Privacy Policy
Your stories are yours alone
Your stories never touch our servers. All recordings, transcripts, and photos are stored exclusively in your private iCloud. AI processing is transient — your words are polished and immediately discarded. No accounts, no tracking, no data collection.
Last updated: February 19, 2026
iCloud only
Stories live in your private iCloud. We never see them.
No tracking
No analytics, no ads, no tracking pixels. Your privacy is not a product.
AI is transient
AI processes your text and forgets it immediately. Zero storage.
Full deletion
Delete everything from Settings at any time. One tap, completely gone.
1.Summary
Tell Me Your Story is designed so that your personal stories, recordings, and photos never pass through our servers for storage. Here is how it works:
- Recording and transcription happen entirely on your device.
- All story data (recordings, transcripts, photos) is stored in your private iCloud account via Apple CloudKit. We have no access to it.
- AI features (story polish, follow-up questions, book assembly) send your text to our server, which forwards it to OpenAI for processing. The text is returned to your device and never stored on our servers or by OpenAI.
- Printed books are forwarded to our print partner, printed, and all digital copies are permanently deleted.
- No accounts are required for core features. Sign in with Apple is optional and only needed for AI and paid features.
2.Data we do not collect
We believe the best way to protect your privacy is to not collect your data in the first place. Tell Me Your Story does not collect:
3.Where your data lives
All of your story content — recordings, transcripts, photos, chapters, and book projects — is stored exclusively in your private iCloud account using Apple CloudKit.
What this means:
- Your data is encrypted by Apple both in transit and at rest.
- We have no server-side database containing your stories. We cannot read, access, or share your content.
- Your stories sync automatically across your iPhone and iPad through iCloud.
- If you delete the app, your data remains in your iCloud until you explicitly remove it.
- iCloud storage is managed by Apple and subject to Apple's Privacy Policy.
4.On-device processing
Voice-to-text transcription is performed entirely on your device using Apple's built-in Speech Recognition framework. We use the on-device model exclusively — your audio is never sent to Apple's servers or ours for transcription.
This means transcription works offline, is fast, and your spoken words never leave your iPhone or iPad.
5.AI processing
When you use optional AI features — story polish, follow-up questions, or AI book assembly — your story text is processed as follows:
Your device
Stories recorded and stored in your private iCloud
Our server
Text passes through for AI processing — never stored
OpenAI
Processes text and returns result — zero retention
Your device
Polished text returned to your iCloud — only copy
AI sub-processor: OpenAI
- Data sent: Story transcript text only. No audio files, no photos, and no recordings are ever sent to OpenAI.
- Purpose: Three AI features send text to OpenAI:
- Story polish — your transcript is sent for light editing or full narrative rewriting, preserving your voice and vocabulary.
- Follow-up questions — your transcript and current life chapter are sent to generate 2–3 empathetic follow-up questions.
- AI book assembly — all story transcripts and metadata (titles, dates, chapters) are sent to generate your book's foreword, chapter introductions, story transitions, guest story integrations, afterword, and back-cover blurb.
- Model used: GPT-5-Mini via OpenAI API.
- Retention: Zero. OpenAI processes each request and does not store your content. We operate under OpenAI's Data Processing Addendum with zero-retention terms. API requests are not used to train OpenAI models.
- Our server: Your text passes through our server to reach OpenAI. We do not log, store, or cache your story content. Only aggregate usage counters (e.g., "number of polish requests today") are recorded.
6.Printed book ordering
When you order a professionally printed book, we need to share certain data with our print partner to fulfill your order:
- Book PDF: Your generated book file is encrypted in transit and forwarded to our print partner. After printing is complete, all digital copies are permanently deleted by both us and the print partner.
- Shipping address: Required for delivery. Your shipping address is held in memory during order processing, forwarded to the print partner, and not stored in our database.
- Payment: Processed by Apple Pay or a third-party payment processor. We never see or store your payment card details.
The print partner operates under a data processing agreement that requires deletion of all customer content after order fulfillment.
7.Sign in with Apple
Sign in with Apple is optional. It is only required if you want to use AI features or order printed books.
- We receive a pseudonymous user identifier from Apple — not your real name or email address, unless you explicitly choose to share them.
- If you choose to hide your email, Apple provides a private relay address. We never see your real email.
- We store your Apple user identifier and authentication tokens on our server for session management. No story content is associated with your account on our server.
8.Your rights (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (EU 2016/679).
Data controller
The data controller responsible for processing your personal data is the operator of Tell Me Your Story. For privacy inquiries, contact us at support@tellmeyourstory.app.
Lawful basis for processing (Art. 6 GDPR)
- AI processing (story polish, follow-up questions, book assembly): Consent (Art. 6(1)(a)) — you explicitly choose to use AI features. A disclosure is shown before your first use. You may withdraw consent at any time by simply not using AI features; no data will be sent to our servers.
- Book printing and order fulfillment: Contract (Art. 6(1)(b)) — processing your book PDF and shipping address is necessary to fulfill the print order you place.
- Authentication (Sign in with Apple): Legitimate interest (Art. 6(1)(f)) — storing your pseudonymous Apple identifier and session tokens is required to provide account-based services securely. You can object by deleting your account.
Your data rights
Right of access (Art. 15)
Export all your data from the app's Settings screen at any time. Your export includes all recordings, transcripts, photos, and metadata as a ZIP file. You may also request a copy of any server-side data (authentication records) by emailing us.
Right to erasure (Art. 17)
Delete all your data from Settings with one tap. This permanently removes your local data and iCloud data. If you have a server account, use 'Delete Account' in Settings to remove all authentication records from our server. Deletion is completed immediately and cannot be undone.
Right to data portability (Art. 20)
Your data export (ZIP) contains standard, machine-readable formats — M4A audio files, plain text transcripts, and JPEG photos — that you can use with any other service.
Right to restriction of processing (Art. 18)
You can stop using AI features at any time. Without AI features, no data is ever sent to our servers. Core app features (recording, transcription, organization) work entirely on-device and in your private iCloud.
Right to withdraw consent (Art. 7(3))
You may withdraw your consent for AI processing at any time by simply not using AI features. Withdrawal does not affect the lawfulness of processing performed before withdrawal. No previously processed data is stored.
Right to lodge a complaint (Art. 77)
You have the right to lodge a complaint with a supervisory authority in your EU/EEA member state of residence, your place of work, or the place of the alleged infringement.
Data retention policy
We follow a strict zero-retention approach for user content:
- Story content (transcripts, recordings, photos): Never stored on our servers. All content lives exclusively in your private iCloud account. AI processing is transient — text is forwarded to OpenAI and discarded immediately after the response is returned.
- Book PDFs: Temporarily stored for up to 24 hours after generation to allow download, then permanently deleted. Print partner copies are deleted after order fulfillment.
- Shipping addresses: Held in memory during order processing only. Not stored in our database. Forwarded to the print partner solely for delivery.
- Authentication records: Kept for the duration of your account. Deleted immediately and permanently upon account deletion.
- Aggregate usage counters: Non-personal numeric counters (e.g., "number of polish requests per day") retained for operational monitoring. These contain no personal data and cannot be linked to individual users.
International data transfers (Art. 44–49)
When you use AI features, your story text is processed by OpenAI, whose servers are located in the United States. This transfer is governed by OpenAI's Data Processing Addendum, which includes Standard Contractual Clauses (SCCs) approved by the European Commission as appropriate safeguards under Art. 46(2)(c) GDPR. Your iCloud data is managed by Apple under Apple's Privacy Policy and their own GDPR commitments.
Automated decision-making (Art. 22): We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. AI features are optional creative tools — you review and approve all AI-generated content before it is saved.
Response timeframe: We respond to data subject requests within 30 days. If a request is particularly complex, we may extend this by up to two additional months, and will inform you of the extension and the reasons for the delay.
9.California residents (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes those rights and how Tell Me Your Story handles your personal information.
We do not sell or share your personal information
Tell Me Your Story does not sell, rent, trade, or otherwise share your personal information with third parties for monetary or other valuable consideration. We have not sold or shared personal information in the preceding 12 months. There is no need to opt out because there is nothing to opt out of.
Categories of personal information
Because Tell Me Your Story stores your content in your private iCloud account — not on our servers — we collect very little personal information. Here is what we may collect when you use optional features:
| Category | Collected? | Purpose |
|---|---|---|
| Identifiers (Apple user ID) | Only if you sign in | Authentication for AI & paid features |
| Commercial information (purchase history) | Via Apple only | In-app purchase entitlements managed by Apple |
| Internet / network activity | No | — |
| Geolocation data | No | — |
| Audio / visual information | No (stored in your iCloud) | — |
| Biometric information | No | — |
| Sensitive personal information | No | — |
Story text is sent transiently through our server for AI processing when you explicitly request it. It is never stored, logged, or used for any purpose other than returning the AI result to your device.
Your rights under the CCPA
Right to Know (§ 1798.100, 1798.110)
You have the right to request that we disclose what personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it. Given our minimal data collection, the answer is summarized in the table above.
Right to Delete (§ 1798.105)
You can request deletion of your personal information. Use 'Delete Account' in the app's Settings to immediately remove all authentication records from our server. Your story content is already stored only in your private iCloud — we cannot delete it because we don't have it.
Right to Opt-Out of Sale or Sharing (§ 1798.120)
We do not sell or share your personal information, so there is nothing to opt out of. We have not sold or shared personal information in the preceding 12 months.
Right to Non-Discrimination (§ 1798.125)
We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for making a privacy request.
Right to Correct (§ 1798.106)
You can correct any inaccurate personal information we hold. Since your story content lives in your iCloud, you can edit it directly in the app at any time.
Right to Limit Use of Sensitive Personal Information (§ 1798.121)
We do not collect or process sensitive personal information as defined by the CCPA.
How to submit a verifiable consumer request
You may submit a request by emailing support@tellmeyourstory.app with the subject line "CCPA Request." We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf. We will respond within 45 days, or notify you if we need an extension of up to an additional 45 days.
California "Shine the Light" (Civil Code § 1798.83): California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
10.Children's privacy (COPPA)
Tell Me Your Story is not directed at children under 13 years of age and complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506) and its implementing rule (16 CFR Part 312). The app is designed for adults — particularly those who want to preserve their life stories for their families.
Our COPPA commitment
- We do not knowingly collect, use, or disclose personal information from children under 13.
- We do not knowingly allow children under 13 to create accounts or use features that transmit personal information (such as AI story polish or book assembly).
- We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary.
- We do not use any mechanisms to target children, such as age-gated content, child-directed advertising, or cartoon characters designed to appeal to children.
If we discover data from a child under 13
If we learn that we have inadvertently collected personal information from a child under 13 — for example, through AI features that require Sign in with Apple — we will take immediate steps to delete that information from our servers and direct OpenAI to discard any associated processing records.
Parental rights
Parents and legal guardians have the right to:
- Review any personal information we may have collected from their child.
- Request deletion of any personal information we may have collected from their child.
- Refuse to allow any further collection or use of their child's personal information.
Note on the "initiator" pattern
Tell Me Your Story is often set up by a younger family member (the "initiator") on behalf of an older relative (the "storyteller"). The initiator is expected to be an adult (13 or older). The storyteller — the primary user — is typically a grandparent or older adult. If a child under 13 is assisting with setup, a parent or guardian should supervise and the child should not use AI features or Sign in with Apple independently.
Contact us about children's privacy
If you believe a child under 13 has provided personal information through our app or AI features, please contact us immediately at support@tellmeyourstory.app with the subject line "COPPA Request." We will promptly investigate and delete any personal information associated with the child's use.
11.Account & data deletion
You have full control over your data and can delete it at any time:
- Delete all local and iCloud data: Go to Settings in the app and use "Delete All Data." This permanently removes all recordings, transcripts, photos, and story data from your device and iCloud.
- Delete your server account: If you signed in with Apple, go to Settings and use "Delete Account." This removes your authentication records and any associated data from our server.
- Export before deleting: Use "Export My Data" in Settings to download a complete ZIP of all your stories before deletion.
Deletion is permanent and cannot be undone. We recommend exporting your data first.
12.Website
This website (tellmeyourstory.app) uses minimal cookies required for basic functionality. We do not use analytics cookies, advertising cookies, or tracking pixels on our website.
The blog and marketing pages are static and do not collect personal information. If we introduce a newsletter signup in the future, it will require explicit consent and use a privacy-respecting email provider.
13.Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app.
We encourage you to review this policy periodically. Continued use of the app after changes constitutes acceptance of the updated policy.
14.Contact
If you have questions about this privacy policy or want to exercise your data rights, please contact us:
Email: support@tellmeyourstory.app
We aim to respond to privacy inquiries within 30 days.
Your stories deserve privacy
Start recording your family memories today — knowing they stay safely yours.