What we know, and why
Privacy Policy
Version 1.0 · 18 July 2026 · The data controller is See More Potential Ltd
The short version
- We collect what running a family archive needs: your email, your username, and the stories and photos you upload — and very little else.
- No advertising, no selling data, no tracking cookies. The only cookies are the ones that keep you signed in.
- Your photos keep their embedded details (dates, sometimes places) — that's what powers timelines, albums and journey maps.
- A small set of trusted services under contract store and deliver your content (the full list is below).
- You can ask for a copy of your data, or ask us to delete it: [email protected].
1. Who's responsible
The data controller for Storyus (storyus.life) is See More Potential Ltd, registered in England and Wales, company number 06669823, registered office: The Old Counting House, 82e High Street, Wallingford, Oxfordshire, OX10 0BS, United Kingdom. Anything in this policy you want to ask about, or any of your rights you want to use: [email protected].
2. What we collect
- Your account: your email address, your chosen username, and your password — stored only as a secure hash, which means we can't read it.
- Your content: the stories, photographs and videos you upload, including the metadata embedded in photos (capture dates, camera details and sometimes location). We keep that metadata because Storyus's features — timelines, albums that build themselves, journeys drawn on maps — run on it.
- Memberships and roles: which collectives you belong to and your role in each, plus an audit trail of membership changes — kept so a family archive's history of who-could-see-what is answerable.
- Technical logs: standard server logs (IP address, request, time), kept briefly for security and debugging.
- The waiting list: if you joined it, your email address lives in Mailchimp and is used only for Storyus news, until you unsubscribe.
3. Why we use it
We process personal data to run the service you asked for (our contract with you): storing and showing your stories to the people you chose, and sending the emails an account needs — password resets, invitations, membership changes. We also process some data in our legitimate interest of keeping Storyus secure and free of abuse. News and marketing go only to people who consented by joining the waiting list.
We do not use your data for advertising, we do not profile you, we do not sell data to anyone, and we do not use your content to train AI models.
4. Who helps us run Storyus
A small set of service providers process data for us, under contract and only on our instructions:
| Service | What it does for Storyus |
|---|---|
| Railway | Runs the application |
| MongoDB Atlas | Hosts the database |
| Amazon Web Services (S3) | Stores your original photos and videos |
| Cloudinary | Resizes and delivers images |
| Mux | Processes and streams video |
| Resend | Sends account emails |
| Cloudflare | Content delivery, security and DNS |
| Google Fonts | Delivers the site's typefaces (your browser requests them from Google's servers) |
| Mailchimp | Waiting-list emails only |
5. Where your data lives
Some of these providers process data in the United States and other countries outside the UK. Where they do, the transfers are protected by UK-approved safeguards — the UK International Data Transfer Agreement or Addendum, or the UK–US Data Bridge where the provider is certified.
6. How long we keep things
Account data lasts as long as your account does. Your content stays until you (or your collective's admins, within their role) delete it, or your account closes — plus a short period while backups cycle out. Server logs are short-lived. The membership audit trail is retained for security and accountability. Signups that are never completed may be removed after a short period.
To close your account, email [email protected]; we'll delete your personal data and content, except anything the law requires us to keep.
7. Your rights
UK data-protection law gives you rights over your personal data: to access a copy of it, to correct it, to have it deleted, to restrict or object to how it's used, and to take it with you (portability). Email [email protected] and we'll help.
You can also complain to the Information Commissioner's Office (ico.org.uk) — though we'd ask you to talk to us first, so we can try to put it right.
8. Children
Storyus accounts are for people aged 13 and over. Children younger than that appear in Storyus the way they appear in any family album — in stories and photographs uploaded by the adults in their family, who are responsible for what they share about their children. The privacy levels mean most family content is never public at all. Guardian-managed accounts for younger children are planned; this policy will be updated when they arrive.
10. Security
Storyus runs over HTTPS everywhere; passwords are stored only as secure hashes; access to content is governed by each story's privacy level and each member's role; membership changes are audited; and we build on reputable infrastructure providers. No system on earth is perfect — if a breach ever affects your personal data, we'll tell you, and the ICO, as the law requires.
11. Changes to this policy
When this policy materially changes we'll publish the new version here and update the version and date at the top. Significant changes will be flagged in the product.
See More Potential Ltd · registered in England and Wales, company no. 06669823 ·
The Old Counting House, 82e High Street, Wallingford, Oxfordshire, OX10 0BS, United Kingdom
Terms & Conditions · Report content ·
[email protected]