Privacy Policy

Last Updated: 1 February 2026

Introduction

Welcome to StoryPath (“we”, “our”, or “us”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our StoryPath mobile application (the “App”).

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account with StoryPath, we collect:

  • Email address – Used for account identification and communication
  • First name and last name – Used for personalisation
  • Account creation and update timestamps – Used for account management

Authentication Data

When you sign in to StoryPath, we process authentication data through:

  • Email and password authentication – Securely managed by Firebase Authentication
  • Google Sign-In – OAuth 2.0 tokens processed by Google and Firebase
  • Apple Sign-In – Privacy-preserving authentication tokens processed by Apple and Firebase

We do not store passwords locally on your device. All authentication is handled securely through Firebase Authentication.

Location Data

StoryPath uses location data to enhance your experience:

  • Current GPS location – Used only when you explicitly tap “Use Current Location” to:
    • Display your position on the map
    • Bias place search results to your area
    • Show your progress during journeys

Important: Location data is used only during your session and is not stored on our servers. We only retain the start and end locations of your route temporarily during story generation, after which this data is discarded.

Preferences and Settings

We store your preferences to personalise your experience:

  • Push notification preferences
  • Email notification preferences
  • Marketing communication consent
  • Firebase Cloud Messaging (FCM) token for push notification delivery

Usage Analytics

We collect anonymous analytics data to improve the App, including:

  • Screen views and navigation patterns
  • Story generation events (style selected, generation duration)
  • Route creation events (start/end locations, waypoint count)
  • Playback events (story started, completion percentage)
  • Authentication events (login/signup method used)
  • Feature interactions (button taps, settings changes)

All analytics data is anonymised and does not identify you personally.

Device Information

We automatically collect certain device information:

  • Device advertising ID (for AdMob advertising)
  • Device type and operating system version
  • App version and build number
  • Network connection type

How We Use Your Information

We use the information we collect to:

  1. Provide and maintain the App – Create your account, authenticate your identity, and enable core features
  2. Generate personalised stories – Use your selected route and preferences to create unique audio narratives
  3. Send notifications – Deliver story updates, journey reminders, and promotional content (only if you’ve opted in)
  4. Improve the App – Analyse usage patterns to enhance features and fix bugs
  5. Display relevant advertisements – Show personalised ads through Google AdMob
  6. Communicate with you – Send service-related emails and respond to your enquiries
  7. Comply with legal obligations – Meet regulatory requirements and enforce our Terms of Service

Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:

  • Contract performance – Processing necessary to provide the App services
  • Consent – For marketing communications and optional features
  • Legitimate interests – For analytics, security, and service improvement

How We Share Your Information

We share your information only in the following circumstances:

Third-Party Service Providers

We use trusted third-party services to operate the App:

Service Provider Purpose Data Shared
Firebase Authentication (Google) User authentication Email address, OAuth tokens
Cloud Firestore (Google) Profile and preferences storage Name, notification preferences
Firebase Analytics (Google) Anonymous usage analytics Device type, app events
Firebase Cloud Messaging (Google) Push notifications FCM tokens
Google Maps SDK Map display None
Google Places SDK Location search Search queries, location coordinates
Google Directions API Route calculation Start and end coordinates
Google Gemini API AI story generation Route details (processed via our secure backend)
Google AdMob Advertising Device advertising ID

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders or government requests).

Business Transfers

If StoryPath is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.

Data Storage and Security

Storage Infrastructure

Your data is stored securely using Google Cloud infrastructure:

  • Firebase Authentication – Industry-standard security protocols
  • Cloud Firestore – Encrypted at rest and in transit
  • All API communications – HTTPS encryption only

Security Measures

We implement appropriate technical and organisational measures to protect your data:

  • Secure token management for API authentication
  • Server-side API key protection (Gemini API keys never exposed to the App)
  • HTTPS-only network requests
  • No local password storage on your device
  • Rate limiting to prevent abuse

International Data Transfers

Your data may be processed on servers located outside your country of residence, including in the United States where Google Cloud infrastructure is located. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

Data Retention

We retain your data for the following periods:

Data Category Retention Period
Account information Until you delete your account
User preferences Until you delete your account
Analytics data 14 months (Firebase Analytics default)
Generated stories Session only (not stored)
Location data Session only (not stored)
FCM tokens Until logout or token refresh

Your Privacy Rights

You have the following rights regarding your personal data:

All Users

  • Access – Request a copy of your personal data
  • Correction – Update or correct inaccurate information via the Settings screen
  • Deletion – Delete your account at any time through Settings → Account → Delete Account
  • Opt-out of marketing – Unsubscribe from promotional emails or disable marketing preferences in Settings
  • Opt-out of push notifications – Disable notifications in Settings or device settings

Additional Rights (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, you also have:

  • Right to restriction – Request we limit how we process your data
  • Right to data portability – Receive your data in a portable format
  • Right to object – Object to processing based on legitimate interests
  • Right to withdraw consent – Withdraw consent at any time (without affecting prior processing)
  • Right to lodge a complaint – Contact your local data protection authority

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know – What personal information we collect and how we use it
  • Right to delete – Request deletion of your personal information
  • Right to opt-out – Opt out of the sale of personal information (note: we do not sell your data)
  • Right to non-discrimination – We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@storypath.app.

Account Deletion

You may delete your account at any time by:

  1. Opening the App
  2. Navigating to Settings → Account
  3. Scrolling to “Close Account”
  4. Tapping “Delete Account”
  5. Confirming deletion

When you delete your account, we will:

  • Remove your Firebase Authentication account
  • Delete your Firestore profile document
  • Remove all associated preferences and settings

Please note: Analytics data that has already been collected cannot be retroactively deleted due to its anonymous and aggregated nature.

Children’s Privacy

StoryPath is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@storypath.app, and we will delete such information.

Advertising

StoryPath displays advertisements through Google AdMob. AdMob may collect and use your device advertising ID to show personalised ads. You can opt out of personalised advertising by:

  • iOS: Settings → Privacy & Security → Apple Advertising → Disable “Personalised Ads”
  • Google Ad Settings: Visit adssettings.google.com

For more information about AdMob’s data practices, visit Google’s Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy in the App
  • Sending you an email notification (if you have an account)
  • Displaying an in-app notice

The “Last Updated” date at the top of this policy indicates when it was last revised. Your continued use of the App after changes become effective constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: apps@marckeegan.com
Website: https://marckeegan.com/StoryPath

For data protection enquiries from EEA/UK users, please include “GDPR Request” in your email subject line.

StoryPath – Transforming journeys into immersive audio adventures.