logo
IP Trading
RegisterLogin
Legal

Privacy Policy

Last Updated: February 11, 2026Effective Date: February 11, 2026

Introduction

This Privacy Policy for Storyfor, Inc. ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you visit our website at https://storyformoney.com or any website of ours that links to this Privacy Policy, use StoryForMoney, or engage with us in other related ways, including any marketing or events.

StoryForMoney is a digital storytelling and intellectual property (IP) platform focused on the creation, management, and commercialization of creative works. The platform enables creators to publish original content, manage rights and licensing, and participate in monetization and revenue-sharing models supported by modern digital infrastructure. Content on the platform includes novels, short stories, poetry, comics, illustrations, and other creative works. StoryForMoney offers tools for IP management, derivative work authorization, royalty distribution, and content discovery. The platform emphasizes content safety, moderation, age-appropriate access controls, and responsible operation to support a diverse and global user base.

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Summary of Key Points

This summary provides key points from our Privacy Policy, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.

  • What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
  • Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.
  • Do we collect any information from third parties? We may collect information from public databases, marketing partners, social media platforms, and other outside sources.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
  • In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties.
  • How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
  • What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
  • How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Table of Contents

  1. 1. What Information Do We Collect?
  2. 2. How Do We Process Your Information?
  3. 3. What Legal Bases Do We Rely On to Process Your Personal Information?
  4. 4. When and With Whom Do We Share Your Personal Information?
  5. 5. What Is Our Stance on Third-Party Websites?
  6. 6. Do We Use Cookies and Other Tracking Technologies?
  7. 7. Do We Offer Artificial Intelligence-Based Products?
  8. 8. How Do We Handle Your Social Logins?
  9. 9. Is Your Information Transferred Internationally?
  10. 10. How Long Do We Keep Your Information?
  11. 11. How Do We Keep Your Information Safe?
  12. 12. Do We Collect Information from Minors?
  13. 13. What Are Your Privacy Rights?
  14. 14. Controls for Do-Not-Track Features
  15. 15. Do United States Residents Have Specific Privacy Rights?
  16. 16. Content Data Processing and AI Training
  17. 17. Blockchain Integration
  18. 18. Data Breach Notification
  19. 19. Do We Make Updates to This Policy?
  20. 20. How Can You Contact Us About This Policy?
  21. 21. How Can You Review, Update, or Delete the Data We Collect from You?

1. What Information Do We Collect?

Personal Information You Disclose to Us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

  • Phone numbers
  • Email addresses
  • Usernames and passwords
  • Contact preferences and authentication data
  • Billing and mailing addresses
  • Payment information (processed and stored by third-party payment processors; we do not directly store your full card numbers)
  • Names and job titles
  • Date of birth
  • Profile pictures/avatars and bio/about information
  • Content/literary works, manuscripts and drafts
  • Reading preferences, writing genres and categories
  • Wallet addresses and cryptocurrency transaction records
  • IP ownership records and licensing agreements
  • Revenue/earnings data and publishing history
  • Social media links
  • Language preferences, nationality/country of residence, gender, time zone
  • Government-issued ID numbers and tax identification numbers
  • Content ratings, reader reviews, interaction history, bookmarks and reading lists
  • NFT ownership records, smart contract interactions, blockchain transaction history
  • Bank account information, payment service accounts, tax withholding information
  • Revenue sharing agreements, subscription data, purchase history, payment methods
  • Business registration information
  • Follower/following relationships, comments, messages, collaboration records
  • Device information, IP addresses, browser information, usage analytics
  • Security verification data, two-factor authentication data, API usage data
  • Parental consent records, age verification data, content moderation records
  • Graphic novels, comics, manga, illustrations, artwork, character designs, storyboards
  • Audio recordings, video content, animation files, cover art and thumbnails

Sensitive Information

When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Social security numbers or other government identifiers
  • Financial data and credit worthiness data
  • Tax identification numbers
  • Digital wallet addresses and cryptocurrency data
  • Blockchain transaction records
  • Biometric data (facial recognition data collected during KYC liveness verification, processed by our verification partner and not stored permanently by the platform)
  • Age verification documents
  • IP ownership and licensing records
  • Revenue and royalty payment data
  • Banking and payment processor information

Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Stripe and Coinbase. You may find their privacy notice links here: https://stripe.com/privacy and https://www.coinbase.com/legal/privacy. We may support third-party payment service providers from time to time to facilitate transactions on the platform. We do not directly store users' payment credentials.

Social Media Login Data

We may provide you with the option to register with us using your existing social media account details, like your Google, Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "How Do We Handle Your Social Logins?" below.

Information Automatically Collected

In Short: Some information is collected automatically when you visit our Services.

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services. This information does not reveal your specific identity but may include device and usage information.

  • Log and Usage Data: Service-related, diagnostic, usage, and performance information including your IP address, device information, browser type and settings, date/time stamps, pages and files viewed, searches, and other actions you take
  • Device Data: Information about your computer, phone, tablet, or other device including IP address, device and application identification numbers, location, browser type, hardware model, operating system, and system configuration
  • Location Data: Information about your device's location, which can be either precise or imprecise, using GPS and other technologies
  • Blockchain interaction data: Records of user interactions with blockchain networks, including transaction signatures and wallet connections
  • Smart contract transaction logs: Automated records of smart contract executions related to IP registration and revenue distribution
  • Digital wallet connection records: Information about cryptocurrency wallets connected to user accounts
  • Content engagement metrics: Data about how users interact with content, including reading time, bookmarks, and sharing activities
  • Reading progress and preferences: User reading habits, preferred genres, and content consumption patterns
  • Creator interaction patterns: Data about interactions between creators and readers, including follows, comments, and collaboration activities
  • Revenue and monetization analytics: Performance data related to content monetization, earnings tracking, and payment processing
  • Platform performance metrics: Technical data about application performance, loading times, and system usage statistics
  • Security and fraud detection data: Information collected to detect suspicious activities and maintain platform security
  • API usage and integration data: Records of third-party service integrations and API calls
  • Content moderation and flagging data: Records of content reports, moderation decisions, and safety-related user actions
  • Recommendation algorithm data: Data processed by machine learning systems to provide personalized content recommendations

Google API

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Information Collected from Other Sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources to enhance our ability to provide relevant marketing, offers, and services to you and update our records.

  • Mailing addresses, job titles, email addresses, phone numbers
  • Intent data (or user behavior data), Internet Protocol (IP) addresses
  • Social media profiles and URLs
  • Custom profiles for purposes of targeted advertising and event promotion
  • Information from social media platforms when you interact with us (name, email address, gender)

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts
  • To deliver and facilitate delivery of services to the user
  • To respond to user inquiries/offer support to users
  • To send administrative information to you
  • To fulfill and manage your orders, payments, returns, and exchanges
  • To enable user-to-user communications
  • To request feedback and to contact you about your use of our Services
  • To send you marketing and promotional communications (you can opt out at any time)
  • To deliver targeted advertising tailored to your interests, location, and more
  • To protect our Services, including fraud monitoring and prevention
  • To identify usage trends so we can improve our Services
  • To determine the effectiveness of our marketing and promotional campaigns
  • To save or protect an individual's vital interest
  • To process and distribute revenue payments to creators
  • To verify user identity and age for compliance purposes
  • To register and manage intellectual property rights on blockchain
  • To facilitate derivative work licensing and permissions
  • To execute smart contracts for automated royalty distribution
  • To maintain user account security and authentication
  • To provide content recommendations and personalization
  • To enforce community guidelines and content moderation
  • To process subscription and monetization services
  • To manage parental controls and minor protection features
  • To sync user data across multiple devices and platforms
  • To provide analytics and performance tracking to creators
  • To facilitate collaboration between creators
  • To manage dispute resolution and customer support
  • To comply with legal obligations and regulatory requirements
  • To maintain blockchain network security and integrity
  • To prevent intellectual property theft and unauthorized use
  • To optimize content discovery algorithms
  • To synchronize data across multiple blockchain networks
  • To monitor compliance with international regulations
  • To optimize platform performance and user experience

3. What Legal Bases Do We Rely On to Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If You Are Located in the EU or UK

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

Consent

We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Performance of a Contract

We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

Legal Obligations

We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests

We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Legitimate Interests

We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.

  • Send users information about special offers and discounts on our products and services
  • Develop and display personalized and relevant advertising content for our users
  • Analyze how our Services are used so we can improve them to engage and retain users
  • Support our marketing activities
  • Diagnose problems and/or prevent fraudulent activities
  • Understand how our users use our products and services so we can improve user experience
  • Protect the platform's blockchain infrastructure, prevent security breaches, and maintain trust in the decentralized IP management system
  • Safeguard creators' rights, maintain content authenticity, and preserve the integrity of the intellectual property ecosystem
  • Enhance user experience by helping users discover relevant content more effectively
  • Provide unified user experience across multiple blockchain ecosystems and maintain data integrity in cross-chain transactions
  • Maintain legal compliance across different jurisdictions and protect both the platform and users from regulatory risks
  • Provide faster, more reliable service and enhance overall platform performance for all users

If You Are Located in Canada

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court
  • If it was produced by an individual in the course of their employment, business, or profession
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

4. When and With Whom Do We Share Your Personal Information?

We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers

We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information.

  • Ad Networks
  • Affiliate Marketing Programs
  • AI Platforms
  • Cloud Computing Services
  • Communication & Collaboration Tools
  • Data Analytics Services
  • Data Storage Service Providers
  • Finance & Accounting Tools
  • Order Fulfillment Service Providers
  • Payment Processors
  • Performance Monitoring Tools
  • Social Networks
  • User Account Registration & Authentication Services
  • Website Hosting Service Providers
  • Blockchain Infrastructure Providers
  • Intellectual Property Registration Services
  • Content Moderation Services
  • Identity Verification and KYC Providers
  • Cryptocurrency and Digital Asset Services
  • Smart Contract Development Platforms
  • Legal and Compliance Service Providers
  • Age Verification and Parental Control Services
  • Dispute Resolution and Arbitration Services
  • Tax Reporting and Financial Compliance Services
  • Anti-Money Laundering (AML) Screening Services
  • Content Translation and Localization Services
  • Digital Rights Management (DRM) Services
  • AI Model Training and Development Services
  • Machine Learning Infrastructure Providers
  • Natural Language Processing Service Providers

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Business Partners

We may share your information with our business partners to offer you certain products, services, or promotions.

Other Users

When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. If you interact with other users of our Services and register for our Services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity.

Government and Law Enforcement

We may share your personal information with government entities, law enforcement agencies, or regulatory authorities when we are legally required to do so (e.g., in response to a court order, subpoena, or other legal process), or when we believe in good faith that disclosure is necessary to: (a) comply with applicable law or regulation; (b) protect our rights, property, or safety, or the rights, property, or safety of our users or others; (c) detect, prevent, or address fraud, security, or technical issues; or (d) comply with anti-money laundering (AML), tax reporting, or other regulatory requirements.

5. What Is Our Stance on Third-Party Websites?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.

The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third-party websites. Any data collected by third parties is not covered by this Privacy Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.

6. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

Overview

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

Third-Party Tracking

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders. The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

Opt-Out Rights

To the extent these online tracking technologies are deemed to be a "sale"/"sharing" (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request as described in the section "Do United States Residents Have Specific Privacy Rights?"

Types of Cookies

  • Essential cookies: Required for the Service to function properly
  • Analytics cookies: Help us understand how users interact with the Service
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include: Remarketing with Google Analytics. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

Your Cookie Choices

Most web browsers allow you to control cookies through their settings. However, disabling certain cookies may affect the functionality of the Service.

7. Do We Offer Artificial Intelligence-Based Products?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Policy govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including Adobe Sensei, Amazon Bedrock, Amazon Web Services (AWS) AI, Anthropic, AssemblyAI, Black Forest Labs, Cohere, DALL-E, Databricks, DeepAI, Deepgram, ElevenLabs, Filestack, Fireworks, FriendliAI, Gladia, Google Cloud AI, Hugging Face, Hume AI, Hyperbolic, IBM Watson, Ideogram, Imagga, Lambda Labs, LMNT, Microsoft Azure AI, Midjourney, Mistral AI, Murf AI, NVIDIA AI, OpenAI, Oracle AI, Perplexity, PlayAI, Playground AI, Recraft AI, Runpod, Salesforce Einstein, SambaNova, SAP Leonardo, Speechify, Speechmatics, Stability.ai, Together.ai and xAI. As outlined in this Privacy Policy, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:

  • Text analysis
  • AI applications and bots
  • AI automation and deployment
  • AI document generation
  • AI insights and predictive analytics
  • AI research and development
  • AI translation
  • Blockchain integration
  • Image analysis and generation
  • Machine learning models
  • Natural language processing
  • AI search
  • Video analysis and generation

How We Process Your Data Using AI

All personal information processed using our AI Products is handled in line with our Privacy Policy and our agreement with third parties. This ensures high security and safeguards your personal information throughout the process, giving you peace of mind about your data's safety.

How to Opt Out

We believe in giving you the power to decide how your data is used. To opt out, you can contact us using the contact information provided.

8. How Do We Handle Your Social Logins?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Google, Facebook, or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this Privacy Policy or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

9. Is Your Information Transferred Internationally?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States and Japan. Regardless of your location, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information, including facilities in the United States, Japan, and other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Policy and applicable law.

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.

10. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, anti-money laundering, or other legal requirements).

The following retention periods apply to specific categories of data: (a) Account data: retained for the duration of your account plus 30 days after account deletion to allow for recovery; (b) KYC/identity verification data: retained for the duration of your account plus 5-7 years after account closure, as required by anti-money laundering regulations; (c) Transaction and payment records: retained for 7 years after the transaction, as required by tax and accounting regulations; (d) Blockchain records: data recorded on public blockchains is technically immutable and cannot be deleted (see Section 17 for details); (e) Content and usage data: retained for the duration of your account; upon deletion, content is removed from the platform but cached or backed-up copies may persist for a reasonable period; (f) Communication records (support tickets, emails): retained for 3 years after the last interaction.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives or on a public blockchain), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

11. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

12. Do We Collect Information from Minors?

In Short: We do not knowingly collect data from or market to persons under 18 years of age.

Our Services are intended for users who are at least 18 years of age. As stated in our Terms of Service, you must be at least 18 years old to create an account or use any part of the Service. We do not knowingly collect personal information from anyone under the age of 18.

If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information as soon as reasonably practicable. If you believe we have collected information from a person under 18, please contact us at [email protected].

We acknowledge that different jurisdictions may have different age thresholds for digital services (e.g., 16 in parts of the EU under GDPR, 14 in China under PIPL). Where local law imposes a higher age requirement or additional parental consent obligations, we will comply with such requirements to the extent applicable.

13. What Are Your Privacy Rights?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making.

If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review.

Access

Request access to and obtain a copy of your personal information

Rectification

Request rectification or correction of inaccurate or incomplete information

Erasure

Request deletion or erasure of your personal information

Data Portability

Request a copy of your data in a portable format, if applicable

Objection

Object to the processing of your personal information in certain circumstances

Restriction

Request restriction of processing in certain circumstances

Withdraw Consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing before its withdrawal.

To exercise these rights, please contact us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, by contacting customer support via email, or by contacting us using the details provided in the Contact section. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account, or contact us. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

14. Controls for Do-Not-Track and Global Privacy Control

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

We recognize Global Privacy Control ("GPC") signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information, as required by applicable US state privacy laws (including the California Consumer Privacy Act). You can learn more about GPC at https://globalprivacycontrol.org/.

If additional standards for online tracking are adopted that we must follow in the future, we will inform you about those practices in a revised version of this Privacy Policy.

15. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

We have collected the following categories of personal information in the past twelve (12) months:

  • A. Identifiers — Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name
  • B. Personal information as defined in the California Customer Records statute — Name, contact information, education, employment, employment history, and financial information
  • C. Protected classification characteristics under state or federal law — Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data
  • D. Commercial information — Transaction information, purchase history, financial details, and payment information
  • E. Biometric information — Facial geometry data collected during KYC identity verification (processed by third-party verification partner, not stored permanently)
  • F. Internet or other similar network activity — Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements
  • G. Geolocation data — Device location
  • H. Audio, electronic, sensory, or similar information — Images and audio, video or call recordings created in connection with our business activities
  • I. Professional or employment-related information — Business contact details, job title, work history, and professional qualifications
  • J. Education Information — Student records and directory information
  • K. Inferences drawn from collected personal information — Inferences drawn to create a profile or summary about an individual's preferences and characteristics
  • L. Sensitive personal Information — Account login information, financial information including account access details and debit or credit card numbers

We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

How We Use and Share Personal Information

We collect and share your personal information through targeting cookies/marketing cookies, social media cookies, beacons/pixels/tags, click redirects (third-party advertising partner links and external platform redirects), and social media plugins (social media sharing buttons and embedded social media content).

We have not sold personal information to third parties for monetary consideration in the preceding twelve (12) months. We may share personal information with third-party service providers for business purposes as described in Section 4, and with AI service providers as described in Section 7 (only with your consent for AI training purposes). Under the broad definition of "sale" or "sharing" in certain US state laws, some of these disclosures may be considered "sharing" for targeted advertising purposes. You may opt out of such sharing as described in this section.

Your Rights

  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

Additional State-Specific Rights

  • Right to access the categories of personal data being processed (Minnesota)
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (California, Delaware, Maryland)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (Minnesota, Oregon)
  • Right to review, understand, question, and correct how personal data has been profiled (Connecticut, Minnesota)
  • Right to limit use and disclosure of sensitive personal data (California)
  • Right to opt out of the collection of sensitive data and personal data collected through voice or facial recognition (Florida)

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at [email protected], or by referring to the contact details at the bottom of this document.

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.

16. Content Data Processing and AI Training

This section explains how we process your content from a data protection perspective. For the full terms governing intellectual property rights and content licensing, please refer to our Terms of Service (Section 11: Contribution License).

We do not claim ownership of your content. You retain full ownership of all content you publish on the platform and any intellectual property rights associated with it, as stated in our Terms of Service.

Platform Operations License

By publishing content on our platform, you grant Storyfor, Inc. a non-exclusive, royalty-free, worldwide license to use, copy, reproduce, display, distribute, and create derivative works of your content solely to the extent necessary for operating, promoting, and improving the Services. This includes content display, search indexing, content recommendation, content moderation, spam and plagiarism detection, format conversion, thumbnail generation, and promotional use of excerpts. This license continues for as long as your content remains on the Services and for a reasonable period thereafter for archival and backup purposes.

AI Model Training (Requires Separate Consent)

We may use content published on the platform to train and improve artificial intelligence and machine learning models, including but not limited to content recommendation systems, writing assistance tools, content moderation systems, plagiarism detection, translation models, and other AI-powered features designed to enhance the platform experience.

Commercial Licensing of Your Content

Commercial licensing of your content (such as film/TV adaptation, merchandise, game development, publishing rights) is handled through separate commercial license agreements and is not covered by this Privacy Policy. For details on commercial licensing, please refer to our Commercial License Agreement. Any commercial licensing requires the creator's explicit authorization and is subject to revenue sharing as detailed in our Fee Schedule.

Content Analytics and Insights

We process aggregated, anonymized data derived from content interactions (such as reading patterns, engagement metrics, and genre trends) for platform analytics, performance reporting, and service improvement. This aggregated data does not identify individual works or creators and is used for general platform optimization.

17. Blockchain Integration

Our platform integrates with blockchain technology to provide intellectual property registration, content ownership verification, NFT creation, and automated revenue distribution. This section explains how blockchain technology affects the processing of your personal data. For complete terms governing blockchain features and NFT purchases, please refer to our Terms of Service (Section 31) and NFT Purchase Agreement.

What Data Is Recorded on the Blockchain

When you use blockchain features (such as minting NFTs or registering IP), the following data may be recorded on public blockchain networks (primarily Polygon): (a) content metadata (title, creation date, content hash); (b) wallet addresses; (c) transaction records (minting, transfers, purchases); (d) licensing terms and authorization records. We design our systems to minimize the personal data recorded on-chain. Your full name, email address, and other directly identifying information are NOT recorded on the blockchain — they remain in our off-chain databases where they can be modified or deleted.

Permanent Nature of Blockchain Data

Blockchain records are technically immutable — once data is recorded on a public blockchain, it cannot be modified or deleted. This is an inherent characteristic of blockchain technology, not a policy choice. We inform you of this before any blockchain transaction is initiated so you can make an informed decision.

NFT Creation

NFTs are created only at the explicit request of the content creator. We do not create NFTs of your content without your prior authorization. Each NFT minting is initiated by the creator through the platform interface. NFT ownership does not transfer any intellectual property rights — see our NFT Purchase Agreement for details.

Decentralized Storage

Content associated with NFTs may be stored on decentralized storage networks (such as IPFS). Content uploaded to IPFS is distributed across a decentralized network and may persist on third-party nodes even after removal from the platform. We will take all reasonably available technical measures to restrict access to removed content, but cannot guarantee complete removal from all decentralized storage nodes.

Cross-Border Data Transmission

Blockchain technology inherently involves cross-border data transmission, as blockchain networks are operated by globally distributed nodes. By using blockchain features, you acknowledge that transaction data will be transmitted and stored across global networks.

Blockchain Risks

Blockchain technology involves inherent risks including but not limited to: network congestion, smart contract vulnerabilities, wallet credential loss, network forks, regulatory changes, token value fluctuation, and gas fee variability. For a complete description of blockchain risks, please refer to our Terms of Service (Section 31) and NFT Purchase Agreement (Section 5). These risk disclosures do not limit any rights you may have under applicable consumer protection laws.

Dispute Resolution

Blockchain-related disputes may involve specialized technical considerations. However, this does not limit your right to seek legal remedies through courts or other dispute resolution mechanisms as provided in our Terms of Service and applicable law.

18. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and other applicable data protection laws.

If a data breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay, providing: (a) a description of the nature of the breach; (b) the categories and approximate number of individuals affected; (c) the likely consequences of the breach; (d) the measures taken or proposed to address the breach; and (e) contact information for our data protection point of contact.

We maintain incident response procedures to detect, investigate, and respond to data breaches promptly. We regularly test and evaluate the effectiveness of these procedures.

19. Do We Make Updates to This Policy?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including the rights to access, rectify, erase, restrict processing, data portability, and object to processing. You also have the right to lodge a complaint with a supervisory authority.

Japan Privacy Rights (APPI)

If you are a resident of Japan, you have rights under the Act on the Protection of Personal Information (APPI), as amended in April 2022.

We collect and use your personal information for the purposes described in Section 2 of this Privacy Policy. Under APPI, we will not use your personal information beyond the scope of these stated purposes without your prior consent.

You have the right to: (a) request disclosure of your personal information and records of third-party provision; (b) request correction, addition, or deletion of inaccurate personal information; (c) request suspension of use or erasure of your personal information if it was obtained improperly or is no longer needed; (d) request us to stop providing your personal information to third parties.

Your personal information may be transferred to and processed in countries outside Japan, including the United States. We take appropriate measures to protect your information in accordance with APPI requirements for cross-border transfers, including confirming that the receiving country has an equivalent level of data protection or implementing appropriate contractual safeguards.

To exercise these rights, please contact us at [email protected]. We will respond to your request within a reasonable period as required by APPI.

Taiwan Privacy Rights (PDPA)

If you are a resident of Taiwan, you have rights under the Personal Data Protection Act (PDPA).

We collect your personal data for the purposes described in this Privacy Policy, including: account management, service provision, payment processing, intellectual property management, content recommendation, and compliance with legal obligations.

Under the PDPA, you have the right to: (a) inquire about and review your personal data; (b) request copies of your personal data; (c) supplement or correct your personal data; (d) request cessation of collection, processing, or use of your personal data; (e) request deletion of your personal data.

The categories of personal data we collect include: identifying information (name, email, phone), financial information (payment records), social activity information (reading history, comments), and other information as described in Section 1 of this Privacy Policy.

Your personal data may be transferred to and processed in countries outside Taiwan, including the United States and Japan. We ensure that appropriate protections are in place in accordance with PDPA requirements for international data transfers.

To exercise these rights, please contact us at [email protected]. We will respond within 15 days for inquiry requests and 30 days for correction or deletion requests, as required by the PDPA.

China Privacy Rights (PIPL)

If you are a resident of the People's Republic of China (Mainland China), you have rights under the Personal Information Protection Law (PIPL).

We process your personal information based on the following legal grounds as applicable: (a) your consent; (b) necessity for performing a contract with you; (c) necessity for performing statutory duties or obligations; (d) necessity for responding to public health emergencies or protecting your vital interests; (e) processing of personal information that you have made publicly available, within a reasonable scope.

Under PIPL, certain categories of personal information are classified as sensitive, including biometric data, financial account information, location data, and personal information of minors under 14. We will obtain your separate consent before processing sensitive personal information and inform you of the necessity of such processing and the impact on your rights.

Under PIPL, you have the right to: (a) know about and decide on the processing of your personal information; (b) restrict or refuse the processing of your personal information (except where required by law); (c) access and copy your personal information; (d) request transfer of your personal information to a designated processor; (e) request correction or supplementation of your personal information; (f) request deletion of your personal information; (g) request an explanation of our processing rules.

Your personal information may be transferred outside of Mainland China for processing. In accordance with PIPL, we will: (a) inform you of the name and contact information of the overseas recipient, the purpose and method of processing, the categories of personal information involved, and the means for you to exercise your PIPL rights with the overseas recipient; (b) obtain your separate consent for such cross-border transfers; (c) take necessary measures to ensure the overseas recipient provides a level of protection equivalent to PIPL requirements.

We do not knowingly collect personal information from minors under 14 years of age without the consent of their parents or guardians. If you believe we have collected such information, please contact us immediately.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 15 days.

Cookie Details

Cookie Types and Retention

Essential Cookies

These cookies are necessary for the website to function properly and cannot be disabled. They include session cookies, security cookies, and load balancing cookies.

Retention: Session or up to 1 year

Functional Cookies

These cookies enable enhanced functionality and personalization, such as remembering your language preferences, reading settings, and recently viewed content.

Retention: Up to 1 year

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Retention: Up to 2 years

Marketing Cookies

These cookies are used to track visitors across websites to display relevant advertisements. You can opt out of marketing cookies without affecting your access to our services.

Retention: Up to 2 years

Third-Party Cookie Providers

  • Google Analytics — Website analytics and user behavior analysis
  • Stripe — Payment processing and fraud prevention
  • Cloudflare — Security and performance optimization

Managing Your Preferences

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

GDPR/CCPA Cookie Rights

EU users have the right to be informed about how cookies are used, give or withdraw consent for non-essential cookies, and request deletion of data collected through cookies.

California users have the right to know what personal information is collected, opt out of the sale of personal information, and request deletion of personal information.

Identity Verification (KYC) Details

When KYC is Required

  • Creator Payouts: To receive earnings from tips, ad revenue, or content sales
  • NFT Sales: To mint or sell NFTs on the platform
  • Commercial Licensing: To license your work for commercial use, or to purchase commercial licenses for others' works
  • IP Agency Delegation: To delegate IP agency operations and management to the platform
  • Large Transactions: For transactions exceeding certain thresholds

Data Collected

  • Personal Information: Full legal name, date of birth, nationality, residential address, phone number, email
  • Identity Documents: Government-issued photo ID, proof of address, selfie holding your ID (for liveness verification)
  • Business Information (Enterprise Users): Company name, registration number, business address, authorized representative information
  • Biometric Data: Facial biometric data collected during liveness check, processed by our verification partner and not stored permanently

Verification Process and Timeline

  • Submit required personal information through our secure form
  • Upload clear photos of your identity documents
  • Complete a liveness verification (selfie or video)
  • Wait for review (typically 1-3 business days)
  • Receive confirmation or request for additional information

Data Protection Measures

  • End-to-end encryption for all document uploads
  • Secure storage in compliance with industry standards (SOC 2, ISO 27001)
  • Access limited to authorized personnel only
  • Regular security audits and penetration testing

Data Retention Period

KYC data is retained for the duration of your account plus a legally mandated period (typically 5-7 years) after account closure, as required by anti-money laundering regulations. After the retention period expires, data will be securely deleted or anonymized.

20. How Can You Contact Us About This Policy?

If you have questions or comments about this policy, you may email us or contact us by post at:

Storyfor, Inc.

Address: 131 Continental Dr, Suite 305, Newark, DE 19713, United States

Email: [email protected]

Data Protection Inquiries: If you have questions about how your personal data is processed, or wish to exercise your data protection rights, please contact our data protection point of contact at [email protected].

21. How Can You Review, Update, or Delete the Data We Collect from You?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please submit a data subject access request by contacting us at [email protected].