Privacy Policy - MyStory.cafe

Plain-English summary (not a substitute for the full policy below): MyStory.cafe helps you preserve personal stories and family memories. We collect what you give us (account info, recordings, transcripts, photos, payment details) and use it to operate the Service for you. Your projects are private by default. We use third-party AI providers under contracts that prohibit them from training their public models on your content. We don't sell your personal information. You can export or delete your data at any time.

1. Introduction

CAFE SOFTWARE LLC, a Georgia limited liability company ("CAFE Software," "we," "our," or "us"), operates mystory.cafe and the related applications, websites, and services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you visit our website, create an account, or use the Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Scope & Who This Policy Applies To

This Privacy Policy applies to:

Account holders — individuals who register an account on the Service.
Storytellers and project subjects — individuals whose voices, photos, or stories are recorded, uploaded, or described within a project (including the account holder and any third parties).
Collaborators and Better Together participants — invited family members or guests who join real-time conversations or are granted shared access to a project.
Visitors — anyone who visits our public website or marketing pages without creating an account.

The account holder is the "controller" of project content they create or upload, and CAFE Software acts as a "processor" or "service provider" with respect to that content, except where we use de-identified or aggregated data to operate, secure, and improve the Service.

3. Information We Collect

3.1 Information You Provide Directly

Account information: name, email address, password (stored hashed), profile photo, language preferences.
Authentication data: if you sign in with Apple, Google, or Facebook, we receive a verified email address and a unique identifier from that provider. We do not receive your third-party password.
Project content: project names, descriptions, subjects, threads, notes, prompts, memories, mementos, story drafts, and any other text you create or upload.
Voice recordings & transcripts: audio captured during AI-guided conversations, voice memos, Better Together sessions, and the corresponding transcripts.
Uploaded media: photos, scanned documents (including PDFs), and other files you attach to memories or mementos. Media may include embedded metadata such as EXIF data (e.g., camera model, capture time, and, where present, GPS coordinates). You are responsible for stripping metadata before upload if you do not want it stored.
Information about third parties: when you describe, photograph, or record other people (for example, a parent, grandparent, or deceased relative), that content may include their personal information. See Section 12.
Payment information: billing name, postal address, country, and the last four digits and brand of your payment card. Full payment card data is collected and processed directly by our payment processor and is never stored on our servers.
Shipping information: if you order a physical book, we collect the recipient name and shipping address and share it with our print-on-demand fulfillment partner.
Communications: support requests, feedback, survey responses, and email replies.

3.2 Information Collected Automatically

Device & connection data: IP address, browser type and version, operating system, device identifiers, language, and time zone.
Usage data: pages and features visited, buttons clicked, session duration, referring URLs, and timestamps.
Diagnostic data: error reports, crash logs, performance metrics, and stack traces collected by our error-monitoring tools (which may include the URL where the error occurred and limited user-action context).
Cookies and similar technologies: see Section 6.

3.3 Sensitive Information

Some information you provide is treated as sensitive under applicable law. This may include:

Voice recordings. We record, store, and transcribe your voice and the voices of anyone who participates in a conversation. Depending on your jurisdiction (for example, Illinois, Texas, or Washington), voice data may be considered "biometric information." We use voice recordings only to operate the Service — to transcribe what was said, to power AI-guided conversations, and to allow you to play back, edit, or download the recording. We do not use your voice to create voiceprints, perform speaker identification across users, build voice clones, or train voice-synthesis models. See Section 7 for retention.
Health, religious, political, or other sensitive details. Stories naturally include deeply personal information (illness, faith, family conflict, sexual orientation, etc.). We do not process this information for any purpose other than operating the Service for you.
Children's information. Stories may reference minors (for example, grandchildren). We do not knowingly create accounts for, market to, or solicit content directly from anyone under 13. See Section 13.

We do not use sensitive information for advertising, profiling, or any purpose unrelated to operating the Service.

3.4 Information We Do Not Collect

We do not collect government-issued ID numbers (SSN, driver's license, passport).
We do not collect financial-account numbers other than what is needed to process a payment.
We do not buy personal information from data brokers.

4. How We Use Your Information

We use personal information for the following purposes:

Provide the Service: create your account, host your projects, transcribe conversations, generate AI-assisted prompts and story drafts, render and ship books, and deliver shared access to collaborators you designate.
Account & payment administration: bill you, process refunds where eligible, send transactional emails (receipts, password resets, security alerts, order updates).
Customer support: respond to your inquiries and troubleshoot issues.
Service improvement: understand how features are used, debug errors, monitor quality, and improve performance — using aggregated and de-identified data wherever possible.
Security & fraud prevention: detect and prevent unauthorized access, abuse, payment fraud, and violations of our Terms of Service.
Communications: send product updates, announcements, and (with your consent where required) marketing emails. You can opt out of marketing emails at any time using the unsubscribe link in any such email.
Legal compliance: comply with applicable laws, regulations, court orders, and lawful government requests.

We do not use your project content (recordings, transcripts, memories, photos, or stories) to train our own machine-learning models or any third party's public foundation models. See Section 5.

5. AI Processing & Training Data

The Service relies on third-party artificial-intelligence providers to power features such as speech-to-text transcription, real-time voice conversations, text-to-speech playback, story drafting, and content summarization. When you use these features, your input (which may include audio, transcripts, and project content) is transmitted to the relevant AI provider strictly for the purpose of returning a response to you.

We use these providers under their commercial API terms (not their consumer-product terms). Under those terms, providers are contractually prohibited from using your content to train their foundation models and are required to delete inputs and outputs after a short retention window (typically 30 days or less) used solely for abuse monitoring.

We may use limited, aggregated, or de-identified telemetry (e.g., latency metrics, error rates, non-content quality scores) to evaluate provider performance and improve our prompts and orchestration logic. Where prompts or outputs are reviewed for quality assurance, identifying details are removed wherever feasible.

AI output is generated content. AI-assisted summaries and stories may contain errors, omissions, or fabrications. You are responsible for reviewing AI-generated output before relying on, publishing, or printing it.

6. Cookies, Local Storage & Analytics

We use cookies, browser local storage, session storage, and similar technologies to operate the Service and understand how it is used. The categories we use are:

Strictly necessary: authentication session cookies, CSRF tokens, load-balancing, and security cookies. The Service does not function without these.
Functional: preferences such as theme, language, and last-viewed project.
Analytics: first-party and third-party analytics that help us understand aggregate usage patterns and feature adoption.
Marketing & advertising: a limited number of third-party advertising pixels used to measure the effectiveness of marketing campaigns.

You can manage cookies through your browser settings. Disabling strictly necessary cookies will break core functionality (such as remaining logged in). We honor Global Privacy Control (GPC) signals from browsers that send them, where required by applicable law, by treating the signal as a request to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising.

7. Voice Recordings & Biometric Data Notice

Because voice features are central to the Service, we provide the following specific notice. By recording a conversation, voice memo, or Better Together session, you consent to the collection, storage, transcription, and processing of audio recordings as described here, and you confirm that you have obtained the same consent from every other person whose voice is captured.

What we collect: the audio waveform and the resulting transcript.
Why: to deliver the Service — playback, transcription, AI-guided conversation, story generation, export, and your ability to edit or delete the recording.
How long: for as long as you retain the recording within your project. You can delete an individual recording at any time. When you delete a recording, the audio file and associated transcript are removed from active systems within a reasonable period and from backups in the ordinary backup-rotation cycle (typically within 90 days).
What we do not do: we do not generate voiceprints for cross-account speaker identification, we do not sell voice data, we do not use voice data to train voice-cloning models, and we do not share voice data with advertisers.
Multi-party recordings: Better Together sessions may include multiple participants. Some U.S. states (and many countries) require the consent of all participants before recording a conversation. By starting or joining a session, you confirm you have obtained any required consents.

Illinois, Texas, and Washington residents: If voice data we collect from you is determined to constitute "biometric information" under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington Biometric Privacy Act, or similar laws, the disclosures and limitations in this Section serve as our written notice and our retention & destruction schedule. We will not sell, lease, trade, or otherwise profit from such data.

8. How We Share Information

We do not sell your personal information. We share information only as described below.

8.1 With People You Choose

All projects are private by default. You may invite collaborators or guests to view, contribute to, or join real-time sessions in a project. When you do, those individuals will be able to see the content you share with them.

8.2 With Service Providers (Subprocessors)

We use a limited number of third-party vendors to operate the Service. They process personal information only on our instructions and under contracts that require appropriate safeguards. We disclose the categories of subprocessors we engage:

Cloud hosting, application delivery, and database: hosts our application code and stores account data, project content, recordings, and media.
AI / machine-learning providers: power speech-to-text transcription, AI-guided conversations, text-to-speech voice playback, real-time voice sessions, story drafting, and content summarization.
Real-time audio/video infrastructure: powers Better Together multi-party conversations.
Authentication providers: verify your identity when you sign in with Apple, Google, or Facebook.
Payment processing: securely handles payment-card data, subscription management, refunds, and tax calculations.
Email delivery: sends transactional and (where applicable) marketing email.
Print-on-demand fulfillment & shipping: prints and ships physical books to the address you provide.
Analytics: measures aggregate product usage, feature adoption, and conversion.
Error monitoring & performance: captures application errors and performance metrics so we can fix bugs.
Marketing & advertising measurement: measures the effectiveness of marketing campaigns through advertising platform pixels.

For competitive and security reasons we do not publish a public list of named subprocessors. A current list of named subprocessors is available to enterprise customers, regulators, and any individual on written request to privacy@mystory.cafe.

8.3 For Legal & Safety Reasons

We may disclose personal information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, valid legal process, or a lawful government request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of our users, our company, or the public. Where legally permitted, we will notify the affected account holder before disclosing their content.

8.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal information may be transferred to the successor or acquiring entity, subject to the terms of this Privacy Policy or with notice to you of any material change.

8.5 Aggregated & De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you (for example, "X% of users completed a story this month") for analytics, marketing, or research purposes.

9. International Data Transfers

CAFE Software is based in the United States. The Service is hosted on infrastructure located in the United States, and personal information will be transferred to, stored in, and processed in the United States and in any other country where our service providers operate. Data-protection laws in these countries may differ from those in your country of residence.

For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) issued by the European Commission and the UK International Data Transfer Addendum, supplemented by appropriate technical and organizational safeguards, to provide an adequate level of protection.

10. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service, and then as follows:

Active project content (recordings, transcripts, memories, mementos, stories, uploaded media): retained for the life of your project. You may delete individual items or your entire project at any time.
Account data after account deletion: deleted from active systems within 30 days of your verified deletion request and from routine backups within 90 days thereafter.
Cancellation refunds during the 14-day Trial Mode: upon refund, your project and all associated data are permanently deleted as described in our Terms of Service.
Billing & tax records: retained for the period required by applicable accounting and tax law (typically 7 years).
Security & abuse logs: retained for up to 24 months for fraud prevention and security investigations.
Aggregated / de-identified data: may be retained indefinitely.
Legal holds: we may retain information longer if required to comply with a legal obligation, resolve a dispute, or enforce our agreements.

11. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights with respect to your personal information. We honor these rights regardless of where you live, subject to verifying your identity and to limitations recognized by applicable law.

Access & portability: request a copy of the personal information we hold about you in a portable format. You can also export project content directly from the Service.
Correction: request correction of inaccurate or incomplete information.
Deletion (right to erasure): request deletion of your personal information. You can delete your account from your profile settings at any time.
Opt out of sale or sharing for cross-context behavioral advertising: we do not sell personal information; we honor opt-out requests and recognized GPC signals where required.
Limit use of sensitive personal information.
Object to or restrict processing based on our legitimate interests.
Withdraw consent where processing is based on consent.
Non-discrimination: we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.
Lodge a complaint with your local data-protection authority (EEA/UK) or your state attorney general (U.S.).

To exercise any of these rights, email privacy@mystory.cafe. We will verify your identity before responding and will respond within the time required by applicable law (typically 45 days under U.S. state laws and 30 days under GDPR). You may use an authorized agent to submit a request on your behalf, subject to verification.

11.1 California Residents (CCPA / CPRA)

In the previous 12 months we have collected the following categories of personal information from California consumers, as defined by the CCPA: identifiers (name, email, IP address); customer-record information (billing and shipping address); commercial information (purchase history); internet or network activity (usage and device data); audio information (voice recordings); inferences (limited product analytics); and content you submit to the Service. We collect these categories from you directly, automatically through your use of the Service, and from authentication and payment providers when you choose to use them. We disclose these categories to the categories of subprocessors listed in Section 8.2 for the business purposes described in Section 4. We do not sell personal information and have not done so in the previous 12 months. We do not knowingly sell or share personal information of consumers under 16.

11.2 EEA, UK & Swiss Residents (GDPR)

Our legal bases for processing are:

Performance of a contract — to provide the Service you signed up for.
Legitimate interests — to secure, maintain, and improve the Service, prevent fraud, and communicate with you about the Service. You may object at any time.
Consent — for marketing communications, non-essential cookies, and processing of voice data where consent is the appropriate basis. You may withdraw consent at any time.
Legal obligation — to comply with tax, accounting, and other laws.

The data controller is CAFE SOFTWARE LLC. We do not have an EU representative; you may contact us directly at the address in Section 14.

11.3 Other U.S. State Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights similar to those described above. To exercise them, contact us at privacy@mystory.cafe. Where applicable law provides a right to appeal a denial of a privacy request, you may submit an appeal to the same address.

12. Information About Other People in Your Stories

MyStory.cafe is built around personal and family memories. Stories naturally describe other people — parents, grandparents, siblings, children, friends, deceased relatives, and others. When you record, upload, or describe information about another person:

You confirm you have the legal right to do so under applicable law.
You confirm you have obtained any consents required by law before recording any individual's voice or image, including all-party consent in jurisdictions that require it.
If a third party submits a verifiable request to access, correct, or delete information about themselves contained in your project, we will work in good faith with you to honor that request, which may include redacting or removing that information from your project.
Information about deceased individuals is generally not protected as "personal data" under most privacy laws, but we will still respect reasonable requests from authorized representatives or family members.

13. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA, UK, and Switzerland). We do not knowingly create accounts for, collect personal information directly from, or market to children below those ages. If you believe a child has provided us with personal information in violation of this Policy, please contact us at privacy@mystory.cafe and we will promptly investigate and delete the information as required by law.

Parents and guardians who use the Service may, at their discretion, include information about their minor children in their own projects. The account holder is responsible for that information and must comply with all applicable laws, including the Children's Online Privacy Protection Act (COPPA) where it applies.

14. Account Inheritance & Deceased Users

We recognize that the content stored in MyStory.cafe is often created by, for, and about individuals whose stories are intended to outlive them. We handle requests relating to deceased users as follows:

Designating a Legacy Contact (when available): account holders may, when the feature is available, designate a Legacy Contact to receive a copy of project content or to request continued hosting of a project after the account holder's death.
Requests by family members or estate representatives: the executor, administrator, or other legal representative of a deceased user's estate may request a copy of the deceased's project data, or request that an account be closed and data deleted, by submitting appropriate documentation (death certificate and proof of authority) to privacy@mystory.cafe.
Default behavior: if we are not contacted, projects remain hosted under the terms of our Terms of Service. We may close inactive accounts in accordance with our published inactivity policy.

We will respond to legitimate requests within a reasonable time. Where the deceased user's wishes are documented and conflict with a request, we will give substantial weight to those documented wishes to the extent permitted by applicable law.

15. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These include encryption in transit (TLS), encryption at rest for stored content, role-based access controls, row-level security on our database, audit logging, and secure software-development practices.

No system can be guaranteed 100% secure. You are responsible for keeping your account credentials confidential and for using a strong, unique password. Notify us immediately at privacy@mystory.cafe if you suspect any unauthorized access to your account.

Breach notification: in the event of a personal-data breach affecting your information, we will notify you and applicable regulators within the timeframes required by law (for example, within 72 hours of becoming aware of a notifiable breach under GDPR).

16. Marketing Communications

We may send you product updates, announcements, and promotional messages, where permitted by law and with your consent where required. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting privacy@mystory.cafe. Opting out of marketing will not stop transactional messages (receipts, security notices, account alerts).

17. Third-Party Services & Links

The Service may contain links to third-party websites or services that we do not control. This Privacy Policy does not apply to those websites or services. We encourage you to review the privacy policies of any third-party site you visit.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page and revise the "Last Updated" date above. If the changes are material, we will provide additional notice (for example, an in-product notice or an email) before the changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

19. Contact Us

For privacy questions, to exercise your privacy rights, or to request the current named subprocessor list, please contact:

CAFE SOFTWARE LLC
Privacy: privacy@mystory.cafe
Legal: legal@mystory.cafe
General: info@cafesoftware.org
Website: cafesoftware.org

CAFE SOFTWARE LLC is a Georgia limited liability company. A physical mailing address is available on request.