Privacy Policy
Last updated: 2026-04-10
Plain-language summary (not a substitute for the full policy)
- We collect only what we need to deliver courses, support, and keep the platform secure.
- We use your data to run your account, respond to requests, and improve performance and reliability.
- You can ask for access, correction, deletion, or a copy of your data, depending on your local laws.
- We keep data only as long as needed for the reasons described below.
- Questions? Email [email protected].
1. Controller and contact
Controller: StoryCraft
Email: [email protected]
Support phone: +1 (415) 603-2749
We handle privacy requests via email. Please include enough information for us to verify your identity and locate your account (for example, the email address you used to register).
2. Data we collect
We may collect the following categories of information, depending on how you use StoryCraft:
- Account identifiers: name (if provided), email address, password hash, account status.
- Course and product activity: enrollments, progress, lesson interactions, completion status, saved drafts and submissions you choose to create.
- Support communications: messages you send us and our replies, including attachments you provide.
- Device and technical logs: IP address, browser type, basic device information, timestamps, error reports, and security logs.
- Cookie and preference data: preferences such as theme selection and consent choices (where applicable).
We do not intentionally collect sensitive categories of personal data. If you include sensitive information in a free-text field, you acknowledge you are choosing to share it.
3. Purposes and legal bases
We use personal data for the following purposes. Legal bases depend on your location and applicable law (for example, GDPR/UK GDPR):
- Provide the service (contract/performance): create and manage accounts, deliver courses, and enable core features.
- Customer support (contract/legitimate interests): respond to inquiries, troubleshoot issues, and provide assistance.
- Security and fraud prevention (legitimate interests/legal obligation): protect accounts, detect abuse, and maintain system integrity.
- Service improvement and analytics (legitimate interests and/or consent where required): understand usage, performance, and reliability to improve user experience.
- Compliance (legal obligation): maintain records required by law and respond to lawful requests.
Where we rely on consent (for example, optional analytics in some jurisdictions), you can withdraw consent at any time through available controls or by contacting us.
4. Cookies and similar technologies
We use cookies and similar technologies to operate and protect the service, remember preferences, and (where enabled) measure performance.
- Strictly necessary: required for core functionality (for example, session integrity and security features).
- Preferences: store settings such as theme and language where applicable.
- Analytics (optional in some regions): help us understand how the site is used and improve it.
When required by law, we ask for consent before setting non-essential cookies. You can also manage cookies in your browser settings.
5. Sharing and disclosures
We may share information in the following scenarios:
- Service providers: vendors that help us host, deliver, secure, and support the service. They process data under our instructions and contractual safeguards.
- Legal and safety: where required by law, or to protect users, the public, and our rights (for example, investigating abuse).
- Business changes: in a merger, acquisition, financing, or sale of assets, information may be transferred subject to confidentiality protections.
We do not sell your personal information in the traditional sense. If your local law defines “sale” or “sharing” differently (for example, certain advertising uses), we will honor applicable opt-out rights.
6. Retention
We retain personal data only as long as necessary for the purposes described in this policy, including:
- maintaining your account and providing the service;
- complying with legal obligations;
- resolving disputes and enforcing agreements;
- maintaining security logs for a reasonable period to prevent and detect abuse.
When data is no longer needed, we delete or de-identify it, subject to technical and legal constraints.
7. Your rights
Depending on your jurisdiction, you may have rights such as:
- access to your personal data;
- correction (rectification) of inaccurate data;
- deletion (erasure), subject to exceptions;
- restriction or objection to certain processing;
- data portability;
- withdrawing consent (where processing is based on consent).
To make a request, contact us at [email protected]. We may need to verify your identity. If you believe your request was wrongly denied, you may have the right to lodge a complaint with a supervisory authority.
8. International transfers
Your information may be processed in countries other than where you live. When we transfer personal data internationally, we use appropriate safeguards such as standard contractual clauses or other lawful mechanisms, as required.
9. Children’s privacy
StoryCraft is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at [email protected] so we can take appropriate action.
10. Changes to this policy
We may update this policy from time to time. We will revise the “Last updated” date above, and we may provide additional notice where required by law.