Privacy Policy
StoryPass is designed with privacy as a core principle. We generate passwords - we don't store them.
Quick Summary
- Passwords are generated client-side and never transmitted to our servers
- We don't track what passwords you generate
- We don't store your generated passwords
- We collect minimal data only to operate the service
1. Information We Collect
1.1 Information We Do NOT Collect
| Data Type | Collected? | Notes |
|---|---|---|
| Generated passwords | No | Generated in your browser, never sent to us |
| Password components | No | Character, action, place selections stay local |
| Your identity | No | Free tier requires no registration |
| Browsing history | No | No tracking pixels or behavioral analytics |
1.2 Information We Do Collect
Anonymous Usage Statistics (Optional)
| Data | Purpose | Retention |
|---|---|---|
| Generation count | Aggregate statistics only | Indefinite (anonymized) |
| Entropy level | Service improvement | Indefinite (anonymized) |
| Timestamp | Usage patterns | 90 days |
Account Information (Paid Users Only)
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account management, support | Until account deletion |
| Payment info | Billing (processed by Stripe) | Per Stripe's policy |
| Subscription status | Service access | Until account deletion |
Technical Information
| Data | Purpose | Retention |
|---|---|---|
| IP address | Rate limiting, security | 7 days (logs) |
| Browser/device type | Compatibility | Session only |
| Error logs | Debugging | 30 days |
2. How We Use Your Information
2.1 Primary Uses
- Operate the Service: Generate passwords, manage accounts
- Improve the Product: Analyze aggregate usage patterns
- Provide Support: Respond to inquiries and issues
- Security: Prevent abuse, rate limiting, fraud detection
2.2 We Do NOT Use Your Information To
- Track your browsing behavior across the web
- Build advertising profiles
- Sell data to third parties
- Target you with personalized ads
3. Password Security
3.1 How Password Generation Works
- Your browser requests random components from our API
- Components are selected randomly server-side
- Password is assembled in your browser
- We NEVER see the assembled password
3.2 What Gets Logged
Logged: "User requested 1 password at 2025-11-26 10:30 UTC"
NOT Logged: "Batman is dancing in the library"
3.3 Technical Safeguards
- HTTPS encryption for all connections
- No password data in server logs
- Rate limiting to prevent abuse
- Regular security audits
4. Data Sharing
4.1 We Share Data With
| Recipient | Data Shared | Purpose |
|---|---|---|
| Stripe | Payment info | Process subscriptions |
| Cloudflare | IP addresses | CDN, DDoS protection |
| Supabase | Account data | Database hosting |
4.2 We Do NOT Share
- Generated passwords (we don't have them)
- Personal data with advertisers
- User lists with third parties
4.3 Legal Requirements
We may disclose information if required by law, court order, or to protect our rights and users' safety.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Anonymous usage stats | Indefinite |
| Server logs (IP, errors) | 7-30 days |
| Account data | Until deletion requested |
| Payment records | 7 years (legal requirement) |
6. Your Rights
6.1 All Users
- Access: Request what data we have about you
- Deletion: Request deletion of your data
- Portability: Export your account data
6.2 How to Exercise Rights
Contact: privacy@usestorypass.com
We respond to requests within 30 days.
6.3 GDPR (EU Users)
If you're in the EU, you have additional rights under GDPR:
- Right to rectification
- Right to restrict processing
- Right to object
- Right to lodge complaints with supervisory authorities
6.4 CCPA (California Users)
California residents have additional rights under CCPA:
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale (we don't sell data)
- Right to non-discrimination
7. Cookies and Tracking
7.1 Cookies We Use
| Cookie | Purpose | Duration |
|---|---|---|
| Session | Keep you logged in | Session |
| Preferences | Remember settings | 1 year |
7.2 Cookies We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking cookies
- Social media pixels
8. Children's Privacy
StoryPass is not intended for users under 13. We do not knowingly collect data from children.
9. International Transfers
Data may be processed in the United States. By using StoryPass, you consent to this transfer. We use appropriate safeguards (Standard Contractual Clauses) for international transfers.
10. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via:
- Email (for registered users)
- Notice on our website
11. Contact Us
12. Consent
By using StoryPass, you consent to this Privacy Policy.