StoryDust ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We operate from Cambridge, United Kingdom, and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using StoryDust, you agree to the practices described in this policy.
Information We Collect
We collect only the minimum information necessary to deliver our service:
- •Parent email address — used for account authentication, story delivery, and service-related communications.
- •Child profile details — including your child's first name or nickname, age, favourite animal, favourite colour, interests, and personality traits you choose to provide for story personalisation.
- •Account and subscription data — including subscription status and billing information processed securely by Stripe.
How We Use AI to Generate Stories
StoryDust uses artificial intelligence to generate personalised bedtime stories. When a story is created for your child, we send the child's nickname and preferences (e.g. favourite animal, favourite colour, interests) to our AI provider to craft a unique story.
We do not use your personal data to train AI models. The information shared with the AI is limited to what is necessary for story generation and is handled in accordance with our AI provider's data processing policies. No identifying information beyond the child's first name or nickname is included in AI prompts.
Data Storage and Security
Your data is stored on secure cloud database infrastructure (Supabase). We employ industry-standard security measures including encryption in transit (TLS/SSL) and encryption at rest to protect your information. Access to your data is strictly limited to authorised personnel who need it to operate and improve the service.
Data Sharing
We do not sell or share your personal data with third parties for marketing purposes.
We may share limited information with the following service providers solely to operate our service: our database provider (Supabase), our AI provider for story generation, our email delivery provider (Resend or similar), and our payment processor (Stripe). Each of these providers is contractually obligated to protect your data and use it only for the purposes we specify.
Children's Privacy
StoryDust is designed to be used by parents and legal guardians. Children do not create accounts and do not interact directly with our service.
All StoryDust accounts are created and held by parents or legal guardians. A parent or guardian provides any child-related information (such as a nickname, age, and story preferences) on behalf of their child. We do not knowingly collect personal information directly from children.
If we learn that we have inadvertently collected personal information from a child without verified parental consent, we will take steps to delete that information promptly. We process child-related data in line with the UK GDPR and the ICO's Age Appropriate Design Code.
Cookies and Analytics
We use cookies and similar technologies for the following purposes:
- •Essential cookies — required for authentication, session management, and core service functionality.
- •Analytics — we may use privacy-friendly analytics to understand how our service is used so we can improve it. We do not use analytics data for advertising.
We do not use third-party advertising cookies or tracking pixels. You can manage cookie preferences through your browser settings.
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our services. If you cancel your subscription, your account data is retained for up to 90 days in case you choose to reactivate, after which it is scheduled for permanent deletion.
Generated stories associated with your account are retained while your subscription is active. After account deletion, story data is purged within the same 90-day window. We may retain certain anonymised, aggregated data for service improvement purposes that cannot be traced back to any individual.
Your UK GDPR Rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- •The right to be informed about how we use your data
- •The right of access to a copy of the data we hold about you
- •The right to rectification of inaccurate or incomplete data
- •The right to erasure ("the right to be forgotten")
- •The right to restrict processing
- •The right to data portability — export your data in a portable format
- •The right to object to processing
- •The right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk
Data Deletion
You may request access, correction, deletion, or export of your data at any time. As a parent or guardian, you may:
- •Review the personal data we have collected
- •Request correction of inaccurate data
- •Request a portable export of your account data
- •Request complete deletion of your account and all associated data
To exercise any of these rights, please email us at humblewoods99@gmail.com. We will respond to all requests within 30 days, as required by UK GDPR.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by sending an email to the address associated with your account or by placing a prominent notice on our website. Your continued use of StoryDust after such changes constitutes your acceptance of the revised policy.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: