Storytime App Inc. Privacy Policy

Effective Date: 07 April 2025

1. Introduction and Overview

Storytime App Inc. ("Storytime," "we," "us," or "our") operates a web and mobile platform that helps social-media creators collaborate with brands. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Storytime's services (the "Services"). By accessing or using our Services, you agree to the practices described here. If you do not agree, please discontinue use of the Services.

2. Scope and Definitions

2.1 Scope

This Privacy Policy applies to personal information we process in connection with your use of the Services, including our website, mobile application, and any other interactions you have with us that reference this policy.

2.2 Key Definitions

"Personal Information" means information that relates to, describes, or could reasonably be linked with an identifiable individual. It does not include aggregated or truly de–identified data.

"User," "You," or "Your" means any individual who accesses or uses our Services, including but not limited to creators, brands, or general visitors.

"Creator" means an individual or entity that connects an opts in a social media account to Storytime to share content and insights.

"Brand" means a company or advertiser that partners with Storytime to discover creators and manage campaigns.

"Service Providers" means third-party companies that process personal information on our behalf to support or provide the Services.

3. Information We Collect

Account Details

• Examples: Name, display name, profile image, email, phone number, password hash
• How we obtain it: Provided by you during sign-up

Social-Media Profile & Media

• Examples: Username, biography, follower/following counts, captions
• How we obtain it: Received when you connect your professional social-media account and grant access

Performance Insights

• Examples: Impressions, video views, aggregated demographic statistics
• How we obtain it: Retrieved with your consent to help you and your brand partners measure campaigns

Mentions & Tags

• Examples: Public posts in which a connected Brand is tagged or mentioned
• How we obtain it: Collected after the Brand connects its account and authorises tracking

Device & Usage Data

• Examples: IP address, browser type, device model, in-app actions, referral pages
• How we obtain it: Collected automatically for security and analytics

Location (optional)

• Examples: Precise GPS data to verify attendance at a venue
• How we obtain it: Collected only when you opt in via your device settings

Cookies & Similar Technologies

• Examples: Session cookies, analytics cookies, advertising identifiers
• How we obtain it: Set through our site or app; you control them via our banner or browser settings

We do not collect your private messages, follower lists, ad account credentials, or any data you have not explicitly authorised.

4. Why We Use Your Information

Operate and secure the Services – create and manage accounts, authenticate log-ins, prevent fraud, and enforce our terms.

Match creators with brands – build your creator profile so Brands can discover and invite you to campaigns.

Measure campaign performance – calculate and display aggregated insights (e.g., reach, impressions) to Creators and the sponsoring Brand.

Improve the Services – analyse usage trends and feedback to enhance features and user experience.

Comply with legal obligations – maintain records, respond to lawful requests, and complete required audits.

Our legal bases under the GDPR are: (i) your consent for connecting social-media accounts and optional location sharing; (ii) contractual necessity to deliver the marketplace; and (iii) our legitimate interests in securing and improving the Services.

5. How We Share Information

Brand partners

• Purpose: View campaign deliverables and aggregated performance metrics
• Safeguards: Brands see only data for campaigns they sponsor — no raw follower lists or private insights

Service Providers

• Purpose: Cloud hosting, payment processing, analytics, security testing
• Safeguards: Bound by confidentiality and data-processing agreements

Affiliates and Subsidiaries

• Purpose: Business operations and coordinated Services
• Safeguards: Contractual confidentiality obligations

Corporate Transactions

• Purpose: Merger, acquisition, or sale of assets
• Safeguards: Any successor will abide by this Privacy Policy

Law Enforcement / Regulators

• Purpose: Fulfil legal obligations, defend rights, or prevent harm
• Safeguards: Disclosed only when required by law

We do not sell or rent your personal information to third-party data brokers.

6. International Transfers

We are based in the United States. If you reside elsewhere, your information may be transferred to, stored, and processed in the U.S. or other jurisdictions. We use appropriate safeguards—such as Standard Contractual Clauses—to protect data subject to international privacy laws.

7. Cookies & Tracking Technologies

Necessary Cookies – essential for login and security.

Performance Cookies – help us understand how you use the Services.

Functionality Cookies – remember your preferences (language, theme).

Advertising Cookies – with your consent, deliver relevant offers.

You can accept or reject non-essential cookies via our banner or your browser/device settings. Rejecting cookies may limit certain features of the Services.

8. Data Retention

Social-media insights & campaign reports

• Retention Period: Deleted or anonymised 90 days after a campaign ends

Account and billing records

• Retention Period: Duration of active account plus up to 6 years for audit and tax compliance

Location snapshots

• Retention Period: Deleted within 24 hours after verification

Cookies

• Retention Period: Up to 13 months (or until you clear your browser cache)

When you disconnect your social-media account or request deletion, we promptly remove tokens and erase associated data no longer needed.

9. Security

We protect data in transit with TLS 1.2+ and at rest with AES-256 encryption. Access to production systems is restricted by role-based permissions and multi-factor authentication. We conduct regular vulnerability scans and annual penetration tests.

10. Your Choices and Rights

Access & Portability – request a copy of your personal data.

Correction – update or rectify inaccurate information.

Deletion – request erasure of your personal data, subject to legal exceptions.

Withdraw Consent – disconnect social-media accounts at any time in Storytime settings or via the social-media platform.

Opt-out of Marketing – unsubscribe via email links or contact us (see §13).

You may also have additional rights under your local laws (e.g., GDPR, CCPA, VCDPA). See §12 for more detail.

11. Direct Marketing Communications

We may send promotional emails or in-app messages about new features, offers, or events. Where required, we obtain your consent; elsewhere, we rely on legitimate interests, balanced with your right to opt-out at any time. To unsubscribe, click the link in any marketing email or update your preferences in your account settings.

12. Additional Privacy Rights

12.1 State and International Rights

Depending on your location, you may have the right to:

• Object to or restrict processing of your data.
• Opt-out of sale or sharing of personal information (e.g., CCPA/CPRA).
• Request correction under state laws (e.g., California, Colorado, Virginia).

12.2 Exercising Your Rights

To exercise any rights, please email us at [email protected]. We'll verify your identity before fulfilling requests and aim to respond within 45 days, notifying you of any extension.

13. Complaints and Contact

Complaints: If you have concerns about our privacy practices, please contact us at [email protected]. We will acknowledge receipt, investigate, and respond within 30 days. If unresolved, you may contact your local data protection authority.

General Inquiries:

• Email: [email protected]

14. Children

The Services are for users 18 years or older. We do not knowingly collect personal information from children under 18. If you believe we have done so, please contact us for prompt deletion.

15. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes affecting your rights will be notified via email or in-app notice at least 30 days before taking effect. The "Effective Date" at the top reflects the latest version.