Privacy
Privacy policy.
This policy describes the personal data and workspace data StoryHQ processes to provide private workspaces, subscriptions, AI-assisted analysis, reports, notes, exports, messaging, support, and security.
Last updated 1 June 2026
01
Information we collect
StoryHQ collects account information such as name, email address, authentication provider, password state, workspace membership, role, company name where provided, and notification preferences.
StoryHQ stores workspace data including workspace names, projects, project metadata, uploaded materials, generated reports, development notes, draft comparisons, project Q chat, workspace messages, activity events, pinned projects, groups, and usage information.
StoryHQ processes billing identifiers and subscription state through Stripe. We do not store full card numbers in StoryHQ.
- Uploaded material may include scripts, treatments, outlines, books, articles, decks, notes, and other creative or business material.
- Operational data may include IP-derived rate-limit data, authentication events, audit events, storage paths, job status, model-call metadata, cost metadata, errors, and logs.
- Support and sales data may include contact form submissions, account-help requests, Studio enquiries, email correspondence, and any material you choose to provide in those requests.
02
How we use information
We use information to create and secure accounts, provide workspaces, process uploads, run extraction and analysis pipelines, generate reports and notes, compare drafts, answer project questions, manage billing, send transactional emails, provide support, improve reliability, and investigate abuse or security issues.
AI providers are used to process uploaded material, prompts, responses, and derived project context for the features the user requests. StoryHQ does not use your uploaded creative material in public marketing examples without permission, and does not sell workspace content.
05
Security
StoryHQ uses private workspaces, Supabase row-level security, private storage buckets, signed upload flows, server-side access checks, per-session second-factor gating, idle-session expiry, forensic watermarking for served PDFs, authentication controls, rate limiting, audit events, and security response headers.
No system can guarantee absolute security. StoryHQ is not zero-knowledge because the server-side AI pipeline must read uploaded material in order to analyze it.
06
Retention and deletion
Workspace owners can delete projects and related material. Account and workspace deletion controls are available in Settings where supported. Deletion may not immediately remove all copies from backups, logs, billing records, security records, or provider systems.
We retain operational records for reliability, security, billing, legal compliance, abuse prevention, and support. Retention periods may vary by data type and provider.
07
International processing
StoryHQ and its providers may process data in the United States, United Kingdom, European Union, and other locations where our providers operate. Subprocessors may transfer data internationally under their own compliance frameworks, data-processing terms, and contractual transfer mechanisms.
08
Your choices
You can update profile information, notification preferences, theme preference, security settings, and certain billing settings in the app. You may request help with account access or deletion through the account-help and support channels.
You can unsubscribe from optional product emails where supported. Transactional messages such as security, billing, invitation, authentication, and service emails may still be sent.
09
Children
StoryHQ is intended for professional users and is not directed to children. Users should not create accounts for children or upload children’s personal data unless they have appropriate authority and a lawful basis to do so.