process your personal data based on your consent, the necessity to perform our contract with you, compliance with legal obligations, and our legitimate interests in providing and improving the Service.

4. Data Storage and Security

We use industry-standard security measures to protect your data:

• Database: Your account and project data are stored in secure PostgreSQL databases hosted by NeonDB, with encrypted connections
• Authentication: User authentication is handled by Clerk, which uses industry-standard security protocols
• File Storage: Large files and documents are stored securely in Vercel Blob Storage with access controls
• Encryption: Data is encrypted in transit using TLS/SSL and at rest using encryption standards

While we implement appropriate technical and organizational measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information.

Security incidents: If we become aware of a breach of personal data that is likely to result in a risk to your rights and freedoms, we will notify relevant supervisory authorities and affected users as required by applicable law (including the GDPR), describing the nature of the incident, likely consequences, and measures we have taken or propose to take.

5. Third-Party Services

We use the following third-party services that may process your data:

Other subprocessors (for example AI or media providers used for specific features) may apply when you use those features; we only share data necessary for the Service. These third-party services have their own privacy policies—we encourage you to review them. We only share data necessary for these services to function and require them to protect your data in accordance with applicable data protection laws.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. For detailed information about the cookies we use and your choices regarding cookies, please see our Cookie Policy.

We use Google Analytics to analyze Service usage. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or adjusting your browser settings.

7. Your Rights (GDPR)

Under the GDPR and other applicable data protection laws, you have the following rights:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can update your name and email in your account profile, or contact us for other corrections
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten"). Signed-in users can start erasure from Profile (Delete account). This removes your data from our application databases and deletes your authentication account with our provider (Clerk), subject to the exceptions below
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: Signed-in users can download a machine-readable JSON export of personal data we store in our databases from Profile (Download my data). You can also contact us for a copy
• Right to Object: You can object to processing of your data for certain purposes
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

For requests you cannot complete in the app, or to exercise any right not listed with a self-service option, contact us at hello@storyglider.com. We will respond within one month, or inform you if an extension is needed under GDPR.

You also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement occurred. In Malta, this is the Office of the Information and Data Protection Commissioner.

7.1 California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) may apply. We do not sell personal information as defined by the CCPA (we do not disclose personal information to third parties for monetary or other valuable consideration in the "sale" sense). We use service providers to run the Service as described in this policy.

You may request access to categories of personal information we collect, deletion of your personal information subject to legal exceptions, and information about certain disclosures. Use the in-app data export and account deletion on Profile where available, or contact us at hello@storyglider.com. We will verify your request as required by law.

8. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you delete your account through Profile, we erase your personal data from our application databases and request deletion of your authentication account without undue delay. Residual copies in encrypted backups may persist for a limited period in line with our infrastructure providers' backup cycles, then roll off automatically. We may retain certain information where required by law (for example tax or accounting records) or for the establishment, exercise, or defence of legal claims.

Content you have published or made available to other users (for example shared links or stock library contributions that have been merged into shared catalogues) may continue to be processed where necessary to operate those features; contact us if you need help with a specific case.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers operate. We ensure that appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with third-party providers
• Compliance with GDPR requirements for international transfers

By using our Service, you consent to the transfer of your data to these countries.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated Privacy Policy on StoryGlider.com
• Updating the "Last updated" date at the top of this page
• Sending an email notification to registered users when possible

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: