YouStory Privacy Policy

Last Updated: August 7, 2025

Introduction

Welcome to the youStory.io platform (hereinafter referred to as “youStory.io” or the “Platform”), which includes the YouStory.io mobile application, desktop software, official website, and any other features, functionalities, or services now or in the future provided (collectively, the “Services”). You can contact us by [email protected]. We value your privacy and are committed to protecting your personal data. This Privacy Policy (the “Policy”) explains how we collect, use, share, and protect your personal information when you access or use our Services, including any websites or platforms linked to this Policy.

This Policy describes:

The types of personal information we collect and how we collect it;
How we use your personal information and the legal bases for doing so;
How and with whom we share your information;
Your privacy rights under applicable laws, including the GDPR and U.S. privacy laws (e.g., CCPA/CPRA); and
How we protect your information and how long we retain it.

By accessing or using the Services, you acknowledge and agree to this Policy. If you do not agree, please do not use our Services. Note: This Policy does not apply to third-party products, services, websites, or content (“Third-Party Services”). These are governed by their respective privacy policies, which we recommend you review prior to use.

1. Information We Collect

We may collect the following information about you from different sources, including information you provide directly, information collected automatically, and information from other sources.

Information You Provide

When interacting with our Services, you may voluntarily provide certain personal information, including but not limited to:

Registration Information: When registering an account, we may collect your username, password, date of birth (if applicable), email address, and/or phone number. If registering as a representative of an organization, we may also collect your name, corporate email, phone number, country/region, physical address, and applicable organizational details.
User Content: We collect content you create, upload, generate, or otherwise provide through the Services. This may include profile information (e.g., nickname and avatar), user-generated content, images, prompts, and any other materials created and/or shared using the Services.
Payment Information: When you purchase paid Services (as defined in our Terms of Service), payments are processed by third-party providers, who may collect your credit card or other financial information. We do not store full payment card details but may retain transaction confirmation details or records necessary for compliance and accounting.
Communication Information: When you contact us via email, chat, or other communication channels for support, feedback, or inquiries, we collect the content of your message and any relevant details you choose to provide.
Surveys and Promotions: With your consent, we may collect information when you participate in surveys, studies, promotions, marketing campaigns, or events that we organize or sponsor.

Information Collected Automatically

When you interact with our Services, including browsing without creating an account, we may automatically collect certain information about your device and usage patterns, such as:

Technical and Device Information: This may include IP address, browser type, user agent, mobile carrier, time zone, device identifiers (including advertising IDs), device model, operating system, network type, and screen resolution.
Usage Information: We record activity within the Services, including pages or content viewed, duration of interactions, access times, navigation paths, clicks, searches, and referring URLs (websites visited prior to using our Services).
Location Information: We may infer your general geographic area (e.g., country, region, or city level) based on your device’s IP address or similar network signals. We use this information to help secure your account (e.g., detect unusual login activity), apply regional settings (e.g., language or content availability), comply with geolocation-based legal requirements, and improve relevance and quality of features. With your permission, we may also collect precise location data for location-based features.
Cookies and Similar Technologies: We use cookies, mobile IDs, and similar technologies to operate and optimize the Services, enable certain functionalities, and enhance your user experience. You can manage or disable cookies via your browser or device settings.

Information from Other Sources

If you register or log in using a third-party account (e.g., Apple or Google), we may receive certain information from that third party, such as your username, public profile details, and any other information authorized for sharing. We may also share limited information with third-party providers to facilitate authentication and account linking, such as your app ID, access token, and referring URL.

2. How We Use Your Information

We may use your personal information to operate, provide, support, and manage the Platform and Services, enable their features, secure your account, and fulfill, enforce, and comply with our Terms of Service. Specifically, we use personal information for the following purposes:

Verifying eligibility and age requirements to ensure lawful use of the Services;
Providing, operating, and maintaining the Services, including core and account features;
Responding to your requests for products, services, features, support, and information;
Performing internal operations such as troubleshooting, data analysis, testing, research, statistics, surveys, and soliciting feedback for service improvement;
Displaying, recommending, or promoting your content to other users based on your settings and platform design;
Communicating with you, including notifications about services, terms, or policy updates;
Providing customer support and responding to inquiries, requests, complaints, and feedback;
Processing transactions and supporting sales, promotions, purchases, subscriptions, refunds, and related customer services;
Securing the platform and defending the legal rights, property, and business interests of us, our affiliates, and the public;
Enforcing our terms, conditions, and policies, and complying with legal and regulatory obligations;
Detecting, investigating, and helping prevent abuse, fraud, and illegal activities, including scanning, analyzing, and reviewing user content and related metadata for policy violations;
Other purposes disclosed at the time of collection, with your consent, or as otherwise permitted by law. If the GDPR or other data protection laws apply, we must establish a lawful basis for processing your personal data. Depending on the context, we process your personal information based on one or more of the following legal grounds:

(a) Contract Performance

We process personal data as necessary to enter into, perform, and manage our contractual obligations under the Terms of Service. This includes account creation, service delivery, payment/subscription processing, content delivery, and service-related communications.

(b) Consent

When required by law or for optional features, we process data with your consent — for example, for marketing emails, surveys, beta programs, or access to device data (such as precise location). You may withdraw consent at any time via settings or by contacting us (see “Contact Us”). Withdrawal does not affect prior lawful processing.

© Legal Obligations

We process data to comply with legal and regulatory requirements, such as tax and accounting rules, legitimate requests from authorities, identity verification (e.g., for fraud, sanctions, or anti-money laundering checks), or to respect data subject rights under privacy laws.

(d) Legitimate Interests

We process data as necessary to pursue our (or third-party) legitimate interests, provided such interests are not overridden by your rights and freedoms. These include ensuring platform security, preventing fraud or misuse, improving and developing the Services, measuring engagement, providing a non-intrusive personalized experience, and supporting internal research and analytics. Where appropriate, we implement safeguards or obtain your consent.

(e) Vital Interests (Rare)

In exceptional cases, we may process data to protect vital interests, such as addressing urgent safety issues involving serious harm.

(f) Legal Claims

We may process data as necessary to establish, exercise, or defend legal claims, manage disputes, or protect our rights, users, affiliates, or the public.

(g) Other Permitted Grounds

If local laws provide other lawful bases for processing, we will identify and apply them where applicable at the time of data collection. We may also aggregate or de-identify personal information so that it can no longer reasonably identify you. We use such data for purposes outlined in this Policy, including analyzing usage trends, improving functionality, and conducting research.

3. How We Share Your Information

We do not sell your personal information. However, we may share your personal information with third parties for the purposes described in this Policy and to the extent permitted by law. This may include the following categories of recipients:

Service Providers or Business Partners

We engage trusted third-party vendors and partners to help us operate, enhance, and support the Services. These providers and partners may include: secure payment processors; hosting and cloud service providers for managing our infrastructure; analytics and measurement providers; and advertising and marketing partners, within the bounds of legal permissions and your preferences. All such third parties are bound by strict contractual obligations to process data on our behalf and in accordance with this Policy.

Our Corporate Group

We may share your information with other companies in our corporate group, including subsidiaries, parent companies, and affiliates under common ownership or control. This sharing allows us to operate and optimize the Services, improve products and features, and conduct internal reporting and business planning. Where applicable, such entities may be located outside your country or region. In such cases, we apply appropriate safeguards for international data transfers (see International Data Transfers below).

Legal and Compliance Obligations

We may disclose your information to law enforcement, regulators, courts, or other third parties when we believe in good faith that such disclosure is necessary to: comply with applicable laws, legal proceedings, or lawful requests; enforce our Terms of Service or other agreements, or investigate potential violations; detect, prevent, or address fraud, security, or technical issues; protect the rights, property, or safety of our company, users, or the public; or establish, exercise, or defend legal claims.

Business Transfers

Your information may be shared or transferred in connection with corporate transactions such as a merger, acquisition, asset sale, financing, restructuring, reorganization, bankruptcy, insolvency, or receivership. If such a transaction occurs, we will require the recipient to comply with this Privacy Policy or provide equivalent protections.

With Your Consent

We may share your information with third parties for other purposes if you have given us your explicit consent or instruction. Where legally required, we will obtain your clear consent before sharing.

International Data Transfers

The personal information we collect may be stored and processed on secure servers in the United States or other countries where our affiliates or service providers are located. When transferring personal data across borders for the purposes described in this Policy, we comply with applicable data protection laws and implement appropriate safeguards. If you are accessing the Services from the EEA, UK, or Switzerland and your personal information is transferred to a country not considered to provide adequate protection, we apply appropriate legal safeguards (e.g., Standard Contractual Clauses with supplementary technical and organizational measures).

4. Your Rights and Choices

You can access and update most of your profile information by logging into your account. Additional privacy controls are available in your “Settings,” where you can manage certain preferences and permissions. Depending on your location and applicable law, you may have the following rights:

Access and Confirmation: Request confirmation of whether we process your personal information and access to the data we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion (“Right to be Forgotten”): In certain circumstances, request deletion of your personal information as required by law or contract.
Restriction of Processing: Request restriction of processing in specific situations.
Data Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format, and request its transfer to another controller, where technically feasible.
Withdraw Consent: Withdraw consent at any time if processing is based on consent. This will not affect the legality of processing carried out before withdrawal.
Opt-Out of Sales and Targeted Advertising (US Residents): If protected by U.S. state privacy laws (e.g., CCPA/CPRA), opt out of the sale or sharing of your personal information or its use for cross-context behavioral advertising.
Object to Processing: Object to our processing of your personal data in certain cases, including direct marketing.
Lodge a Complaint: File a complaint with your local data protection authority if you believe your privacy rights have been violated. For inquiries or to exercise your rights, please contact us at [email protected]. We will respond in accordance with applicable law.

5. Data Security

We implement reasonable and appropriate technical and organizational safeguards to protect personal data from unauthorized access, use, disclosure, alteration, or destruction. However, transmission over the Internet is not completely secure, and we cannot guarantee the security of any information you transmit to us. Use strong passwords and avoid sharing them with others to help protect your data.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected, including providing the Services. In certain cases, we may retain data for a longer period to comply with legal obligations or to establish, exercise, or defend legal claims. Upon termination of your use of our Services, we may retain your information in aggregate or de-identified form. Notwithstanding the above, we may retain any data reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. Children’s Information

The Services are not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). If you believe we have collected or hold personal data of a child under the required age, please contact us at [email protected].

8. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you through the Services or by other reasonable means. The “Last Updated” date at the top of this Policy reflects its effective date. We encourage you to review the Policy periodically. Continued use of the Services after the effective date of an update constitutes your acceptance of the revised Policy.

9. Contact Us

If you have any questions or concerns about this Policy or our data protection practices, please contact us at [email protected]. We strive to respond to privacy-related requests within 15 days of verifying your identity. For complex inquiries, additional information may be required. If you believe we have not addressed your concerns adequately, you may:

File a complaint with your local data protection authority (e.g., in the EEA, UK, or Switzerland).
Pursue other available remedies under applicable laws or as described in our Terms of Service.