Storybench

Legal

Privacy Policy

What we collect, how we use it, who we share it with, and the choices you have. Questions? Email [email protected].

The short version

Last updated: 15 June 2026

We collect what we need to run Storybench: your email and name, the stories and images you make, and payment status (Stripe handles your card, we never see it). To create your illustrations, your prompts and uploaded images are sent to Google’s AI, and your story text may be sent to Anthropic or OpenAI. We don’t sell your data and we use only essential cookies. There’s no self-service account-delete button yet — email us and we’ll do it by hand.

This summary is for convenience. The detail below is what applies.

1. Who this covers and how to reach us

This policy explains how Storybench (“we”, “us”), operated from New Zealand, handles your personal information. For any privacy question or request, email [email protected].

We follow the New Zealand Privacy Act 2020. If you’re in the EU or UK, we also honour the GDPR / UK GDPR. If you’re in California, we honour the CCPA / CPRA.

2. What we collect

Account information.

  • Your email address and your name.
  • If you sign in with Google: your Google account identifier and profile picture URL. We request only basic openid/email/profile scopes, and we do not store your Google password or long-lived Google tokens.
  • An optional “organization” field, your sign-up intent, and your theme preference.
  • We do not use or store passwords — sign-in is by magic link or Google.

Content you create.

  • Your stories and your page/book text.
  • Your cast, world, and character definitions.
  • Reference images you upload, and images the service generates for you.
  • Any text-to-speech text and audio.
  • Text is stored in our database; images and audio are stored in private cloud storage and served through short-lived expiring links.

Payments.

  • Payments are handled by Stripe. We do not store your card details.
  • We store your Stripe customer ID, your subscription status / period / plan, and Stripe event identifiers.

Technical information.

  • When you log in, we store session information including your IP address and browser/user-agent with that session.
  • We keep server logs and use your IP transiently for rate-limiting and bot protection.
  • If you join the waitlist, we store your email, the page you signed up from, and the referring URL.

3. Cookies

We use exactly two essential cookies: a sign-in session cookie and a short-lived login/OAuth security cookie. We use no tracking or advertising cookies.

Your theme choice is stored in your browser’s local storage, not a cookie. Our website analytics (Beam) is cookieless. Cloudflare, our infrastructure provider, may set its own security cookies (for example for bot protection).

Because we use only essential cookies plus cookieless analytics, there’s no cookie consent banner.

4. How we use your data

We use your data to provide and run the service, generate your books, sign you in, take payment, provide support, keep the service secure and prevent abuse, and improve it.

For EU / UK users, the legal bases we rely on are: performance of our contract with you; our legitimate interests (such as securing and improving the service); your consent where required; and compliance with legal obligations.

We don’t use your data to make automated decisions that produce legal or similarly significant effects about you.

5. Who we share it with

We share data with the service providers we use to run Storybench. We do not sell your personal information, and we do not share it for cross-context behavioural advertising.

  • Google — image generation via Gemini (receives your prompts and uploaded/reference images); Google sign-in; and Google Fonts (receives your IP address when the app loads fonts).
  • Anthropic and OpenAI — process your story and scene text to help with writing and parsing.
  • ElevenLabs — text-to-speech, where used.
  • Stripe — payments.
  • Mailgun — sends your sign-in emails, which contain your one-time login link.
  • Cloudflare — private file storage (R2), bot protection (Turnstile), and content delivery.
  • Beam — cookieless website analytics, on the marketing site only (not inside the app).

Stated plainly: your prompts and any images you upload are sent to Google to generate illustrations, and your story text may be sent to Anthropic or OpenAI. If and when video features are enabled for your account, additional AI providers will process the relevant content.

6. International transfers

Most of these providers are based in the United States, so your data is processed outside New Zealand. We rely on those providers’ contractual safeguards and standard data-protection terms to protect it.

7. How long we keep it, and deletion

We keep your content while your account is active. When you delete items, many go to a recycle bin and can be restored. Deleted Worlds and Books are permanently purged about 40 days after deletion, and other recycle-bin items are removed when you purge them. Deleted data may persist in our encrypted backups for up to about 7 days.

Please note: there is no self-service “delete my account” button yet. To delete your account or request erasure of your data, email [email protected] and we will action it manually.

8. Your rights

You can ask us to access, correct, delete, or provide a copy of your data, and (under the GDPR) to object to or restrict certain processing. To make a request, email [email protected].

You can also complain to the New Zealand Office of the Privacy Commissioner, or to your local data-protection authority (EU/UK), or to the California Attorney General (California).

9. Children

Storybench is for adults 18 and over. It is not directed to children, and we don’t knowingly collect children’s personal data. As noted in our Terms, please don’t upload images of real children.

10. Security

We protect your data with measures including: encryption in transit, signed HttpOnly session cookies, login tokens stored only as hashes, and private files served through expiring links. No system is 100% secure, but we work to keep your data safe.

11. Communications

We send you service emails that are necessary to run your account — for example your sign-in link and important notices about your account, billing, or these policies. If we ever send optional product updates, you’ll be able to opt out, and we won’t send marketing emails without an easy way to unsubscribe.

12. Changes to this policy

We may update this policy from time to time. When we do, we’ll update this page and the “Last updated” date above, and we’ll notify you of material changes.

13. Contact

Privacy questions or requests? Email us at [email protected].