StoryCycle Genie — Privacy Policy

Version: 1.0 Effective date: June 10, 2026 Contact: legal@storycycle.ai

1. Who we are

This Privacy Policy describes how StoryCycle Labs ("StoryCycle," "we," "us") collects, uses, and shares personal information when you use StoryCycle Genie (the "Service"), our AI-assisted brand-storytelling platform, and our websites.

If you use the Service through an organization (your employer or another account holder), that organization controls its account and the content within it; we process that data on its behalf as described here and in any Data Processing Agreement with that organization.

2. Information we collect

Account information. Name, email address, authentication identifiers (including OAuth profile data if you sign in with Google), organization/team membership, and role.

Customer content. The prompts, text, brand information, documents, and other material you submit to the Service, and the content the Service generates for you.

Billing information. Subscription tier and billing contact details. Payment card data is collected and processed directly by Stripe, our payment processor — we never store card numbers.

Usage and technical data. Log data, feature usage, device/browser type, IP address, and error diagnostics (collected via our error-monitoring tooling with personally identifying capture disabled by default).

3. How we use information

• To provide, operate, and secure the Service, including authentication, tenant isolation, and abuse prevention.
• To generate content you request: your prompts and supplied context are sent to third-party large language model (LLM) providers to produce the output you ask for (see section 4).
• To process payments and manage subscriptions.
• To monitor service health, diagnose errors, and improve the Service.
• To communicate with you about the Service (transactional and account messages).
• To comply with legal obligations.

We do not sell personal information, and we do not use your content to train our own or third parties' AI models.

4. AI processing — where your content goes

When you use AI features, your prompts and relevant context are transmitted through our LLM gateway (OpenRouter) to the model provider serving your request — which may include Anthropic, OpenAI, Google, Mistral, or others depending on the model used. This processing occurs solely to generate the output you requested. Our current list of providers is maintained in our Sub-processor List.

5. How we share information

We share personal information only with:

• Sub-processors that help us run the Service (hosting, database, authentication, payments, error monitoring, and LLM inference), listed in our Sub-processor List. Each is bound by terms requiring appropriate protection of your data.
• Your organization, if your account belongs to one (account owners and admins can see member activity within their account).
• Legal and safety recipients, where required by law, legal process, or to protect the rights, safety, or property of users, the public, or StoryCycle.
• A successor entity in connection with a merger, acquisition, or asset sale, with notice to you.

6. Data retention

• Account data and customer content: retained while your account is active. If your subscription ends, we retain your account and content so you can reactivate at any time with your data intact. Your data is retained until you request deletion; upon a verified deletion request, your account and content are deleted within 30 days.
• Inactive accounts (EU/UK users): if you are located in the European Union or United Kingdom and your account shows no activity for 24 consecutive months, we treat the account as abandoned and delete it along with its content. We will notify you by email before any such deletion so you can keep your account active or export your data.
• Billing records: retained as required by tax and accounting law.
• Logs and diagnostics: retained for up to 90 days.

You may request deletion of your account and content at any time (see section 8), and deletion requests are honored regardless of subscription status.

7. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, row-level tenant isolation in our database, role-based access controls, multi-factor authentication support, and application-layer encryption (AES-256) for stored credentials. No method of transmission or storage is completely secure; we encourage strong, unique passwords and enabling MFA.

8. Your rights and choices

Depending on your location, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact legal@storycycle.ai. We will respond within the timeframe required by applicable law. If you use the Service through an organization, we may direct your request to that organization, which controls its account data.

9. International transfers

We are based in the United States and process data there. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. Where applicable law requires a transfer mechanism for EU/UK personal data, we rely on Standard Contractual Clauses with our customers and sub-processors.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

11. Changes to this policy

We will post any changes to this page and update the effective date. For material changes, we will provide notice through the Service or by email.

12. Contact

StoryCycle Labs 1621 Central Ave Cheyenne, WY 82001 United States

legal@storycycle.ai