Privacy
1 Introduction
StoryKeeper Ltd (“StoryKeeper,” “we,” “us,” “our”) explains here how we collect, use, disclose, and safeguard your personal data when you use our website and story‑creation platform (together, the “Services”).
In the UK / EU we act as the data controller under the UK GDPR and EU GDPR.
In Australia we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
In Canada we follow the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial laws.
In the United States we adhere to relevant federal and state privacy statutes (e.g., California Consumer Privacy Act (CCPA/CPRA) and comparable state acts).
Questions? Email contact@storykeeper.com.
2 What We Collect & Why
| Purpose | Personal Data | Source | Legal Basis / Lawful Ground* |
|---|---|---|---|
| Account set‑up & communication | Name, email, phone | You | Contract (UK/EU); Reasonable necessity for requested service (AU, CA, US) |
| Subscription purchase & delivery | Billing/shipping address, payment token | You & payment processor | Contract; Legal obligation for tax records |
| Creating Memory Books | Audio, video, photos, text you or collaborators upload (may include sensitive data you voluntarily reveal) | You & other Project Members | Contract; Consent for sensitive data |
| Support & feedback | Support tickets, survey responses | You | Legitimate interests (service improvement) |
| Marketing messages (opt‑in) | Email address | You | Consent |
| Usage analytics & cookies | IP address, device details, cookie/ pixel IDs, interaction logs | Automated | Legitimate interests (service performance & security); Consent for non‑essential cookies |
* “Legal Basis” wording reflects UK/EU law; analogous concepts of consent, contractual necessity or reasonable purposes apply in AU, CA & US jurisdictions.
We do not use your personal data or your story content to train generalized artificial intelligence or machine‑learning models (for example, large language models) for our own independent purposes or for third parties.
3 Cookies & Similar Tech
We use first‑ and third‑party cookies or pixels to (a) keep you signed in, (b) understand how the Services are used, and (c) show StoryKeeper ads elsewhere. You can adjust non‑essential cookies in the banner or your browser. See our full Cookie Policy for details.
4 How We Share Information
- Service providers – hosting, printing, shipping, payment, email, analytics, and similar vendors who help us provide the Services. They may only use personal data in line with our instructions and applicable law.
- Project Members – anything you contribute can be viewed by collaborators and anyone they share a Story link with.
- Legal or regulatory compliance – we may disclose data if required by law or to protect rights, safety, or property.
No sale of personal data or AI model training
We do not sell or rent your personal data or share it with data brokers. We do not provide your personal data to third parties so that they can market their own products or services to you based on your StoryKeeper activity.
We also do not use your stories, Memory Books, recordings, photos, or other personal data to train generalized AI or machine‑learning models for our own benefit or for third parties. Any service providers that process personal data on our behalf are contractually required not to use your personal data or content to train their own generalized AI models, except as strictly necessary to provide the services we have engaged them for.
5 International & Cross‑Border Transfers
We store data in the UK and the European Economic Area but may move it to or access it from the US, Canada, Australia or other locations where we or our service providers operate. In all cross‑border transfers we use recognised safeguards:
- UK/EU users – UK Addendum to the EU Standard Contractual Clauses or an adequacy decision.
- Australian & Canadian users – comparable contractual protections.
- US users – contracts requiring at least the same level of protection set out in this Policy.
6 Security
We employ industry‑standard TLS in transit, AES‑256 at rest, role‑based access controls, and routine penetration testing. No system is perfectly secure; please use strong, unique passwords.
7 Data Retention
Because StoryKeeper is designed to preserve life stories for the long term, we manage retention as follows:
- Story content and Memory Books
We generally retain your story content (including Memory Books, audio/video recordings, photos, transcripts, and associated metadata) indefinitely, for as long as:- Your account remains active; and
- You want us to store and preserve your stories.
- Account information and communications
We keep basic account information (such as your name, contact details, and records of communications with us) while your account is active. If you close your account or ask us to delete it, we will retain only the minimum necessary information we need for:- Legal, tax, and accounting obligations, and
- Handling complaints, disputes, or legal claims.
- Payment and transaction records
We retain payment and transaction data for as long as required by applicable tax and accounting laws (typically up to six years from your last relevant transaction, depending on jurisdiction). - Security, logs, and backups
We retain security logs and similar technical records for limited periods (generally not longer than is reasonably necessary for security, fraud‑prevention, and service integrity). Backups containing your data are kept for standard backup rotation periods only and are securely deleted or overwritten on schedule.
Where we no longer need personal data for any of the purposes set out above, we will either delete it or irreversibly anonymise it.
Your right to request deletion/erasure (see Section 8 – Your Privacy Rights) remains available at any time, subject to any legal obligations that require us to retain certain records.
8 Your Privacy Rights
| Region | Key Rights & How to Exercise Them |
|---|---|
| United Kingdom / EU | Access, rectification, erasure, restriction/objection, portability, withdraw consent. Email contact@storykeeper.com. You may complain to the ICO or your local supervisory authority. |
| Australia | Access and correction under APP 12 & 13; complain to us first, then the OAIC if unresolved. |
| Canada | Access, correction, withdrawal of consent, and complaint to the Office of the Privacy Commissioner of Canada (or a provincial commissioner). |
| United States | Where state laws grant (e.g., California) access, deletion, correction and opt‑out of “sale”/ “sharing,” email contact@storykeeper.com or use in‑product controls. We will not discriminate for exercising these rights. |
We will verify your identity (and, where permitted, an authorised agent) before fulfilling any rights request.
9 Children
The Services are not directed to children under 13 years (or the age defined by local law). If we learn we collected data from a child without verifiable parental consent, we will delete it promptly. Contact us if you believe this has occurred.
10 Do‑Not‑Track & Global Privacy Control
Beyond the cookie preferences described above, the Services do not currently respond to browser Do‑Not‑Track signals. For US residents in relevant states we respect Global Privacy Control (GPC) signals as a request to opt out of “sale”/“sharing.”
11 Changes to This Policy
We may update this Policy from time to time. Major changes will be emailed to account holders or clearly posted on our site. Continued use of the Services after the effective date constitutes acceptance.
12 Contact
Data Protection & Privacy Office
StoryKeeper Ltd
Email: contact@storykeeper.com
Cookie‑Type Summary
| Type | Example | Purpose |
|---|---|---|
| Necessary | SessionID | Core site operation & security |
| Functionality | Locale, font prefs | Remember user choices |
| Analytics | Google Analytics | Service improvement |
| Marketing | Meta & TikTok pixels | Relevant advertising |
