Skip to main content

Privacy Policy

Last Updated: March 10, 2026

StoryPath LLC (“we,” “us,” or “our”) operates StoryPath (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Display name
  • Account type (family or professional)
  • Password (stored securely using industry-standard hashing — never in plaintext)

Child Profile Information

Families may create child profiles to personalize stories. Child profile information is provided solely by the parent or legal guardian and includes:

  • Child's first name
  • Birthday (optional, used for displaying age in stories)
  • Profile photo (optional, uploaded by the parent)

Important: Children do not create accounts or input data directly. All child information is provided and controlled by the parent or legal guardian.

Story Content

When you create stories, we collect:

  • Text captions and story content
  • Uploaded images (from your device camera or photo gallery)
  • Voice memo recordings
  • Story metadata (title, creation date, sharing status)

Usage Data

We collect basic usage patterns for app functionality (such as which features are used). We do not use third-party advertising trackers, behavioral analytics, or cross-app tracking.

Payment Information

Subscription payments are processed by our payment processors. We never receive, store, or have access to credit card numbers, bank account details, or other financial data. We receive only:

  • Subscription status (active, canceled, etc.)
  • Plan type
  • Billing dates

Web subscriptions are processed by Stripe. In-app purchases on iOS and Android are processed by Apple App Store and Google Play Store respectively, and managed via RevenueCat. Each processor's privacy policy governs their handling of your payment data.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the App
  • Personalize stories with your child's name and age
  • Enable sharing between families and professionals
  • Process subscription payments (via Stripe)
  • Send essential account notifications (password reset, subscription status changes)
  • Improve app functionality and fix bugs
  • Comply with legal obligations

We do NOT use your information for:

  • Advertising or behavioral profiling
  • Selling to third parties
  • Automated decision-making that affects you

3. Information Sharing

With Professionals

When a family explicitly shares a story with a connected professional (such as a speech-language pathologist, occupational therapist, or teacher), that professional can view the story content (text, images, voice recordings) and the child's first name. Professionals cannot access data beyond what is specifically shared with them.

With Families

When a professional shares a template with a connected family, the family receives the template content only.

Service Providers

We work with the following service providers:

  • Supabase: Database hosting, authentication, and file storage
  • Stripe: Web subscription payment processing
  • Apple App Store / Google Play Store: In-app purchase processing for iOS and Android
  • RevenueCat: In-app purchase management and subscription status tracking
  • Resend: Transactional email delivery (e.g., PIN recovery, billing notifications)

Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other legal process.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

We NEVER:

  • Sell personal information to third parties
  • Share data with advertisers
  • Provide data to data brokers

4. Data Retention

  • Account data: Retained until you delete your account
  • Story content: Retained until you delete individual stories or your account
  • Child profiles: Retained until you delete the profile or your account
  • Voice recordings: Stored in encrypted cloud storage, deleted when you remove them or delete your account
  • Payment records: Retained as required by law (typically 7 years for tax purposes) — managed by Stripe

When you delete your account, all personally identifiable data is removed from our systems within 30 days of the deletion request. Payment records retained by Stripe are subject to Stripe's retention policies and applicable tax law requirements.

5. Your Rights

You have the following rights regarding your data:

  • Access: You can view all data associated with your account within the App at any time.
  • Correction: You can edit your profile, child profiles, and story content at any time.
  • Deletion: You can delete individual stories, child profiles, or your entire account. Account deletion removes all associated data from our systems within 30 days.
  • Export: You can export your stories (feature availability may vary by subscription tier).
  • Opt-Out: You can opt out of non-essential communications at any time.

To exercise any of these rights, contact us at support@storypathapp.com.

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@storypathapp.com.

6. Children's Privacy

StoryPath is designed for parents, caregivers, and professionals to create social stories for children. The App is not directed at children, and we do not knowingly collect personal information directly from children under 13.

How Child Data Is Collected

Children do not create accounts, log in, or directly interact with account features. All child profile information (name, birthday, optional photo) is provided by the parent or legal guardian who creates and manages the account.

Parental Consent

By creating a child profile within the App, the parent or legal guardian consents to our collection and use of the limited child information described in this policy. This consent may be revoked at any time by deleting the child profile or contacting us.

Parental Rights

Parents can at any time:

  • Review all information associated with their child's profile
  • Modify or correct child profile information
  • Delete child profiles and all associated data
  • Revoke consent by deleting their account

What We Do NOT Do

  • Require children to disclose more information than is necessary to use the App
  • Share children's personal information with third parties for marketing purposes
  • Display behavioral advertising to children
  • Enable children to make their information publicly available
  • Use children's information for any purpose other than providing the App's services

Inadvertent Collection

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible. If you believe we have inadvertently collected such information, please contact us immediately at support@storypathapp.com.

7. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Encryption at Rest: Data stored in our database is encrypted at rest using Supabase/AWS infrastructure.
  • Optional PIN Protection: Uses AES-256-GCM encryption for optional app-level PIN protection.
  • Row-Level Security: Database-level security ensures users can only access their own data.
  • Secure Authentication: Authentication is handled by Supabase Auth with industry-standard password hashing (bcrypt).
  • Access Controls: We follow the principle of least privilege for system access.

While we implement these security measures, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and protect your device.

8. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: support@storypathapp.com
  • Mailing Address: StoryPath LLC, 800 Pontiac Lane, Chanhassen, MN 55317

We aim to respond to privacy inquiries within 30 days.

For COPPA-related inquiries, please email us at support@storypathapp.com with “COPPA Inquiry” in the subject line.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

If we make material changes, we will notify you by posting a notice in the App or sending an email to the address associated with your account.

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

Previous versions of this Privacy Policy are available upon request.

10. Governing Law

This Privacy Policy is governed by the laws of the State of Minnesota, United States, without regard to its conflict of law principles.

© 2026 StoryPath LLC. All rights reserved.