Last Updated: February 21, 2023
- Our website and mobile service, including https://storyfit.com and its subdomains (collectively, the “Site”);
- Our communications with employees, clients or representatives of our organizational clients (i.e., the individuals and organizations to whom we provide services);
- Our marketing communications;
- Any online activities owned, operated, provided or made available by us; and
- Any other contexts, including events or other offline activities, where we may post, link to or otherwise direct attention to this Policy.
Collectively, we refer to our Site, communications, online and offline activities, services and operations as the “Services.”
While reviewing this Policy, here are a few important things to keep in mind:
- “Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact or locate you, such as: name, address, e-mail address or phone number. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
PLEASE REVIEW THE FOLLOWING CAREFULLY SO THAT YOU UNDERSTAND OUR PRIVACY PRACTICES.
If you do not agree with our policies and practices, your choice is not to use our Site. By accessing, downloading, registering with or using the Site, you agree to this Policy. This Policy may change from time to time. Your continued use of the Site after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
All data is stored in the U.S. and subject to U.S. laws but depending on the law applicable to you, you may benefit from additional specific rights. We provide important information for residents of California in the Notices to Residents of California, US section and for residents of Europe in the Notices to Residents of Europe (including Switzerland and UK) section.
2. PERSONAL INFORMATION WE COLLECT
We generally collect information from the following sources: provided to us directly by you, collected through automated technologies or collected from a third party.
Information you provide to us. Personal Information that we collect directly from you through the Services or otherwise may include:
- Contact data, such as first and last name, e-mail and mailing addresses, phone number(s), professional title and company name.
- Registration data, such as the information provided to register for Services that we offer, which may include a name, phone number(s), e-mail address, password or other access credentials, billing address and credit card information. You may also provide other optional information.
- Communications, such as information provided when you interact with other users or contact us with questions, feedback or otherwise correspond with us.
- User Contributions, such as text, information about you or your work, manuscripts, chapters, outlines, other samples of your work, usernames, graphics, images, photographs, profiles, audio, video, items and links (collectively, the “Submissions”) you may choose to provide when using the Services.
- Payment data, such as your credit card number, expiration date and security code, or information regarding your PayPal, Google Wallet or other digital payment accounts provided to our third-party payment processor. Information about your payment accounts is not held by us. We use a third-party payment processor to handle all payments made through the Services.
Information we collect automatically. We and our third-party service providers may use a variety of technologies that automatically (or passively) collects certain information whenever you visit or interact with the Services (“Usage Information”). This Usage Information may include:
- Device data, such as IP address, browser type, the URL that referred you to our Services, all the areas with our Services that you visit, the time of day or other unique identifier (“Device Identifier”) for your computer, mobile or other device used to access the Services (any, a “Device”). A Device Identifier is a number that is automatically assigned to your Device, and our computers identify your Device by its Device Identifier.
- Online activity and usage data, such as information about use of and actions on the Site or within the Services, including pages or screens viewed, time spent on a page or screen, navigation paths between pages or screens, access times, length of access and other information about online activity while using the Services.
- E-mail open and click data, such as IP address and other information about people who open marketing e-mails from us or click on any links provided in our marketing e-mail.
Information from third parties.
We may, from time to time, supplement the information we collect about you through the Services with Personal Information about you from other sources, such as:
- Publicly available sources, including social media platforms;
- Information services; and
- Business partners, such as joint marketing partners.
A few of the methods that may be used to collect Usage Information include, without limitation, the following (and subsequent technology and methods hereafter developed):
Small graphic images or other web programming code called web beacons (also known as pixel tags and clear GIFs) may be included in our Site and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track your online movements. In contrast to cookies, which are stored in your computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count users of the Services and track the actions of users of the Services (including e-mail recipients). We do not tie the information gathered by web beacons to your Personal Information.
An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Services and is deactivated or deleted thereafter.
Information from you about a third party.
If you choose to use our referral service to tell a friend, relative or someone you know about our Services (a “Referred Person”), we will ask you to provide the Referred Person’s name and e-mail address. We will automatically send the Referred Person a one-time e-mail inviting them to visit the Services. We may also send a follow-up e-mail or e-mails, at our discretion. If a Referred Person no longer wants to receive communications from us, they can e-mail firstname.lastname@example.org with their request and we will discontinue further communications. We store this information for the sole purpose of sending this one-time e-mail and tracking the success of our referral program, and do not use this information for any other marketing purpose unless we obtain consent from that person. Please be aware that when you use this functionality through our Services, your e-mail address may be included in the communication sent to your friend.
We maintain pages or accounts on social media platforms, such as Instagram, Facebook, Twitter and LinkedIn. We collect aggregated data from people who interact with us through social media platforms if they choose to share personal information, such as an account name or contact information. In addition, companies that provide social media platforms may provide us with analytics and aggregated data about our presence on those platforms.
3. HOW WE USE COLLECTED INFORMATION
Service delivery and business operations.
We use your Personal Information or Usage Information that we collect about you for the purposes of providing the Services, and:
- To provide, operate and improve the Services;
- To communicate with you about the Services, including by sending announcements, updates, security alerts and support and administrative messages;
- To communicate with representatives of our clients and other individuals in connection with providing Services;
- To respond to individuals’ requests, questions and feedback;
- To perform other internal business operations;
- To carry out our legal obligations and enforce our rights, including for billing and collection; and
- In any other way we may describe when you provide such information.
Research and development.
We may use Personal Information to analyze and improve the Services and our business and operations, such as including Personal Information in our data analytics.
We may send announcements about us, information about online or mobile entry sweepstakes or other promotions and other marketing communications as permitted by law. We may also use Usage Information to enhance our ability to serve you, to tailor our content to you and to offer you incentives and opportunities to purchase products or services that we believe may be of interest to you.
To comply with law.
We may use and share Personal Information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government officials.
For compliance, fraud prevention and safety.
We may use Personal Information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the terms and conditions that govern the Services; and (iv) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
In some cases, we may specifically ask for consent to collect, use or share Personal Information, such as when required by law.
To create anonymous data.
We may create aggregated, de-identified or other anonymous data from any Personal Information we collect. We make Personal Information into anonymous data by removing information that makes the data personally identifiable to any specific person. We may use this anonymous data and share it to third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
5. INDIVIDUAL CHOICES
Review Personal Information and request changes.
If you have registered with the Services or have an account through the Services, you can review and change your Personal Information on your user account.
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration and any Submissions. If your Personal Information changes, or if you no longer desire our Services, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through our support page.
Please understand that we may not be able to alter or delete Personal Information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to provide access to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.
Some individuals may have certain rights under applicable laws, with respect to their Personal Information. These may include rights to access, correct or delete Personal Information, portability rights or rights to object or restrict to certain processing of Personal Information. For those who wish to exercise rights they hold under applicable law, please contact us as directed by the How to Contact Us section. We will process requests as required under applicable laws. Please note that we may take steps to verify the identity of the person who submits a request in order to protect Personal Information.
Please understand that not all individuals hold rights with respect to Personal Information and that laws granting such rights may not apply to us. We are also not obligated to comply with requests that are illegal or unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to accommodate the exercise of rights with respect to Personal Information in cases where we hold and process Personal Information on behalf of one of our clients.
Opt-out of marketing communications.
You may cancel or modify your marketing-related communications that you have elected to receive from the Services by following the instructions contained in our e-mails or other communications or by logging into your user account and changing your communication preferences. If you opt out of marketing communications, you may continue to receive service-related, account-related or other non-marketing emails.
Internet browsers may be configured to reject or disable cookies, as described in browser documentation. Please understand, however, that rejecting or disabling cookies may affect one’s experience of the Site or interfere with the ability to access areas or functions of the Site.
We do not track our customers over time and across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (DNT) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
Declining to provide information.
One can always decide not to provide Personal Information. However, we need to collect Personal Information to provide certain Services. If we do not collect the information requested, we may not be able to provide those Services.
6. THIRD PARTY CONTENT AND LINKS TO THIRD PARTY SERVICES
The Services may contain content that is supplied by a third party, and those third parties may collect web site usage information and your Device Identifier when web pages from any online Services are served to your browser. In addition, when you are using the Services, you may be directed to other sites or applications that are operated and controlled by third parties that we do not control. We are not responsible for the privacy practices employed by any of these third parties. These other web sites may send their own cookies to you, independently collect data or solicit Personal Information and may or may not have their own published privacy policies. We encourage you to note when you leave our Services and to read the privacy statements of all third-party web sites or applications before submitting any Personal Information to third parties.
7. CHILDREN’S PERSONAL INFORMATION
No part of our Services is directed towards children under the age of 13, and we do not knowingly collect, maintain or use Personal Information from children under the age of 13.
If you learn that your child has provided us with Personal Information without your consent, please contact us as directed by the How to Contact Us section. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account, in compliance with the Children’s Online Privacy Protection Act (COPPA).
8. SECURITY OF YOUR INFORMATION
We have implemented measures to secure the Personal Information, Usage Information, and Submissions we collect within our databases hosted by Amazon Web Services, which uses standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) for protecting your information – such as any portions of your credit card number which we retain (we do not ourselves retain your entire credit card information). We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of our processing as well as the risk of varying likelihood and severity to your rights and freedoms. Unfortunately, the Internet can never be 100% secure and we cannot ensure or warrant the security of any information you provide us. We do not accept liability for unintentional disclosure and any information you transmit to is, you do so at your own risk. We recommend that you not disclose your password to anyone. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
We will retain your Personal Information, Usage Information, and Submissions for as long as your account with the Services is active or as needed to provide you Services. Even after your account is terminated, we may retain your Personal Information, Usage Information, and Submissions (including credit card information and account history) as needed to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an account (such as addressing chargebacks from your credit card companies), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reasons.
9. INTERNATIONAL DATA TRANSFERS
We maintain offices and facilities in the United States, and Personal Information may be transferred to the United States or other locations outside of your state, province or country of residence, where privacy laws may not be as protective as those in the state, province or country where you reside.
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information, you consent to any transfer and processing in accordance with this Policy.
11. HOW TO CONTACT US
3305 Steck Ave., Suite #275
Austin, TX 78757
12. NOTICES TO RESIDENTS OF CALIFORNIA, US EU
This section applies to California residents and outlines an individual’s rights and choices with respect to our processing of an individual’s personal data under the California Consumer Privacy Act (CCPA).
For business purposes in the last twelve months, we may have collected, used and shared personal data about individuals as described in this Policy. To learn more about the personal data we collect, including the specific pieces of personal data collected, sources of collection, our purposes for collection and the categories of service providers with whom we share personal data, please see the Personal Information We Collect, How We Use Personal Information and How We Share Personal Information sections of this Policy.
We do not sell personal data for business or commercial purposes.
A. Consumer Rights
The CCPA grants California consumers certain rights in connection with the personal data collected by businesses, as described below:
- Right to Know. Any person has the right to know the categories and specific pieces of personal data we have collected about them in the previous 12 months.
- Right to Deletion. Any person has the right to request that we delete any personal data we have collected about them.
- Right to Request Information. Any person has the right to request information about our collection, sale and disclosure of their personal data from the previous 12 months.
- Right to Opt-out of the Sale of Personal Data. Any person has the right to opt-out of the sale of personal data we have collected about them. As of the date of this Policy, we do not sell personal data.
- Right to Non-Discrimination. Any person has the right to not receive discriminatory treatment for exercising any rights of a person under the CCPA. We will not treat any person differently for exercising any of the rights described above.
B. Exercising Individual Rights
To exercise any of the CCPA rights above, please contact us as directed by the How to Contact Us section. We will fulfill requests within forty-five (45) days of receiving a request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state or local law, regulatory inquiries, subpoenas or our ability to defend against legal claims.
We will verify a request using the individual’s email address. If an individual has created an account with us, we will also verify their request using the information associated with their account, including billing information. Government identification may be required. We cannot respond to an individual’s request if we cannot verify their identity and/or authority to make the request on behalf of another and confirm the personal data relates to them. Making a verifiable consumer request does not require any person to create an account with us.
If an individual wishes to use an authorized agent to submit a request to opt-out on their behalf, they must provide the authorized agent written permission signed by them, the consumer. We may deny a request from an authorized agent if the agent cannot provide to us the individual’s signed permission demonstrating that the agent has been authorized to act on their behalf.
13. NOTICES TO RESIDENTS OF EUROPE (INCLUDING SWITZERLAND AND UK)
This section applies to individuals located in the EEA, the UK or in Switzerland and outlines additional information about a person’s rights and choices regarding our processing of their personal data under the GDPR or equivalent laws in Switzerland and UK.
A. Legal Basis
We collect and process personal data about a person only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal data as follows:
- With a person’s consent. Where appropriate or legally required, we collect and use personal data about a person subject to their consent (e.g., where legally required for direct marketing activities or to provide the Services).
- Performance of contract. We collect and use personal data about a person to contract with a person or to perform a contract that a person has with us.
- To protect the legitimate interests of us, a person or other parties. We process personal data for our legitimate interests, such as to improve our Services, deliver content, optimize a person’s experience, market our Services, provide appropriate security for the Services and to protect an individual, us and other third parties.
- Where necessary for compliance with laws. We may process personal data about a person: (i) as required by law, such as to comply with a subpoena or similar legal process; (ii) when we believe in good faith that disclosure is necessary to protect our rights or property, to protect an individual’s health and safety or the health and safety of others; (iii) to investigate fraud or respond to a government request; or (iv) if we are involved in a merger, acquisition or sale of all or a portion of our assets.
B. Data Subject Rights
A person has certain rights related to the personal data we hold about them in our capacity as “controller.” Some of these rights may be subject to limitations and qualifications including when: (i) fulfilling an individual’s request would adversely affect other individuals, company trade secrets or intellectual property; (ii) there are overriding public interest reasons; or (iii) we are required by law to retain an individual’s personal data.
- Right of Access. Any person has the right to access personal data held by us.
- Right to Rectification. Any person has the right to rectify personal data that is inaccurate or incomplete.
- Right to Data Portability. Any person the right to request a copy of certain personal data we hold about them in a structured, machine-readable format, and to ask us to share this information with another entity.
- Right to Erasure. Any person has the right to have personal data deleted where: (1) they believe that it is no longer necessary for us to hold their personal data; (2) we are processing their personal data based on legitimate interests and they object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; (3) they have provided their personal data to us with their consent and they wish to withdraw their consent and there is no other ground under which we can process their personal data; or (4) where they believe the personal data we hold about them is being unlawfully processed by us.
- Right to Restrict Processing. Any person has the right to ask us to restrict (stop any active) processing of their personal data where: (1) they believe the personal data we hold about them is inaccurate and while we verify accuracy; (2) we want to erase their personal data as the processing is unlawful, but they want us to continue to store it; (3) we no longer need their personal data for our processing, but they require us to retain the data for the establishment, exercise, or defense of legal claims; or (4) they have objected to us processing their personal data based on our legitimate interests and we are considering their objection.
- Right to Object. Any person can object to our processing of their personal data based on our legitimate interests. We will no longer process their personal data unless we can demonstrate an overriding legitimate purpose.
- Objection to direct marketing, automated decision making and profiling. Any person has the right to object to our processing of personal data for direct marketing communications and profiling related to direct marketing. We will stop processing the personal data for that purpose.
- Automated Profiling. In the event that we conduct automated decision making that has a legal or other significant impact we will tell individuals about this and they have the right to challenge such decisions and request that it is reviewed by a human.
- Withdrawal of Consent. Where the processing of an individual’s personal data by us is based on consent, they have the right to withdraw that consent without detriment at any time by contacting us as directed by the How to Contact Us section.
C. Exercising your Rights
If an individual would like to exercise the rights set forth above, please contact us as directed by the How to Contact Us section. Before we respond to requests for personal data, we will require that an individual verify their identity or the identity of any data subject for whom they are requesting personal data. Our verification methods may include requesting that the individual log into their account, confirm their contact information or email address and/or provide documents for identity verification, depending on the nature of their relationship with us.
We will fulfill an individual’s request within thirty (30) days of receipt unless an exception applies. If an individual has concerns unresolved by us, they may also address any grievance directly with the relevant Supervisory Authority or the ICO for UK-based individuals.
D. Contact Details for Our Data Protection Officer and EU Representative
StoryFit Inc. (3305 Steck Ave., Suite #275, Austin, TX 78757) is the controller for personal data collected in connection with the use of the Services in the EEA, the UK and Switzerland. Our Data Protection Officer can be contacted as directed by the How to Contact Us section.
For EU personal data protection, we have nominated a GDPR Representative who may be contacted at:
2603 Steck Avenue, Suite 275
Austin, TX 78746
E. About the Privacy Shield
We are committed to complying with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EEA, UK and Switzerland to the United States pursuant to Privacy Shield. We have certified that we adhere to the Privacy Shield Principles with respect to such personal data. If there is any conflict between this Policy and the data subject rights under the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit here.
We are aware that, on July 16, 2020, the European Court of Justice invalidated the EU-US Privacy Shield as a means of ensuring adequate protection for personal data transferred to the US. We are also aware that the Swiss Data Protection Authority and Information Commissioner invalidated the Swiss-US Privacy Shield in September 2020. In reflection of these rulings, where we transfer personal data originating in the EEA, UK and/or Switzerland to the US, transfers are made under the Standard Contractual Clauses approved by the European Commission.
By continuing our commitment to the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks, we remain subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC). Furthermore, pursuant to the Privacy Shield principles, we still acknowledge the right of individuals located in the EEA, UK and/or Switzerland to access, inspect, update or correct their personal data. Individuals located in the EEA, UK and/or Switzerland may exercise their rights by contacting us as directed by the How to Contact Us section.
Under the Privacy Shield, we may be liable for the onward transfer of personal data to third parties as described under the Personal information We Collect section. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. We may be required to release personal data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.
In compliance with the Privacy Shield principles, we commit to resolving complaints about an individual’s privacy and our collection or use of an individual’s personal data transferred to the US pursuant to Privacy Shield. Individuals located in the EEA, UK and/or Switzerland with Privacy Shield inquiries or complaints may exercise their rights by contacting us as directed by the How to Contact Us section.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If an individual does not receive timely acknowledgment of their complaint, or if your complaint is not satisfactorily addressed, please visit here for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 here.