Privacy Policy

Effective date: March 1, 2026 Last updated: March 16, 2026

This Privacy Policy explains how Storly handles information when you use the Storly iOS app. The Storly website itself does not collect personal data — the practices described below relate to the iOS app.

1. Who We Are

Storly is a family storytelling product published by HEIERE.

• Legal entity: HEIERE
• Contact: heierestudio@gmail.com

2. Information We Process

A. Profile and story content

When you use the app, Storly processes content you create, such as:

• Child profile fields (for example name, age, gender, avatar, and optional appearance attributes such as skin tone and hair color)
• Story titles and text
• Story lesson reflections
• Illustration prompts and generated images
• Cached narration audio

B. AI request data

To generate stories, images, and narration, Storly sends request data to AI service providers (currently OpenAI and Google Gemini) through a backend proxy. This includes child profile context used for story personalization. Data sent may include:

• Theme and life lesson selections
• Child profile context used for personalization (for example childName, childAge, childGender, childSkinTone, childHairColor, language)
• Optional story personalization text
• Story text sent for narration generation
• Image prompt text

C. Session and identifier data

Storly uses an anonymous Supabase auth session to access backend services. An anonymous user identifier is created and associated with your app session. Session tokens are stored securely in Apple Keychain on your device. This identifier is linked to backend records described in section D below.

D. Usage and diagnostics data

The backend stores AI usage counters and request logs associated with your anonymous session, including:

• Operation type (story, image, speech)
• AI model used
• Request latency
• Token counts
• Error codes
• Associated anonymous user identifier

E. Purchase and entitlement data

When you buy credits or subscriptions, billing and transaction processing is handled by Apple through StoreKit. Storly processes entitlement and credit state needed to unlock features, stored in iCloud Key-Value storage.

F. Settings and operational state

Storly stores settings and service state needed for app functionality, such as language, voice, credits usage, and sync state, locally using UserDefaults and AppStorage.

G. Feedback you submit

If you contact us or submit in-app feedback, we process the information you provide (up to 1000 characters) to respond and improve the service.

3. How We Use Information

We use information to:

• Provide profile, story, illustration, and narration features
• Personalize the reading experience
• Process purchases and restore access
• Sync eligible app state across Apple services
• Enforce usage limits and prevent abuse
• Maintain reliability and troubleshoot issues
• Respond to support and feedback requests

4. Where Processing Happens

Depending on feature selection and device state, processing can occur:

• On-device (SwiftData local storage, Apple Intelligence on-device generation)
• In Apple services (CloudKit/iCloud Key-Value for sync, StoreKit for purchases)
• In Supabase services (anonymous auth, edge function proxy, database)
• In AI provider services routed through the Supabase proxy (currently OpenAI and Google Gemini)
• In Pollinations.ai only when Apple image generation fallback is used

5. Legal Bases (EEA/UK)

Where applicable, we process personal data under one or more of these legal bases:

• Performance of a contract (to provide requested features)
• Legitimate interests (service reliability, fraud prevention, security)
• Legal obligations (where required)
• Consent (where required by law)

6. Sharing and Service Providers

Storly shares data only with service providers required to operate the product:

• Apple (CloudKit/iCloud Key-Value, StoreKit — Apple Privacy Policy)
• Supabase (anonymous auth, database, edge functions — Supabase Privacy Policy)
• OpenAI (story, image, and speech generation via backend proxy — OpenAI Privacy Policy)
• Google Gemini (story, image, and speech generation via backend proxy — Google Privacy Policy)
• Pollinations.ai (image generation fallback only — Pollinations.ai)

We do not sell personal data.

7. Tracking and Advertising

Based on the current app implementation:

• Storly does not use IDFA for cross-app tracking
• Storly does not run third-party ad SDKs in the app

If tracking or advertising practices change in the future, this policy will be updated before those changes go live.

8. Data Retention

Storly retains data only as long as needed for product operation, support, legal compliance, and dispute handling. Retention periods by data category:

• User-created content (profiles, stories, books): retained until deleted by the user or removed from the app
• AI request logs: up to 12 months
• AI daily usage counters: up to 12 months
• Feedback submissions: up to 24 months
• Operational and support records: retained for limited internal and legal needs

Where legally required (for example for dispute handling, fraud prevention, or regulatory compliance), specific records may be retained for longer.

9. Your Rights and Choices

Depending on your location, you may have rights to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal

To submit a privacy request, contact: heierestudio@gmail.com

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

Automated Decision-Making

Storly uses AI to generate stories, illustrations, and narration based on user inputs. This processing does not produce legal effects or similarly significant effects on users. No automated decisions are made regarding access, eligibility, or rights.

10. Children's Privacy

Storly is designed for use by parents and guardians with children and may include child profile fields (such as name, age, gender, and optional appearance attributes) entered by the user. Storly does not knowingly collect personal data directly from children without parental involvement. Parents and guardians should supervise use and avoid entering unnecessary personal details.

11. Security

Storly uses:

• Apple Keychain for secure local storage of session tokens
• Authenticated API requests to backend services
• Row-level security configuration in Supabase database tables
• Platform-managed security controls from Apple services

No storage or transmission method can be guaranteed to be fully secure.

12. International Transfers

Service providers may process data in countries outside your own. Where required, we use appropriate safeguards for cross-border data transfers.

13. California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information.

Storly does not sell personal information and does not share personal information for cross-context behavioral advertising. To exercise your California privacy rights, contact: heierestudio@gmail.com

14. Electronic Communications

By using Storly, you consent to receive communications from us electronically, including through the app, our website, or email. You agree that all notices, disclosures, policy updates, and other communications provided electronically satisfy any legal requirement that such communications be in writing.

15. Changes to This Policy

We may update this Privacy Policy to reflect product, legal, or operational changes. The latest version will always include an updated effective date.

16. Contact

HEIERE heierestudio@gmail.com