StoryRoleAI

Privacy Policy

Effective Date: 16 April 2026

This document is provided in English only. In the event of any inconsistency between the English version and any translated version, the English version shall prevail.

This Privacy Policy explains how StoryRole AI Limited ("Company", "we", "us", or "our"), a company incorporated in Hong Kong, collects, uses, discloses, and protects your personal data when you use the StoryRoleAI platform ("Platform"). We are committed to handling your personal data responsibly and in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong and other applicable data protection laws.

1. Data Controller

StoryRole AI Limited is the data controller for personal data processed through the Platform. For any data protection inquiries, contact us at legal@storyrole.ai.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, display name, and password (hashed) when you register.
  • Profile information: optional display name and preferences you set in your account.
  • Content: text prompts, character descriptions, conversation messages, and other input you provide while using the Platform.
  • Payment information: billing details processed by our payment provider, Stripe. We do not store your full credit card number on our servers.
  • Communications: information you provide when you contact our support team.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, timestamps, and interaction patterns.
  • Device information: browser type, operating system, screen resolution, and language preference.
  • Log data: IP address, referral URL, and access times.
  • Cookies and similar technologies: see Section 8 below.

2.3 Information from Third Parties

  • Authentication providers: if you sign in via a third-party provider (e.g., Google), we receive your email address and basic profile information as authorised by you.
  • Payment provider: Stripe provides us with subscription status, billing events, and transaction identifiers. We do not receive or store your full card number.

2.4 Fraud Prevention Data

To prevent abuse of our free trial programme and protect the integrity of the Platform, we receive limited payment method metadata from Stripe, including a tokenised card identifier (card fingerprint), card type, and funding category (e.g., credit, debit, or prepaid). This data is used solely to verify trial eligibility and enforce our one-trial-per-person policy. Card fingerprints are cryptographic tokens generated by Stripe — they cannot be used to recover your card number.

2.5 Content Generated Through the Platform

When you use the Platform, AI models generate content in response to your input, such as text and images. This generated content is stored in association with your account.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Provide and operate the Platform: process your prompts, generate AI content, manage your projects and characters, and deliver the core service.
  • Account management: create and maintain your account, authenticate access, and manage subscriptions.
  • Billing: process payments, issue receipts, and manage subscription lifecycle.
  • Service improvement: analyse usage patterns, inputs, and generated content to improve features, develop new capabilities, fix bugs, and optimise the performance of our services.
  • Content moderation: enforce our Acceptable Use policy and detect prohibited content.
  • Fraud prevention: detect and prevent abuse of promotional offers, including verifying free trial eligibility using payment method identifiers.
  • Communication: send transactional emails (e.g., password reset, billing receipts) and, with your consent, promotional communications.
  • Legal compliance: comply with applicable laws, legal processes, and regulatory obligations.

4. Legal Basis for Processing

Where applicable data protection law requires a legal basis for processing, we rely on the following:

  • Contract performance: processing necessary to provide the Platform and fulfil our Terms of Service.
  • Legitimate interests: service improvement, security, and fraud prevention, balanced against your privacy rights.
  • Consent: where you have given explicit consent (e.g., marketing communications). You may withdraw consent at any time.
  • Legal obligation: processing necessary to comply with applicable laws.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service providers: third parties that help us operate the Platform, including but not limited to:
    • Supabase (database and authentication)
    • Vercel (web application hosting)
    • Railway (server infrastructure)
    • Stripe (payment processing)
    • DashScope / Alibaba Cloud (AI model inference, processed via their Singapore endpoint)
    We may engage additional service providers (such as cloud computing and GPU providers) from time to time to support our infrastructure and AI services. We select service providers that we believe maintain appropriate data protection standards, but we cannot guarantee the practices of third-party providers.
  • Legal requirements: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate data protection safeguards.
  • With your consent: in any other circumstance where you have given explicit consent.

6. International Data Transfers

Your data may be transferred to and processed in jurisdictions outside your country of residence, including but not limited to the United States and Singapore. We may also transfer data to other jurisdictions as we engage additional service providers. Where such transfers occur, we take reasonable steps to ensure your data is treated in accordance with applicable data protection laws.

7. Data Retention

  • Account data: retained for as long as your account is active, plus a reasonable period after deletion for legal and operational purposes.
  • Content: your projects, characters, conversations, and generated images are retained while your account is active. You may delete individual items at any time.
  • Usage and log data: retained for up to 12 months for analytics and security purposes.
  • Billing records: retained for the period required by applicable tax and financial regulations.

8. Cookies and Tracking Technologies

We use essential cookies to maintain your session and authentication state. We may also use analytics tools to understand how the Platform is used. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Platform from functioning correctly.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data, subject to legal retention requirements.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: request your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at legal@storyrole.ai. We will respond within the timeframe required by applicable law (typically 30 days).

10. AI Processing and Automated Decision-Making

The Platform uses AI models to generate text and images based on your input. This processing is a core part of the service you have requested. We do not use automated decision-making that produces legal or similarly significant effects on you without human involvement.

Prompts and conversation content may be sent to third-party AI model providers for processing. We take reasonable steps to select providers that maintain appropriate data handling practices. We may also use your inputs and generated content to improve and develop our services, as described in our Terms of Service.

11. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Row-level security at the database layer to isolate user data.
  • Secure authentication with hashed passwords and httpOnly cookies.
  • Access controls limiting data access to authorised personnel and systems.

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Children's Privacy

The Platform is not directed at children under 16 years of age (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at legal@storyrole.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days before they take effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised Privacy Policy. The "Effective Date" at the top indicates when the latest version became effective.

14. Complaints

If you believe we have not handled your personal data appropriately, you may lodge a complaint with us at legal@storyrole.ai. You may also have the right to lodge a complaint with a relevant supervisory authority in your jurisdiction, such as the Office of the Privacy Commissioner for Personal Data in Hong Kong.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

StoryRole AI Limited
Email: legal@storyrole.ai
Customer Support: support@storyrole.ai

Privacy Policy — StoryRoleAI | StoryRoleAI