At Storyboom, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1Data Controller
Storyboom AI ("we", "us", "our") is the data controller responsible for your personal data. For any privacy-related questions or requests, contact us at:
Email:
info@storyboom.ai2What Data We Collect
We collect and process the following types of data:
Account Information
Name, email address, company name, and authentication credentials when you create an account.
Content Data
Stories, interviews, transcripts, and generated content you create using our platform.
Usage Data
Information about how you use our services, including features accessed, time spent, and interaction patterns.
Technical Data
IP address, browser type, device information, and cookies for platform functionality and security.
3How We Use Your Data
We process your personal data for the following purposes:
- •Service Delivery: To provide, maintain, and improve Storyboom's AI-powered storytelling platform
- •Account Management: To manage your account, authentication, and subscription
- •Communication: To send service updates, security alerts, and respond to your inquiries
- •Security & Fraud Prevention: To detect, prevent, and address security threats and unauthorized access
- •Legal Compliance: To comply with legal obligations and enforce our Terms & Conditions
Important: We do NOT use your data for advertising purposes or to train AI models for other customers. Your content remains yours.
4Legal Basis for Processing
Under GDPR, we process your data based on:
- Contract Performance: Processing necessary to provide our services to you
- Legitimate Interests: Improving our platform, security, and fraud prevention
- Legal Obligation: Compliance with applicable laws and regulations
- Consent: Where you have explicitly agreed (e.g., marketing communications)
5Data Storage & Security
Infrastructure & Location
All data is hosted on Google Cloud Platform (GCP) infrastructure with servers located in Germany and the European Union, ensuring GDPR compliance and data residency requirements.
Security Measures
- Encryption: AES-256 encryption at rest, TLS/SSL in transit
- Access Controls: Role-based access with least-privilege principle and multi-factor authentication
- Network Security: VPC isolation, firewall rules, and VPC Service Controls
- Monitoring: 24/7 security monitoring, audit logging, and incident response procedures
- Backup & Recovery: Regular automated backups with multi-region replication
Shared Responsibility Model
While GCP secures the infrastructure, Storyboom implements additional application-level security controls, access policies, and data handling procedures to protect your information.
6Data Sharing & Third Parties
We do not sell your personal data. We may share data with:
- Service Providers: Google Cloud Platform (hosting), Stripe/Airwallex (payments), authentication providers
- Integrations: Third-party services you choose to connect (Slack, Microsoft Teams, etc.)
- Legal Requirements: When required by law, court order, or to protect our rights
All third-party processors are contractually bound to GDPR-compliant data processing agreements.
7Your GDPR Rights
Under GDPR, you have the following rights:
Right to Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Restrict Processing
Limit how we use your data in certain circumstances
Right to Object
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent for processing at any time
To exercise any of these rights, contact us at info@storyboom.ai. We will respond within 30 days.
8Data Retention
We retain your data only as long as necessary for:
- Providing our services to you
- Complying with legal obligations (e.g., tax, accounting)
- Resolving disputes and enforcing agreements
When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.
9Cookies & Tracking
We use essential cookies for authentication and platform functionality. We do not use third-party advertising or tracking cookies.
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.
10Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.
11Children's Privacy
Storyboom is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.
12Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or platform notification. Continued use of Storyboom after changes constitutes acceptance.
13Supervisory Authority
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority or the supervisory authority in Germany where our data is hosted.
Contact Our Privacy Team
For any questions about this Privacy Policy, data protection, or to exercise your GDPR rights:
Email:
info@storyboom.ai
