Last updated: February 2026
When you create an account, we collect your email address, name (optional), and a hashed version of your password. We do not store your password in plain text.
When you use Story Foundry, we store your writing projects, outlines, entities, research notes, and other content you create within the application.
We use your information to:
Your data is stored in a PostgreSQL database. Sensitive information such as API keys is encrypted using AES-256-GCM. Sessions use secure HttpOnly cookies. We implement security headers including CSP, HSTS, and X-Frame-Options.
If you enable AI features, selected portions of your content may be sent to OpenAI for processing. This only happens when you explicitly request AI feedback or entity generation. We do not send your content to third parties without your action.
If you provide your own OpenAI API key, requests are made directly using your key.
Images you upload for entities or research notes are stored on the server. Uploaded images may be checked against content moderation systems to prevent illegal content. Images are subject to a 5 MB file size limit.
Payment processing is handled by Stripe. We do not store your credit card details. We only store your Stripe customer ID and subscription status.
You have the right to:
Your data is retained as long as your account is active. When you delete your account, all associated data is permanently deleted. Export files are retained for 24 hours after generation.
We may update this privacy policy from time to time. Continued use of Story Foundry after changes constitutes acceptance of the updated policy.