Privacy

Who we are

AudaStories is operated by Explorer Innovations Ltd, a company registered in England and Wales (company number 14639977). We are the data controller for the personal data described below.

What we collect

• Account identifier. On first launch we create an anonymous Firebase user so your library and usage can persist across sessions on the same device. No personal data is collected at this stage. If you later sign in, we receive: with email sign-up, the email address you give us; with Apple, the relay address Apple provides (or your real address only if you choose to share it via Apple's "Hide my email" prompt); with Google, your Google account email address. In all cases your underlying account identifier inside our database is an opaque Firebase uid, not your email, and signing in preserves that identifier so your unlocks and usage stay attached.
• Library activity. Which stories you have unlocked (opened), saved, started, or finished, and your playback position. This lives in your account so it follows you between devices.
• Monthly listening usage. A per-month count of minutes used against your free or Plus quota. Stored as one document per calendar month under your user id so the counter resets automatically at month rollover.
• Recommendation signals. When you open a preview for a story we record the entity id and a small set of its facets (category, era, country, themes) along with a timestamp, so we can suggest related stories. Each signal auto-expires after 180 days. Tied to your account, not used for advertising, and deleted when you delete your account.
• Consent events. A timestamped record of your privacy choices (the cookie banner, marketing emails, turning analytics on or off), alongside a short, salted hash of your IP at the time so we can resolve a regulator query without storing the raw address. We keep these so we can show what you chose and when.
• Product analytics. We record aggregate product events (story started, tier picked, search term) in Firebase Analytics, Google Analytics 4, and PostHog so we can see which parts of the app work and which do not. In the app this runs by default, under our legitimate interest in improving the product; turn it off from Settings > Privacy at any time. On this website, analytics only run after you accept the cookie banner. Subscription lifecycle events (purchase, renewal, cancellation) are recorded server-side regardless, limited to product id, period type, price, and your account identifier.
• Google Signals. If analytics are on (the default in the app, opt-in on this website) and you are signed in to a Google account that has personalisation turned on, GA4 may use Google's identity graph to add aggregate demographics (rough age band, interests) and to recognise you across devices. This stays inside GA4 reporting; we do not use it for advertising. Turn it off any time in your Google account at myaccount.google.com.
• Error reports, scrubbed. We use Sentry to catch crashes. Email, name, and IP are stripped before the report is sent.
• Subscription state. If you buy Plus, RevenueCat holds the entitlement alongside your account identifier. Apple and Google hold the payment data. We never see your card.
• Reports and feedback. If you flag a story or send us feedback, we keep the message you wrote alongside your account identifier so we can act on it and reply. These are deleted when you delete your account.

Where it lives

Firestore, in the europe-west region. Backups live in Google Cloud Storage in the same region. Analytics data, if you have opted in, sits with the relevant processor (see the list below).

Legal basis (UK and EU GDPR)

• Legitimate interest for the stuff we need to run and improve the service: your account, your library, crash reports scrubbed of identifiers, fraud protection, and aggregate product analytics in the app. You can object to product analytics at any time from Settings > Privacy.
• Consent for analytics cookies on this website, marketing emails, and other non-essential cookies. Withdraw any time in the settings screen or the cookie banner.
• Contract for subscription processing when you buy Plus.

Your rights

Under UK and EU data protection law you have the right to:

• Access the personal data we hold on you.
• Have it rectified if it is wrong.
• Have it erased. "Delete my account" in Settings does this in one tap.
• Export it. "Export my data" in Settings emails you a JSON bundle within 24 hours.
• Object to processing based on legitimate interest.
• Lodge a complaint with the Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority.

For any of these, use the in-app tools or email [email protected]. We respond within 30 days.

How long we keep things

• Account, library, listening usage: until you delete the account.
• Recommendation signals: 180 days, then deleted automatically (or sooner if you delete the account).
• Consent events: until you delete the account, then deleted with the rest of your data. We may retain a hashed, account-less record of consent decisions for up to six years to handle regulator queries.
• Reports and feedback you have sent us: until you delete the account.
• Analytics: 14 months in GA4 and PostHog, then deleted automatically.
• Crash reports: 90 days.
• Firestore backups: 30 days rolling, plus a weekly snapshot for six months.

Sub-processors

• Google Cloud (hosting, Firestore, Cloud Storage), europe-west region.
• Firebase (authentication, analytics, crash reporting), part of Google.
• Cloudflare (CDN and edge caching for audastories.com; processes request paths and IP addresses to deliver pages).
• RevenueCat (subscription management).
• Sentry (error reporting, identifiers scrubbed).
• PostHog (product analytics, EU region).
• Brevo (transactional email; receives your account email when we send you a data export link or reply to your feedback).
• Inworld (text-to-speech synthesis; receives the script text only, no personal data).
• Anthropic, OpenAI, and Google (large language models used to draft scripts from Wikipedia articles; receive Wikipedia text only, no personal data).

We have data processing agreements with each of them.

International data transfers

Several of our sub-processors are based in the United States (notably Sentry, GA4, RevenueCat, Anthropic, OpenAI, and Brevo). When we send personal data outside the UK and the EEA we rely on the European Commission's Standard Contractual Clauses, the UK's International Data Transfer Agreement (or UK Addendum to the SCCs), and the receiving processor's own technical and organisational measures (encryption in transit and at rest, access controls, audit logging). PostHog is configured to use its EU region for EEA and UK users so the bulk of analytics data stays in the EU. Email [email protected] if you would like a copy of the safeguards for a particular transfer.

Cookies

On the website:

• audastories_consent (essential, 12 months): stores your cookie banner choice.
• _ga, _ga_* (analytics, 14 months, opt-in): Google Analytics 4.
• ph_* (analytics, 12 months, opt-in): PostHog.

Non-essential cookies only fire after you click accept on the banner. The Flutter web app at app.audastories.com keeps your sign-in state in your browser's local storage rather than in a cookie.

US residents

If you live in the United States, the following also applies to you.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under California (CCPA / CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, Kentucky, Rhode Island. We do not use personal data for targeted advertising, and we do not profile you to make automated decisions that have a legal or similarly significant effect on you. We do not knowingly process sensitive personal information.

Depending on the state you live in, you may have the right to:

• Know what personal information we collect about you and how we use it.
• Access a portable copy. ("Export my data" in Settings.)
• Delete it. ("Delete my account" in Settings.)
• Correct inaccurate information.
• Opt out of sale, sharing, or targeted advertising. We don't do any of these, so nothing to opt out of.
• Limit the use of sensitive personal information. We don't collect any.
• Not be discriminated against for exercising any of these rights.

Use the in-app tools (Delete account, Export my data) for the common requests; for anything else email [email protected]. We verify the request using your account credentials. Requests are free; we respond within 45 days and may extend by a further 45 days for genuinely complex requests, in which case we will tell you.

You may use an authorised agent to make a request on your behalf. We will ask the agent to provide proof you authorised them (a signed permission, or a power of attorney) and we will verify your identity directly before disclosing anything.

California "Shine the Light": California residents may request the categories of personal information we have shared with third parties for those parties' direct marketing in the previous calendar year. We have not shared any.

California residents under 18: If you are a California resident under 18 and you have publicly posted content through the service, you can ask us to remove it. Email [email protected]. The service is not designed for under-18 use; see the Children section below.

Children

AudaStories is not directed to children. We do not knowingly collect personal data from anyone under 13 (or under 16 in the EEA and UK, where local law sets the threshold higher). We do not knowingly process the personal data of California residents under 18 to estimate their identity or for targeted advertising.

If you are a parent or guardian and you believe a child has given us personal information, email [email protected] and we will delete the account and any associated data. No verification fee, and we will confirm in writing when it is done.

Contact

Questions, requests, or complaints: [email protected]. Takedown requests have their own process on the takedowns page.

Changes to this policy

We will update this page when anything material changes and note the date at the top. For significant changes we will also tell you in the app before they take effect.