Privacy Policy

Last Updated: February 21, 2023

1. ABOUT THIS PRIVACY POLICY

Your privacy is important to StoryFit Inc. (referred to in this Privacy Policy as “we”, “us” or “our”). This Privacy Policy (or this “Policy”) describes how we collect, use and share personal information in connection with:

  • Our website and mobile service, including https://storyfit.com and its subdomains (collectively, the “Site”);
  • Our communications with employees, clients or representatives of our organizational clients (i.e., the individuals and organizations to whom we provide services);
  • Our marketing communications;
  • Any online activities owned, operated, provided or made available by us; and
  • Any other contexts, including events or other offline activities, where we may post, link to or otherwise direct attention to this Policy.

Collectively, we refer to our Site, communications, online and offline activities, services and operations as the “Services.”

While reviewing this Policy, here are a few important things to keep in mind:

  • “Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact or locate you, such as: name, address, e-mail address or phone number. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
  • In some cases, we may provide a different privacy policy for a particular Service or in a different context. In the event of any conflict between privacy policies, the portions of the privacy policy that are specifically provided for that Service or in that context that conflict with this Privacy Policy shall apply.
  • This Privacy Policy does not apply to Personal Information that you disclose publicly, share with others or otherwise upload, that we handle on your behalf in providing the Services to you.
PLEASE REVIEW THE FOLLOWING CAREFULLY SO THAT YOU UNDERSTAND OUR PRIVACY PRACTICES.

If you do not agree with our policies and practices, your choice is not to use our Site. By accessing, downloading, registering with or using the Site, you agree to this Policy. This Policy may change from time to time. Your continued use of the Site after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

Please note that refusal to provide Personal Information may result in our inability to provide the Services to you, to manage our relationship with you or to improve the Services. In addition, please review our Terms of Use, which may apply to your use of our Site. This Privacy Policy is incorporated by reference into the applicable Terms of Use.

All data is stored in the U.S. and subject to U.S. laws but depending on the law applicable to you, you may benefit from additional specific rights. We provide important information for residents of California in the Notices to Residents of California, US section and for residents of Europe in the Notices to Residents of Europe (including Switzerland and UK) section.

 

2. PERSONAL INFORMATION WE COLLECT

We generally collect information from the following sources: provided to us directly by you, collected through automated technologies or collected from a third party.

Information you provide to us. Personal Information that we collect directly from you through the Services or otherwise may include:

  • Contact data, such as first and last name, e-mail and mailing addresses, phone number(s), professional title and company name.
  • Registration data, such as the information provided to register for Services that we offer, which may include a name, phone number(s), e-mail address, password or other access credentials, billing address and credit card information. You may also provide other optional information.
  • Communications, such as information provided when you interact with other users or contact us with questions, feedback or otherwise correspond with us.
  • User Contributions, such as text, information about you or your work, manuscripts, chapters, outlines, other samples of your work, usernames, graphics, images, photographs, profiles, audio, video, items and links (collectively, the “Submissions”) you may choose to provide when using the Services.
  • Payment data, such as your credit card number, expiration date and security code, or information regarding your PayPal, Google Wallet or other digital payment accounts provided to our third-party payment processor. Information about your payment accounts is not held by us. We use a third-party payment processor to handle all payments made through the Services.

Information we collect automatically. We and our third-party service providers may use a variety of technologies that automatically (or passively) collects certain information whenever you visit or interact with the Services (“Usage Information”). This Usage Information may include:

    • Device data, such as IP address, browser type, the URL that referred you to our Services, all the areas with our Services that you visit, the time of day or other unique identifier (“Device Identifier”) for your computer, mobile or other device used to access the Services (any, a “Device”). A Device Identifier is a number that is automatically assigned to your Device, and our computers identify your Device by its Device Identifier.
  • Online activity and usage data, such as information about use of and actions on the Site or within the Services, including pages or screens viewed, time spent on a page or screen, navigation paths between pages or screens, access times, length of access and other information about online activity while using the Services.
  • E-mail open and click data, such as IP address and other information about people who open marketing e-mails from us or click on any links provided in our marketing e-mail.

Information from third parties.
We may, from time to time, supplement the information we collect about you through the Services with Personal Information about you from other sources, such as:

  • Publicly available sources, including social media platforms;
  • Information services; and
  • Business partners, such as joint marketing partners.

A few of the methods that may be used to collect Usage Information include, without limitation, the following (and subsequent technology and methods hereafter developed):

Cookies.
We, our service providers and third-party partners may use cookies and similar technologies to collect information via the Services. Cookies are small data files stored directly on a computer or device that can collect information via the information described above. Cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our Site. Cookies work by assigning a number to you that has no meaning outside of the assigning website. If you choose to disable cookies on your Device, some features of the Services may not function properly or may not be able to customize the delivery of information to you. You should be aware that we cannot control the use of cookies (or the resulting information) by third parties, and use of third-party cookies is not covered by our Privacy Policy. Some content or applications, including advertisements, on the Site are served by third parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you use the Site. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

Web Beacons.
Small graphic images or other web programming code called web beacons (also known as pixel tags and clear GIFs) may be included in our Site and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track your online movements. In contrast to cookies, which are stored in your computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count users of the Services and track the actions of users of the Services (including e-mail recipients). We do not tie the information gathered by web beacons to your Personal Information.

Embedded Scripts.
An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Services and is deactivated or deleted thereafter.

We may combine the information we receive from those sources with information we collect through the Services. In those cases, we will apply this Privacy Policy to any Personal Information received, unless we have disclosed otherwise.

Information from you about a third party.
If you choose to use our referral service to tell a friend, relative or someone you know about our Services (a “Referred Person”), we will ask you to provide the Referred Person’s name and e-mail address. We will automatically send the Referred Person a one-time e-mail inviting them to visit the Services. We may also send a follow-up e-mail or e-mails, at our discretion. If a Referred Person no longer wants to receive communications from us, they can e-mail info@storyfit.com with their request and we will discontinue further communications. We store this information for the sole purpose of sending this one-time e-mail and tracking the success of our referral program, and do not use this information for any other marketing purpose unless we obtain consent from that person. Please be aware that when you use this functionality through our Services, your e-mail address may be included in the communication sent to your friend.

Social Media.
We maintain pages or accounts on social media platforms, such as Instagram, Facebook, Twitter and LinkedIn. We collect aggregated data from people who interact with us through social media platforms if they choose to share personal information, such as an account name or contact information. In addition, companies that provide social media platforms may provide us with analytics and aggregated data about our presence on those platforms.

 

3. HOW WE USE COLLECTED INFORMATION

Our primary goal in collecting your Personal information or Usage Information is to provide the Services to you, as well as to provide you with an enhanced experience when using them. We use Personal Information for the following purposes, or as otherwise described in this Privacy Policy or at the time of collection:

Service delivery and business operations.
We use your Personal Information or Usage Information that we collect about you for the purposes of providing the Services, and:

  • To provide, operate and improve the Services;
  • To communicate with you about the Services, including by sending announcements, updates, security alerts and support and administrative messages;
  • To communicate with representatives of our clients and other individuals in connection with providing Services;
  • To respond to individuals’ requests, questions and feedback;
  • To perform other internal business operations;
  • To carry out our legal obligations and enforce our rights, including for billing and collection; and
  • In any other way we may describe when you provide such information.

Research and development.
We may use Personal Information to analyze and improve the Services and our business and operations, such as including Personal Information in our data analytics.

Marketing.
We may send announcements about us, information about online or mobile entry sweepstakes or other promotions and other marketing communications as permitted by law. We may also use Usage Information to enhance our ability to serve you, to tailor our content to you and to offer you incentives and opportunities to purchase products or services that we believe may be of interest to you.

To comply with law.
We may use and share Personal Information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government officials.

For compliance, fraud prevention and safety.
We may use Personal Information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the terms and conditions that govern the Services; and (iv) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With consent.
In some cases, we may specifically ask for consent to collect, use or share Personal Information, such as when required by law.

To create anonymous data.
We may create aggregated, de-identified or other anonymous data from any Personal Information we collect. We make Personal Information into anonymous data by removing information that makes the data personally identifiable to any specific person. We may use this anonymous data and share it to third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

4. HOW WE SHARE COLLECTED INFORMATION

We do not sell, share, rent or trade the information we have collected about you, including Personal Information, with third parties without consent, except in the following circumstances or as described elsewhere in this Policy.

Service providers.
We may share Personal Information with third-party companies and individuals that provide services on our behalf or help us operate the Services or our business (such as IT, hosting, designing or operating the Services’ features, tracking the Services’ analytics, processing payments, human resource services, email delivery, marketing, event management or other administrative services). Our service providers are obligated to protect the confidentiality of Personal Information and are only permitted to use the Personal Information to provide services to us. Please note that while we do not share Personal Information with analytics service providers, they may set and access their own cookies, web beacons and embedded scripts on your Device, and they may otherwise collect or have access to information about you, including non-personally identifiable information.

User Generated Content.
The Services may offer publicly accessible blogs or community forums, or other ways to permit you to make Submissions publicly. We or others may reproduce, publish, distribute or otherwise use Submissions online or offline in any media or format (currently existing or hereafter developed) that you post in the publicly accessible areas of the Site. Others may have access to Submissions and may have the ability to share it with third parties across the Internet. You should be aware that any Submissions you provide in these areas may be read, collected and use by others who access them. Thus, please think carefully before deciding what information you share, including Personal Information, in connection with your Submissions. Please note that we do not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the accuracy, use or misuse of any content or information that you disclose or receive through the Services.

To request removal of your Submission from our Services, you may do so in your user account settings or you may contact us as directed by the How to Contact Us section. If you have questions about how to remove content in a specific service, or if you would like additional assistance with deletion, you may contact us as directed by the How to Contact Us. Although we offer deletion capability for our services, you should be aware that the removal of content may not ensure complete or comprehensive removal of that content or information posted through the services.

Social Media Features.
Our online and mobile Services may include social media features, such as the Facebook Like button, and widgets such as a “Share This” button, or interactive mini-programs that run on our online and mobile Services. These features may collect your IP address, which page you are visiting on our online or mobile Services and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our online Services. Your interactions with these features and widgets are governed by the privacy policy of the company providing them.

Professional advisors.
We may share Personal Information to professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.

To comply with law.
We may share Personal Information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention and safety.
We may share Personal Information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the Terms of Use that govern the Services (including by investigating potential violations thereof); and (iv) detect, prevent or otherwise address fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; or prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity. Further, we may use IP address or other Device Identifiers, to identify users, and may do so in cooperation with third parties, such as copyright owners, internet service providers, wireless service providers and law enforcement agencies, including disclosing such information to third parties, to protect against potential or actual infringements or other violations of intellectual property. Such disclosures may be carried out without notice to you.

Based on instructions.
We may share your Personal Information with third parties at your instruction or request, or with your consent. If you do agree to have your Personal Information shared, your Personal Information will be disclosed to such third parties and all information you disclose will be subject to the privacy policy and practices of such third parties. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review the privacy policies and practices of such third parties prior to agreeing to receive such information from them. If you later decide that you no longer want to receive communication from a third party, you will need to contact that third party directly.

Business Transfer.
We may share your information, including your Personal Information and Usage Information, with our parent, subsidiaries and affiliates for internal record-keeping and to improve the Services. We may also disclose and transfer all such information to a subsequent owner, co-owner or operator of the Services or applicable database, or in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our membership interests or assets or other corporate change, including, during the course of any due diligence process.

We may disclose aggregated, deidentified or otherwise anonymous data about our users, which does not identify any individual, without restriction.

4. INDIVIDUAL CHOICES

Review Personal Information and request changes.
If you have registered with the Services or have an account through the Services, you can review and change your Personal Information on your user account.

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration and any Submissions. If your Personal Information changes, or if you no longer desire our Services, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through our support page.

Please understand that we may not be able to alter or delete Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to provide access to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.

Individual rights.
Some individuals may have certain rights under applicable laws, with respect to their Personal Information. These may include rights to access, correct or delete Personal Information, portability rights or rights to object or restrict to certain processing of Personal Information. For those who wish to exercise rights they hold under applicable law, please contact us as directed by the How to Contact Us section. We will process requests as required under applicable laws. Please note that we may take steps to verify the identity of the person who submits a request in order to protect Personal Information.

Please understand that not all individuals hold rights with respect to Personal Information and that laws granting such rights may not apply to us. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to accommodate the exercise of rights with respect to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.

Opt-out of marketing communications.

You may cancel or modify your marketing-related communications that you have elected to receive from the Services by following the instructions contained in our e-mails or other communications or by logging into your user account and changing your communication preferences. If you opt out of marketing communications, you may continue to receive service-related, account-related or other non-marketing emails.

Cookies.
Internet browsers may be configured to reject or disable cookies, as described in browser documentation. Please understand, however, that rejecting or disabling cookies may affect one’s experience of the Site or interfere with the ability to access areas or functions of the Site.

Online advertising.
We do not track our customers over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.

Declining to provide information.
One can always decide not to provide Personal Information. However, we need to collect Personal Information to provide certain Services. If we do not collect the information requested, we may not be able to provide those Services.

6. THIRD PARTY CONTENT AND LINKS TO THIRD PARTY SERVICES

The Services may contain content that is supplied by a third party, and those third parties may collect web site usage information and your Device Identifier when web pages from any online Services are served to your browser. In addition, when you are using the Services, you may be directed to other sites or applications that are operated and controlled by third parties that we do not control. We are not responsible for the privacy practices employed by any of these third parties. These other web sites may send their own cookies to you, independently collect data or solicit Personal Information and may or may not have their own published privacy policies. We encourage you to note when you leave our Services and to read the privacy statements of all third-party web sites or applications before submitting any Personal Information to third parties.

7. CHILDREN’S PERSONAL INFORMATION

No part of our Services is directed towards children under the age of 13, and we do not knowingly collect, maintain or use Personal Information from children under the age of 13.

If you learn that your child has provided us with Personal Information without your consent, please contact us as directed by the How to Contact Us section. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account, in compliance with the Children’s Online Privacy Protection Act (COPPA).

8. SECURITY OF YOUR INFORMATION

We have implemented measures to secure the Personal Information, Usage Information, and Submissions we collect within our databases hosted by Amazon Web Services, which uses standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) for protecting your information – such as any portions of your credit card number which we retain (we do not ourselves retain your entire credit card information). We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of our processing as well as the risk of varying likelihood and severity to your rights and freedoms. Unfortunately, the Internet can never be 100% secure and we cannot ensure or warrant the security of any information you provide us. We do not accept liability for unintentional disclosure and any information you transmit to is, you do so at your own risk. We recommend that you not disclose your password to anyone. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

We will retain your Personal Information, Usage Information, and Submissions for as long as your account with the Services is active or as needed to provide you Services. Even after your account is terminated, we may retain your Personal Information, Usage Information, and Submissions (including credit card information and account history) as needed to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an account (such as addressing chargebacks from your credit card companies), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons.

9. INTERNATIONAL DATA TRANSFERS

We maintain offices and facilities in the United States, and Personal Information may be transferred to the United States or other locations outside of your state, province or country of residence, where privacy laws may not be as protective as those in the state, province or country where you reside.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information, you consent to any transfer and processing in accordance with this Policy.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will provide notice that changes have been made to this Policy by updating the “Last Updated” date at the top of this Privacy Policy and posting it on the Site. While we may also provide notification of changes in another way that we believe is reasonably likely to reach relevant individuals, such as via email or through the Services, you are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Policy to check for changes.

Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, continued use of the Services after the posting of any modified Privacy Policy indicates understanding and acceptance of the terms of the modified Privacy Policy.

5. INDIVIDUAL CHOICES

Review Personal Information and request changes.
If you have registered with the Services or have an account through the Services, you can review and change your Personal Information on your user account.

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration and any Submissions. If your Personal Information changes, or if you no longer desire our Services, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through our support page.

Please understand that we may not be able to alter or delete Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to provide access to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.

Individual rights.
Some individuals may have certain rights under applicable laws, with respect to their Personal Information. These may include rights to access, correct or delete Personal Information, portability rights or rights to object or restrict to certain processing of Personal Information. For those who wish to exercise rights they hold under applicable law, please contact us as directed by the How to Contact Us section. We will process requests as required under applicable laws. Please note that we may take steps to verify the identity of the person who submits a request in order to protect Personal Information.

Please understand that not all individuals hold rights with respect to Personal Information and that laws granting such rights may not apply to us. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to accommodate the exercise of rights with respect to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.

Opt-out of marketing communications.

You may cancel or modify your marketing-related communications that you have elected to receive from the Services by following the instructions contained in our e-mails or other communications or by logging into your user account and changing your communication preferences. If you opt out of marketing communications, you may continue to receive service-related, account-related or other non-marketing emails.

Cookies.
Internet browsers may be configured to reject or disable cookies, as described in browser documentation. Please understand, however, that rejecting or disabling cookies may affect one’s experience of the Site or interfere with the ability to access areas or functions of the Site.

Online advertising.
We do not track our customers over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.

Declining to provide information.
One can always decide not to provide Personal Information. However, we need to collect Personal Information to provide certain Services. If we do not collect the information requested, we may not be able to provide those Services.

6. THIRD PARTY CONTENT AND LINKS TO THIRD PARTY SERVICES

The Services may contain content that is supplied by a third party, and those third parties may collect web site usage information and your Device Identifier when web pages from any online Services are served to your browser. In addition, when you are using the Services, you may be directed to other sites or applications that are operated and controlled by third parties that we do not control. We are not responsible for the privacy practices employed by any of these third parties. These other web sites may send their own cookies to you, independently collect data or solicit Personal Information and may or may not have their own published privacy policies. We encourage you to note when you leave our Services and to read the privacy statements of all third-party web sites or applications before submitting any Personal Information to third parties.

7. CHILDREN’S PERSONAL INFORMATION

No part of our Services is directed towards children under the age of 13, and we do not knowingly collect, maintain or use Personal Information from children under the age of 13.

If you learn that your child has provided us with Personal Information without your consent, please contact us as directed by the How to Contact Us section. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account, in compliance with the Children’s Online Privacy Protection Act (COPPA).

8. SECURITY OF YOUR INFORMATION

We have implemented measures to secure the Personal Information, Usage Information, and Submissions we collect within our databases hosted by Amazon Web Services, which uses standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) for protecting your information – such as any portions of your credit card number which we retain (we do not ourselves retain your entire credit card information). We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of our processing as well as the risk of varying likelihood and severity to your rights and freedoms. Unfortunately, the Internet can never be 100% secure and we cannot ensure or warrant the security of any information you provide us. We do not accept liability for unintentional disclosure and any information you transmit to is, you do so at your own risk. We recommend that you not disclose your password to anyone. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

We will retain your Personal Information, Usage Information, and Submissions for as long as your account with the Services is active or as needed to provide you Services. Even after your account is terminated, we may retain your Personal Information, Usage Information, and Submissions (including credit card information and account history) as needed to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an account (such as addressing chargebacks from your credit card companies), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons.

 

9. INTERNATIONAL DATA TRANSFERS

We maintain offices and facilities in the United States, and Personal Information may be transferred to the United States or other locations outside of your state, province or country of residence, where privacy laws may not be as protective as those in the state, province or country where you reside.

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information, you consent to any transfer and processing in accordance with this Policy.

 

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will provide notice that changes have been made to this Policy by updating the “Last Updated” date at the top of this Privacy Policy and posting it on the Site. While we may also provide notification of changes in another way that we believe is reasonably likely to reach relevant individuals, such as via email or through the Services, you are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Policy to check for changes.

Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, continued use of the Services after the posting of any modified Privacy Policy indicates understanding and acceptance of the terms of the modified Privacy Policy.

11. HOW TO CONTACT US

Please direct any questions or comments about this Privacy Policy or our privacy practices to info@storyfit.com. We can also be contacted via postal mail at:

StoryFit Inc.

3305 Steck Ave., Suite #275

Austin, TX 78757

12. NOTICES TO RESIDENTS OF CALIFORNIA, US EU

This section applies to California residents and outlines an individual’s rights and choices with respect to our processing of an individual’s personal data under the California Consumer Privacy Act (CCPA).

For business purposes in the last twelve months, we may have collected, used and shared personal data about individuals as described in this Policy. To learn more about the personal data we collect, including the specific pieces of personal data collected, sources of collection, our purposes for collection and the categories of service providers with whom we share personal data, please see the Personal Information We Collect, How We Use Personal Information and How We Share Personal Information sections of this Policy.

We do not sell personal data for business or commercial purposes.

A. Consumer Rights

The CCPA grants California consumers certain rights in connection with the personal data collected by businesses, as described below:

  • Right to Know. Any person has the right to know the categories and specific pieces of personal data we have collected about them in the previous 12 months.
  • Right to Deletion. Any person has the right to request that we delete any personal data we have collected about them.
  • Right to Request Information. Any person has the right to request information about our collection, sale and disclosure of their personal data from the previous 12 months.
  • Right to Opt-out of the Sale of Personal Data. Any person has the right to opt-out of the sale of personal data we have collected about them. As of the date of this Policy, we do not sell personal data.
  • Right to Non-Discrimination. Any person has the right to not receive discriminatory treatment for exercising any rights of a person under the CCPA. We will not treat any person differently for exercising any of the rights described above.

B. Exercising Individual Rights

To exercise any of the CCPA rights above, please contact us as directed by the How to Contact Us section. We will fulfill requests within forty-five (45) days of receiving a request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state or local law, regulatory inquiries, subpoenas or our ability to defend against legal claims.

We will verify a request using the individual’s email address. If an individual has created an account with us, we will also verify their request using the information associated with their account, including billing information. Government identification may be required. We cannot respond to an individual’s request if we cannot verify their identity and/or authority to make the request on behalf of another and confirm the personal data relates to them. Making a verifiable consumer request does not require any person to create an account with us.

If an individual wishes to use an authorized agent to submit a request to opt-out on their behalf, they must provide the authorized agent written permission signed by them, the consumer. We may deny a request from an authorized agent if the agent cannot provide to us the individual’s signed permission demonstrating that the agent has been authorized to act on their behalf.

13. NOTICES TO RESIDENTS OF EUROPE (INCLUDING SWITZERLAND AND UK)

This section applies to individuals located in the EEA, the UK or in Switzerland and outlines additional information about a person’s rights and choices regarding our processing of their personal data under the GDPR or equivalent laws in Switzerland and UK.

A. Legal Basis

We collect and process personal data about a person only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal data as follows:

  • With a person’s consent. Where appropriate or legally required, we collect and use personal data about a person subject to their consent (e.g., where legally required for direct marketing activities or to provide the Services).
  • Performance of contract. We collect and use personal data about a person to contract with a person or to perform a contract that a person has with us.
  • To protect the legitimate interests of us, a person or other parties. We process personal data for our legitimate interests, such as to improve our Services, deliver content, optimize a person’s experience, market our Services, provide appropriate security for the Services and to protect an individual, us and other third parties.
  • Where necessary for compliance with laws. We may process personal data about a person: (i) as required by law, such as to comply with a subpoena or similar legal process; (ii) when we believe in good faith that disclosure is necessary to protect our rights or property, to protect an individual’s health and safety or the health and safety of others; (iii) to investigate fraud or respond to a government request; or (iv) if we are involved in a merger, acquisition or sale of all or a portion of our assets.

B. Data Subject Rights

A person has certain rights related to the personal data we hold about them in our capacity as “controller.” Some of these rights may be subject to limitations and qualifications including when: (i) fulfilling an individual’s request would adversely affect other individuals, company trade secrets or intellectual property; (ii) there are overriding public interest reasons; or (iii) we are required by law to retain an individual’s personal data.

  • Right of Access. Any person has the right to access personal data held by us.
  • Right to Rectification. Any person has the right to rectify personal data that is inaccurate or incomplete.
  • Right to Data Portability. Any person the right to request a copy of certain personal data we hold about them in a structured, machine-readable format, and to ask us to share this information with another entity.
  • Right to Erasure. Any person has the right to have personal data deleted where: (1) they believe that it is no longer necessary for us to hold their personal data; (2) we are processing their personal data based on legitimate interests and they object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; (3) they have provided their personal data to us with their consent and they wish to withdraw their consent and there is no other ground under which we can process their personal data; or (4) where they believe the personal data we hold about them is being unlawfully processed by us.
  • Right to Restrict Processing. Any person has the right to ask us to restrict (stop any active) processing of their personal data where: (1) they believe the personal data we hold about them is inaccurate and while we verify accuracy; (2) we want to erase their personal data as the processing is unlawful, but they want us to continue to store it; (3) we no longer need their personal data for our processing, but they require us to retain the data for the establishment, exercise, or defense of legal claims; or (4) they have objected to us processing their personal data based on our legitimate interests and we are considering their objection.
  • Right to Object. Any person can object to our processing of their personal data based on our legitimate interests. We will no longer process their personal data unless we can demonstrate an overriding legitimate purpose.
  • Objection to direct marketing, automated decision making and profiling. Any person has the right to object to our processing of personal data for direct marketing communications and profiling related to direct marketing. We will stop processing the personal data for that purpose.
  • Automated Profiling. In the event that we conduct automated decision making that has a legal or other significant impact we will tell individuals about this and they have the right to challenge such decisions and request that it is reviewed by a human.
  • Withdrawal of Consent. Where the processing of an individual’s personal data by us is based on consent, they have the right to withdraw that consent without detriment at any time by contacting us as directed by the How to Contact Us section.

C. Exercising your Rights

If an individual would like to exercise the rights set forth above, please contact us as directed by the How to Contact Us section. Before we respond to requests for personal data, we will require that an individual verify their identity or the identity of any data subject for whom they are requesting personal data. Our verification methods may include requesting that the individual log into their account, confirm their contact information or email address and/or provide documents for identity verification, depending on the nature of their relationship with us.

We will fulfill an individual’s request within thirty (30) days of receipt unless an exception applies. If an individual has concerns unresolved by us, they may also address any grievance directly with the relevant Supervisory Authority or the ICO for UK-based individuals.

D. Contact Details for Our Data Protection Officer and EU Representative

StoryFit Inc. (3305 Steck Ave., Suite #275, Austin, TX 78757) is the controller for personal data collected in connection with the use of the Services in the EEA, the UK and Switzerland. Our Data Protection Officer can be contacted as directed by the How to Contact Us section.

For EU personal data protection, we have nominated a GDPR Representative who may be contacted at:

Marc Evans
2603 Steck Avenue, Suite 275
Austin, TX 78746
info@storyfit.com

E. About the Privacy Shield

We are committed to complying with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EEA, UK and Switzerland to the United States pursuant to Privacy Shield. We have certified that we adhere to the Privacy Shield Principles with respect to such personal data. If there is any conflict between this Policy and the data subject rights under the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit here.

We are aware that, on July 16, 2020, the European Court of Justice invalidated the EU-US Privacy Shield as a means of ensuring adequate protection for personal data transferred to the US. We are also aware that the Swiss Data Protection Authority and Information Commissioner invalidated the Swiss-US Privacy Shield in September 2020. In reflection of these rulings, where we transfer personal data originating in the EEA, UK and/or Switzerland to the US, transfers are made under the Standard Contractual Clauses approved by the European Commission.

By continuing our commitment to the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks, we remain subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC). Furthermore, pursuant to the Privacy Shield principles, we still acknowledge the right of individuals located in the EEA, UK and/or Switzerland to access, inspect, update or correct their personal data. Individuals located in the EEA, UK and/or Switzerland may exercise their rights by contacting us as directed by the How to Contact Us section.

Under the Privacy Shield, we may be liable for the onward transfer of personal data to third parties as described under the Personal information We Collect section. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. We may be required to release personal data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.

In compliance with the Privacy Shield principles, we commit to resolving complaints about an individual’s privacy and our collection or use of an individual’s personal data transferred to the US pursuant to Privacy Shield. Individuals located in the EEA, UK and/or Switzerland with Privacy Shield inquiries or complaints may exercise their rights by contacting us as directed by the How to Contact Us section.

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If an individual does not receive timely acknowledgment of their complaint, or if your complaint is not satisfactorily addressed, please visit here for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 here.