Legal

Effective Date: January 1, 2026

At Significant Stories, we take your privacy seriously. This Privacy Policy explains how Significant Stories LLC ("we," "us," or "our") collects, uses, and protects your information when you use our website and services (the "Service").

Our Privacy Commitment

We believe in a privacy-first approach:

• Nothing is sold. Ever. We do not sell your personal information to third parties.
• Nothing is shared with any other party. Your data stays with us.
• You can delete your account anytime. When you do, your data is permanently removed.

1. Information We Collect

Information You Provide

When you create an account:

• Email address - Used for sign-in links. Only retained if you opt into announcements (can be disabled anytime from your Account page).
• Phone number - Used only for SMS verification during sign-in. We do not store your phone number.

We do not require passwords. We use passwordless authentication (email links or SMS codes) for your security and convenience.

Information Collected Automatically

When you use the Service, we automatically collect:

• Reading activity - Which stories you read and your reading progress (for logged-in users only)
• Anonymous usage data - Page views and basic interaction data, collected without identifying you personally

What We Do NOT Collect

• We do not use third-party tracking cookies
• We do not use advertising or marketing trackers
• We do not collect payment information (we currently do not process payments)
• We do not collect precise location data

2. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Remember your reading progress across devices
• Send you announcements about new content (only if you opt in)
• Improve the Service based on aggregate usage patterns
• Respond to your questions or requests

3. Our Privacy-First Analytics

We use a privacy-preserving approach to understanding how our Service is used:

• Server-side only - All analytics are processed on our servers, not through third-party tracking scripts
• No cookies for tracking - We only use strictly necessary cookies for authentication
• Hashed identifiers - We use cryptographic techniques to analyze patterns without identifying individuals
• Weekly rotation - Anonymous identifiers for non-logged-in users reset weekly

4. Data Storage and Security

Your data is stored securely using Google Cloud services in the United States. We implement appropriate technical and organizational measures to protect your information, including:

• Encryption in transit (HTTPS)
• Secure authentication methods
• Access controls and monitoring

5. Data Retention

• Account data - Retained while your account is active
• Reading history - Retained while your account is active
• Anonymous analytics - Retained for up to one year, then automatically deleted

6. Your Rights and Choices

All Users

• Access - View your reading history in your account
• Deletion - Delete your account and all associated data at any time
• Opt out of communications - Manage announcement preferences in your account settings

European Users (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation:

• Right of access - Request a copy of your personal data
• Right to rectification - Request correction of inaccurate data
• Right to erasure - Request deletion of your data (available via account deletion)
• Right to data portability - Request your data in a portable format
• Right to object - Object to certain processing of your data

Our legal basis for processing your data is your consent (for account creation) and legitimate interests (for service improvement).

California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

• Right to know - What personal information we collect and how we use it
• Right to delete - Request deletion of your personal information
• Right to non-discrimination - We will not discriminate against you for exercising your rights

We do not sell personal information as defined by the CCPA.

7. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.

8. Third-Party Services

We use the following third-party services:

• Google Cloud - For hosting and infrastructure
• Firebase Authentication - For secure, passwordless account access via email link or phone SMS
• Postmark - For sending emails (sign-in links, announcements)

These services have their own privacy policies and are bound by data processing agreements with us.

How We Handle Your Login Credentials

We use passwordless authentication for your security and convenience:

• Phone numbers - Used only for SMS verification during sign-in. We do not store your phone number.
• Email addresses - Used for sign-in links. Your email is only retained if you opt into announcements. You can disable announcements anytime from your Account page, which will immediately remove your email address from our records.

9. International Data Transfers

Your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us at:

Significant Stories LLC
Email: help@significantstories.com