Effective Date: March 20, 2026
At Significant Stories, we take your privacy seriously. This Privacy Policy explains how Significant Stories LLC ("we," "us," or "our") collects, uses, and protects your information when you use our website and services (the "Service").
Our Privacy Commitment
We believe in a privacy-first approach:
- Nothing is sold. Ever. We do not sell your personal information to third parties.
- Nothing is shared with any other party. Your data stays with us.
- You can delete your account anytime. When you do, your data is permanently removed.
1. Information We Collect
Information You Provide
When you create an account:
- Email address - Your email is how you sign in and how we identify your account, so we store it for as long as your account exists. It is stored encrypted (see "Data Storage and Security" below). We use it to send your sign-in codes and, only if you opt in, content announcements.
We do not require passwords. We use passwordless authentication — we email you a one-time sign-in code — for your security and convenience.
Information Collected Automatically
When you use the Service, we automatically collect:
- Reading activity - Which stories you read and your reading progress (for logged-in users only)
- Anonymous usage data - Page views and basic interaction data, collected without identifying you personally
What We Do NOT Collect
- We do not use third-party tracking cookies
- We do not use advertising or marketing trackers
- We do not collect or store payment card information — all payment processing is handled by Stripe, our payment processor
- We do not collect precise location data
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Remember your reading progress across devices
- Send you announcements about new content (only if you opt in)
- Improve the Service based on aggregate usage patterns
- Respond to your questions or requests
3. Our Privacy-First Analytics
We use a privacy-preserving approach to understanding how our Service is used:
- Server-side only - All analytics are processed on our servers, not through third-party tracking scripts
- No cookies for tracking - We only use strictly necessary cookies for authentication
- Hashed identifiers - We use cryptographic techniques to analyze patterns without identifying individuals
- Weekly rotation - Anonymous identifiers for non-logged-in users reset weekly
4. Data Storage and Security
Your data is stored securely using Google Cloud services in the United States. We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit - All connections use HTTPS.
- Encryption of your email at rest - Your email address is encrypted before it is stored, using a key managed by Google Cloud Key Management Service that is held separately from the stored data. To let you sign in and to prevent duplicate accounts, we also store a one-way cryptographic fingerprint (a keyed hash) of your email that lets us match it without decrypting it.
- Secure passwordless authentication - We never store passwords; sign-in is by emailed one-time code.
- Access controls and monitoring
5. Data Retention
- Account data - Retained while your account is active
- Reading history - Retained while your account is active
- Anonymous analytics - Retained for up to one year, then automatically deleted
6. Your Rights and Choices
All Users
- Access - View your reading history in your account
- Deletion - Delete your account and all associated data at any time
- Opt out of communications - Manage announcement preferences in your account settings
- Site Memory - Control whether your reading activity is tracked. Toggle this setting on your Account page. When disabled, your historical analytics data becomes permanently unlinked from your account through cryptographic techniques.
European Users (GDPR)
If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:
- Right of access - Request a copy of your personal data
- Right to rectification - Request correction of inaccurate data
- Right to erasure - Request deletion of your data (available via account deletion)
- Right to data portability - Request your data in a portable format. We are developing automated data export functionality; in the meantime, contact us if you need your data exported.
- Right to object - Object to certain processing of your data
Our legal basis for processing your data is your consent (for account creation) and legitimate interests (for service improvement).
California Users (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act:
- Right to know - What personal information we collect and how we use it
- Right to delete - Request deletion of your personal information
- Right to non-discrimination - We will not discriminate against you for exercising your rights
We do not sell personal information as defined by the CCPA.
7. Children's Privacy (COPPA)
The Service is not intended for children under 13. In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.
8. Third-Party Services
We use the following third-party services:
- Google Cloud - For hosting and infrastructure. Account sign-in is handled by our own system; your email address is stored encrypted and is not shared with third parties for authentication.
- Postmark - For sending emails (sign-in codes, announcements)
- Stripe - Our payment processor for membership purchases and donations. Stripe collects payment information (card details, billing address) directly — we never see or store this data. See our Purchase Policy and Stripe's Privacy Policy for details.
These services have their own privacy policies and are bound by data processing agreements with us.
How We Handle Your Sign-In
We use passwordless authentication for your security and convenience:
- No passwords - To sign in, you enter your email and we send you a one-time code. There is no password to store, leak, or reuse.
- Your email, encrypted - Because your email identifies your account, we store it (encrypted) for as long as your account exists. Deleting your account removes it. Announcement preferences control whether we email you, not whether your email is stored.
9. International Data Transfers
Your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. We encourage you to review this policy periodically.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us at:
Significant Stories LLC
Email: help@significantstories.com