Storybot Logo
Privacy Policy

  1. Introduction

    Storybot ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. By using our services, you consent to the practices described in this policy.

  2. Personal Information We Collect

    We collect various types of personal information from users, including:

    1. Names
    2. Email addresses
    3. Phone numbers
    4. General payment information

    We do not collect sensitive information such as credit card details, health information, or biometric data.

  3. Collection Methods

    We collect personal information directly from you when you:

    • Register for an account
    • Use our services
    • Contact us for support

    We also use cookies and other tracking technologies to enhance user experience and gather information about how users interact with our app.

  4. Use of Personal Information

    We use the collected information to:

    • Provide and improve our services
    • Process transactions
    • Communicate with users
    • Send marketing communications (with user consent)

    Users can opt-out of marketing communications at any time.

  5. Sharing of Personal Information

    We share user information with third parties who assist us in providing our services, such as payment processors and analytics providers. We do not sell user information to third parties.

  6. Third-Party Platform Integrations and Data Usage

    Important: Two Types of Platform Connections

    Storybot uses third-party platforms in two distinct ways:

    1. Authentication/Login: You can sign in to Storybot using your Google, Facebook, YouTube, Instagram, or TikTok account. This uses minimal permissions only to verify your identity (name, email, profile picture).
    2. Content Publishing: Separately, you can connect your YouTube, TikTok, or Instagram accounts in your account preferences to publish stories. This requires additional permissions specific to content publishing.

    Note: You can sign in with one platform (e.g., Google) and publish to different platforms (e.g., YouTube, Instagram, TikTok). These are separate, independent connections.

    Authentication Services (Login)

    Supported Login Methods

    You can sign in to Storybot using any of the following methods. Each method uses minimal permissions only to verify your identity:

    • Google: Requests profile and email
    • Facebook: Requests public profile and email
    • YouTube: Requests profile and email (login only, not for uploading)
    • Instagram: Requests basic Instagram info (login only, not for publishing)
    • TikTok: Requests basic user info and profile (login only, not for uploading)
    • Email: Magic link authentication (no third-party account needed)
    Information We Receive When You Sign In

    When you sign in using any third-party platform, we receive and store only basic profile information:

    • Your name or username
    • Your email address (when available)
    • Your profile picture (optional)
    • Account ID (used for authentication)

    Important: Signing in does NOT grant us permission to upload videos or publish content. Content publishing requires separate authorization in your account preferences.

    How We Use This Information
    • Create and manage your Storybot account
    • Authenticate you when you log in to our services
    • Display your profile information in the app
    • Send important account-related communications
    • Provide customer support

    This information is used solely for account management and service provision. We do not share your Google Sign-In information with third parties for marketing purposes.

    Data Security

    Your Google authentication credentials are never stored on our servers. We only receive and store the basic profile information mentioned above. Authentication tokens are encrypted and stored securely.

    Revoking Login Access

    You can revoke Storybot's access to your login account at any time:

    Note: Revoking login access is separate from revoking publishing access. If you've connected accounts for publishing in your preferences, you'll need to disconnect those separately.

    Content Publishing Integrations

    The following sections describe the permissions requested when you connect social media accounts for content publishing in your account preferences. These are separate from login permissions.

    YouTube Video Publishing

    When you connect your YouTube account for publishing in account preferences, we request the following YouTube API scopes:

    • youtube.upload: Upload videos to your YouTube channel
    • youtube.readonly: View your YouTube account information
    How We Use YouTube Publishing Data
    • We access your YouTube account only when you explicitly choose to upload a video to YouTube through our platform
    • We upload videos directly to your YouTube channel using the YouTube Data API v3
    • We do not store copies of your YouTube videos on our servers after upload
    • We do not access, view, modify, or delete your existing YouTube videos or channel content
    • We only upload new videos that you create and explicitly choose to publish within our app
    • YouTube access tokens are encrypted and stored securely in our database to enable future uploads

    Data Sharing

    We do not share your Google or YouTube data with any third parties except as necessary to provide the upload functionality (i.e., transmitting your video to YouTube's servers). We do not sell, rent, or trade your Google user data.

    Revoking Access

    You can revoke Storybot's access to your YouTube account at any time by:

    You may also disconnect your YouTube account from within your Account settings.

    Limited Use Disclosure

    Storybot's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

    TikTok Video Publishing

    When you connect your TikTok account for publishing in account preferences, we request the following TikTok API scopes:

    • user.info.basic: Access basic user information
    • user.info.profile: Access your profile information
    • video.publish: Publish videos to your TikTok account
    • video.upload: Upload video content to TikTok
    How We Use TikTok Data
    • We access your TikTok account only when you explicitly choose to upload a video to TikTok through our platform
    • We upload videos directly to your TikTok account using the TikTok API v2
    • We store your TikTok account information (account ID, username, profile picture) to display connection status
    • We do not access, view, modify, or delete your existing TikTok videos or account content
    • We only upload new videos that you create and explicitly choose to publish within our app
    • TikTok access tokens are encrypted and stored securely in our database to enable future uploads
    Revoking TikTok Access

    You can revoke Storybot's access to your TikTok account at any time by:

    • Visiting your TikTok Settings → Privacy → Apps and Websites
    • Finding "Storybot" in the list of connected apps
    • Clicking "Remove Access"
    • Or by disconnecting from within your Storybot account preferences
    Instagram Content Publishing

    When you connect your Instagram account for publishing in account preferences, we request permission to access the following Facebook/Instagram API scopes through the Facebook Graph API:

    • pages_show_list: View your Facebook Pages (required to access Instagram Business accounts)
    • business_management: Manage your business accounts
    • instagram_basic: Access basic Instagram account information
    • instagram_content_publish: Publish content to Instagram

    Note: Instagram publishing requires your Instagram account to be a Business or Creator account connected to a Facebook Page.

    How We Use Instagram/Facebook Data
    • We access your Instagram/Facebook accounts only when you explicitly choose to publish content through our platform
    • We publish content directly to your Instagram account using the Facebook Graph API v18.0
    • We exchange short-lived access tokens for long-lived Page Access Tokens to enable reliable content publishing
    • We store your account information (account ID, username, Facebook Page information, profile picture) to display connection status
    • We do not access, view, modify, or delete your existing Instagram posts or account content
    • We only publish new content that you create and explicitly choose to publish within our app
    • Access tokens are encrypted and stored securely in our database to enable future publishing
    • We track publishing status (pending, processing, completed, failed) to provide you with upload progress information
    Revoking Instagram/Facebook Access

    You can revoke Storybot's access to your Instagram/Facebook account at any time by:

    Data Use Disclosure

    Storybot's use of information received from Facebook and Instagram APIs is limited to providing content publishing functionality. We do not use this data for any other purposes and comply with Facebook's Platform Terms and Developer Policies.

  7. Data Security

    We implement a variety of security measures to maintain the safety of your personal information:

    • Encryption at Rest: All data, including access tokens for third-party platforms (YouTube, TikTok, Instagram, Facebook), is encrypted at rest using AES-256 encryption through our database provider (MongoDB Atlas).
    • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols.
    • Access Controls: Database access is restricted to authorized services only, with authentication and role-based access controls.
    • Secure Servers: Our application is hosted on secure, regularly updated infrastructure with firewall protection and intrusion detection.
    • Data Breach Response: We have procedures in place to respond promptly to data breaches and will notify affected users in accordance with applicable laws.

  8. Data Retention and Deletion

    We retain your personal information only for as long as necessary to provide our services and comply with legal obligations. Below are our data retention policies for different types of data:

    Account Data

    • User account information (name, email, profile) is retained for the duration of your account
    • Upon account deletion, all personal data is permanently removed from our systems within 30 days

    Social Media Platform Data

    • YouTube: Access tokens and account information are stored only while you maintain an active connection. Video content is not stored on our servers after upload. You can disconnect your YouTube account at any time, and all associated tokens will be deleted within 30 days.
    • TikTok: Access tokens and account information are stored only while you maintain an active connection. Video content is not stored on our servers after upload. You can disconnect your TikTok account at any time, and all associated tokens will be deleted within 30 days.
    • Instagram/Facebook: Page access tokens and account information are stored only while you maintain an active connection. Content is not stored on our servers after publishing. You can disconnect your Instagram/Facebook account at any time, and all associated tokens will be deleted within 30 days.

    Content and Story Data

    • Stories you create are retained until you delete them or close your account
    • Temporary video files generated for social media uploads are deleted immediately after successful upload
    • All content is permanently deleted within 30 days of account deletion

    Payment and Subscription Data

    • Payment information is processed and stored by our payment processor (Stripe) and is not stored on our servers
    • Subscription records are retained for accounting and tax purposes for 7 years as required by law

    Compliance with Platform Requirements

    Our data retention policies comply with Google API Services User Data Policy, YouTube API Terms of Service, TikTok Developer Terms, and Facebook Platform Terms. We do not retain platform data longer than necessary to provide our services, and we honor all user deletion requests within the required timeframes.

  9. User Rights

    You have the right to access, update, or delete your personal information. You can do this by contacting us directly at admin@storybot.com.au. You can also withdraw your consent for data processing at any time.

  10. International Data Transfers

    We may transfer your data outside of Australia to provide our services, including to countries where our service providers are located. We ensure that any international data transfers comply with applicable data protection laws and take appropriate measures to protect your data.

  11. Children's Privacy

    Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

  12. Cookies and Tracking Technologies

    We use cookies and similar tracking technologies to track activity on our services and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

  13. Policy Updates

    We may update this Privacy Policy from time to time. We will inform you about changes by posting the updated policy on our website and notifying you via email or through our app. We encourage you to review this policy periodically.

  14. Contact Information

    For any questions or concerns, contact us at admin@storybot.com.au

  15. Complaints

    If you have any complaints about our privacy practices, you can contact us at the above email address. We will investigate and respond to your complaint within a reasonable period. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).