Privacy Policy

Last Updated: March 3, 2026

StoryTrail ("we," "our," or "us") is committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Personal Information

We collect information that you provide directly to us:

• Account Information: Email address and password for account creation
• Child Information: First name and age (we do NOT collect last names, photos of children, or precise birthdates)
• Trail Information: Trail names, locations, and interests you provide for story generation
• Payment Information: Processed securely through Stripe (we do not store full payment card details)

Automatically Collected Information

• Usage Data: How you interact with our service, pages visited, features used
• Device Information: IP address, browser type, operating system
• Cookies: Session cookies for authentication and analytics

Photos and User-Generated Content

• Photos uploaded during trail adventures for nature identification challenges
• AI-generated feedback and transformed comic-style images
• All photos are stored securely and never shared publicly

2. How We Use Your Information

We use the collected information to:

• Provide the Service: Generate personalized adventure stories using AI
• Improve the Experience: Analyze usage patterns to enhance features
• Account Management: Authenticate users and manage subscriptions
• Customer Support: Respond to inquiries and provide assistance
• Safety: Ensure age-appropriate content and safe experiences
• Legal Compliance: Meet regulatory obligations and prevent fraud

3. Children's Privacy (COPPA Compliance)

StoryTrail is designed for families with children ages 4-12. We are committed to complying with the Children's Online Privacy Protection Act (COPPA):

• We do NOT collect children's email addresses, full names, addresses, phone numbers, or photos of children
• We collect only first names and ages to personalize stories
• Parental consent is required: Parents create accounts and control all data
• Parents can review, delete, or request their child's information at any time by contacting us
• We do NOT display advertising or allow third-party tracking targeted at children

4. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data only in these limited circumstances:

• Service Providers: OpenAI (story generation), Cloudflare R2 (photo storage), Stripe (payment processing) - all under strict data protection agreements
• Legal Requirements: If required by law or to protect rights and safety
• Business Transfers: In the event of a merger or acquisition (users will be notified)

5. Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data transmission
• Secure password hashing (bcrypt)
• Regular security audits and updates
• Restricted access to personal data

However, no system is 100% secure. We encourage using strong passwords and logging out after use.

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of your data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data (subject to legal retention requirements)
• Opt-Out: Disable analytics cookies (though some cookies are essential for functionality)

To exercise these rights, contact us at storytrail@polsia.app.

7. Data Retention

We retain your data only as long as necessary:

• Active accounts: Data retained while account is active
• Deleted accounts: Data deleted within 30 days (except as required by law)
• Stories and photos: Deleted upon account deletion

8. Third-Party Links

Our service may contain links to third-party websites (e.g., payment processors). We are not responsible for the privacy practices of these sites. Please review their privacy policies.

9. International Users

StoryTrail is operated in the United States. If you are located outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our website. Continued use after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: storytrail@polsia.app
• Mail: StoryTrail, c/o Polsia Inc.