← Back home

Privacy Policy

Last updated: 2026-05-13

This policy describes what information StoryInk collects when you use the service, how we use it, who we share it with, and what choices you have. We have tried to write it in plain English. If anything is unclear, email help@storyink.com.

1. What we collect

  • Account info. Your email address and password. Authentication is handled by Supabase Auth — passwords are hashed by Supabase before storage; we never see, log, or store the plaintext.
  • Character info. Names, photos, traits, quirks, and any other details you enter when creating a character (a person or a pet).
  • Story content. The one-line ideas you write, the generated stories, the AI Assistant prompts you send, and any per-story system prompts you save.
  • Order info. If you buy a hardcover, we collect the shipping address you enter at checkout and record the Stripe session and order status. We never see or store your card number — Stripe processes the payment and we receive only a charge identifier and metadata you provided.
  • Usage telemetry. Basic information about page visits and errors, used to keep the service running and to debug problems. We do not maintain advertising profiles.

2. How we use it

  • To generate the stories you ask for. Your prompt text and pet reference photos are sent to Google Gemini at generation time so the model can produce the story and illustrations.
  • To process and ship hardcover orders.
  • To respond when you contact help@storyink.com or use the in-app support chat.
  • To debug and improve the service, including diagnosing errors and tuning the AI prompts we send to Gemini.
  • To send transactional email (order confirmations, fulfillment updates). We do not send marketing email without a separate opt-in.

3. Third parties we share data with

We share data only with the providers we need to run the service. Each operates under its own privacy policy.

  • Supabase — hosts our database (Postgres), authentication, and file storage (your uploaded photos and generated illustrations live here).
  • Google Gemini — receives your prompt text and reference photos at generation time and returns the story text and illustrations. We use the paid Gemini API tier.
  • Stripe — processes payments. Stripe receives your card details directly (we never see them); we only receive a session identifier, a charge identifier, and the shipping address you provided at checkout.
  • Resend — delivers transactional email (order confirmations, shipping updates) on our behalf.
  • Sentry — receives error reports if we have a Sentry DSN configured. Reports may include the page URL, error message, and stack trace; we try not to attach personal content but exceptional cases may include fragments of error context.

We do not sell personal information. We do not share data with advertising networks.

4. Cookies and similar technology

We use a small number of strictly necessary cookies:

  • Supabase auth cookies — keep you signed in across page loads. Without these, the service does not work.
  • Cookie consent preference — stores your choice on the cookie banner so we do not show it on every visit.

We do not use third-party analytics or advertising cookies. If that ever changes, we will update this policy and ask for consent before setting them.

5. Your rights and choices

  • Access and export. The Account page includes a self-serve export of your data — pets, stories, and order history — so you can download a copy at any time.
  • Correction. You can edit pets, stories, and individual pages directly inside the app.
  • Deletion. You can delete your account from the Account page. Deletion cascades through your characters, stories, and generated content. For tax and audit reasons we retain anonymized order records (no name, no email, no shipping address) tied to the original Stripe charge.
  • Withdraw consent. You can stop using the service at any time. Deleting your account is the most complete way to withdraw consent.
  • Depending on where you live (EU/UK, California, and other jurisdictions with similar laws) you may have additional statutory rights — to object to certain processing, to restrict processing, to receive your data in a portable format, and to lodge a complaint with a regulator. Email help@storyink.com and we will respond within thirty days.

6. Retention

  • Pets, stories, and generated content are kept as long as your account exists. They are removed when you delete a pet, a story, or your whole account.
  • Order records are retained for tax and audit purposes. When you delete your account, your name, email, and shipping address are removed from the order record; the order id, amount, and Stripe charge id remain for accounting.
  • Operational logs (error traces, request logs) are kept for short retention windows by the providers above and are not exposed back to us beyond what we need to diagnose problems.

7. International data transfers

StoryInk is operated from the United States. Our infrastructure runs on Supabase, Stripe, Google Gemini, and Resend, which may process data in the US and other jurisdictions. If you are using the service from outside the US, you are agreeing to your data being processed in those locations. We rely on the contractual protections each provider offers (standard contractual clauses where applicable) for transfers out of the EU/UK.

8. Children

StoryInk is intended for adults who create stories for and about themselves, their families, and their pets. You must be at least thirteen years old to hold an account. The stories themselves are designed to be enjoyed by children of any age, with adult supervision; the account that creates and pays for them is held by an adult or older teen.

9. Security

We use industry-standard practices: transport encryption (HTTPS) on all traffic, row-level security in our database so users can only see their own data, server-only secrets kept out of the browser bundle, and limited access controls on infrastructure. No system is perfectly secure. If you suspect a breach affecting your account, email help@storyink.com.

10. Governing law

This policy and any dispute about how we handle your personal information are governed by the laws of the State of Washington, without regard to its conflict-of-laws principles. Any such dispute will be brought in the state or federal courts located in King County, Washington, and you consent to the personal jurisdiction of those courts — except where the data-protection or consumer-protection law of your home jurisdiction gives you the right to sue or complain locally.

11. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced inside the app. The “Last updated” date at the top of this page is bumped whenever the text materially changes.

12. Contact

Questions, requests, or complaints: help@storyink.com.

These policies were drafted with the help of AI based on what the app actually does. We recommend reviewing them with counsel before treating them as binding for high-stakes disputes. Questions? help@storyink.com.