Privacy Policy

When you create a StoryTelly account, we collect:

• Email address. For account identification, password recovery, and (with your consent) product updates.
• Password (hashed). Stored only in salted-bcrypt form. We never see your plaintext password.
• Stories you generate. Story prompts, narrative text, and illustrations are stored in your account so you can reopen them.
• Optional account metadata. Display name (if set), subscription tier, two-factor preference.

We do not collect: your child's real name (it stays on your device — see below), your location, your browsing history outside StoryTelly, contacts, or any third-party tracking identifiers.

Child names typed during story creation are tokenized client-side before any prompt leaves your device. The server receives only the tokenized form ([CHILD]). The plaintext name is encrypted and stored locally, keyed to your account.

When you read a story, the plaintext name is reinserted client-side. So your child sees their real name on the page; our servers never do.

Logout does not clear locally-stored names (so signing back in on the same device restores them across all your stories). Account deletion does clear them.

We use the data above to:

• Provide the StoryTelly service (generate stories, store them in your account, deliver them across your devices).
• Send transactional emails (password resets, two-factor codes, email verification).
• Provide aggregate, anonymous analytics on site traffic via Cloudflare Web Analytics — cookieless and privacy-first; no individual user is identified.
• Comply with legal obligations and respond to lawful requests for information.

We do not sell your data, share it with advertisers, or use it to train AI models on your private content.

Illustration prompts are sent to one of several leading AI image providers (OpenAI, Stability AI, Replicate, Google, fal.ai), depending on the style you choose. Every prompt is screened against OpenAI's moderation API before any image is generated.

Generated images are stored in our object storage (Cloudflare R2) and served to your browser via signed URLs with short expiry. Image-provider companies receive only the tokenized prompt — never your child's real name.

The optional “Tell it out loud” feature records short audio clips when you choose to speak a story idea. Each clip is sent to OpenAI for speech-to-text transcription, and the resulting transcript is sent to Anthropic to interpret it into a story setup you review before anything is generated. We collect this audio solely to fulfil that request.

The audio recording is deleted immediately after it is transcribed. It is never written to our database, our object storage, or disk, and is never used for any other purpose, shared, or used to train AI models. Only the resulting text is kept, and any name spoken aloud is replaced with a private token in the saved story text on your device.

Because transcription is performed by our speech-to-text provider, the audio (which may contain a child's spoken name) is processed transiently by that provider before it is deleted. This collection is limited to responding to the user's request and is disclosed here as required.

We retain your account data for as long as your account is active. When you delete your account, your stories, illustrations, and personal data are removed within 30 days. Aggregate, anonymized usage statistics may be retained indefinitely.

Backups are retained for 30 days; restoring from backup is reserved for emergency recovery and would never reinstate a deleted account's data beyond that window.

We use a small set of trusted third-party processors to deliver the service. Each processes data only as needed and under contractual confidentiality:

• Render (US) — application hosting.
• Neon (Frankfurt, EU) — database hosting for accounts + stories.
• Cloudflare (US) — DNS, CDN, R2 image storage, and Web Analytics.
• Resend (US) — transactional email delivery.
• OpenAI / Anthropic / Stability / Replicate / Google / fal.ai — AI providers for story narrative + illustrations. Receive only tokenized prompts, with one exception: if you use the optional voice feature, OpenAI receives the audio clip for transcription and Anthropic receives the transcript, after which the audio is deleted immediately (see “Voice recordings” above).
• Stripe (US) — payment processing (when subscriptions launch). Card details are handled exclusively by Stripe; we do not store them.

We follow industry-standard practices to protect your account: HTTPS everywhere, bcrypt-hashed passwords, JWT-based sessions with short expiry, two-factor authentication (optional), CSRF protection on every state-mutating endpoint, and a strict Content Security Policy on the marketing site.

No security system is perfect. If you suspect your account has been accessed without authorization, change your password immediately and email [email protected].

The marketing site (mystorytelly.app) uses no cookies. Cloudflare Web Analytics is cookieless by design.

The application (the desktop app today; the web app when it launches at app.mystorytelly.app) uses a single session cookie to keep you signed in. This cookie contains a JWT and is HTTPOnly, Secure, and SameSite=Lax. No third-party cookies, no advertising trackers.

We may update this Policy from time to time. Material changes will be notified by email at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated Policy.

Questions about this Policy? Email [email protected]. To exercise your data rights, see /privacy-rights.