Privacy Policy

Your data, your rights. Here’s exactly what we collect and how you stay in control.

Effective 14 March 2026

🦥

The short version: We collect only what we need to run the platform. We don’t sell your data. Ever. You can ask us to delete everything at any time. We comply with UK GDPR.

1. Data Controller

The data controller is Shed Collective Ltd. (Company No. SC387124, VAT No. 142448913), International House, 38 Thistle Street, Edinburgh, EH2 1EN, United Kingdom. You can reach us at editor@storysloth.com.

2. What Data We Collect

Account Data

Your name, email address, display name, and optional profile picture. Authentication is handled by Auth0 — we don’t store passwords.

Content Data

Stories, comments, ratings, awards, and other content you create.

Usage Data

Anonymised data including pages visited, reading progress, device type, and approximate country-level location.

Payment Data

Processed by Stripe. We never store credit card numbers — only a tokenised reference and basic transaction details.

Cookies

Essential cookies for authentication, plus optional analytics cookies with your consent.

3. Legal Basis for Processing

  • Contract: Providing the Platform’s services.
  • Legitimate interests: Analytics, security, and fraud prevention.
  • Consent: Optional analytics cookies and marketing.
  • Legal obligation: UK law compliance, tax, and lawful requests.

4. How We Use Your Data

  • To provide, maintain, and improve the Platform
  • To process subscriptions and author payouts
  • To communicate with you about your account
  • To enforce our terms and content policies
  • To detect and prevent fraud or abuse
  • To generate aggregated, anonymised analytics

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Auth0 — authentication
  • Stripe — payment processing
  • Hosting providers — cloud servers and CDN
  • Law enforcement — when required by law

6. International Transfers

Some providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place in compliance with UK GDPR.

7. Data Retention

We retain account data while your account is active. If you delete your account, personal data is removed within 30 days except where required by law.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the ICO

To exercise these rights, email editor@storysloth.com.

9. Security

We use encryption in transit (TLS), access controls, and regular security reviews. No method of internet transmission is 100% secure.

10. Children

StorySloth is not directed at children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. We’ll notify registered users of material changes via email or in-app notification.

12. Contact

editor@storysloth.com

Other Policies & Info

📜Terms of Service✍️Author Agreement⚖️Copyright & TakedownsFAQ💌Contact Us🦥About StorySloth