Privacy Policy
Effective Date: March 24, 2026 · Last Updated: April 4, 2026
1. Introduction
Story Tailors, LLC, a New Jersey limited liability company doing business as “EasyPrompter” (“we,” “us,” or “our”), operates the EasyPrompter platform available at easyprompter.com (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use the Service.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Service immediately.
2. Data Controller
For the purposes of the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and other applicable data protection laws, the data controller is:
Story Tailors, LLC d/b/a EasyPrompter852 Franklin Ave, #154
Franklin Lakes, NJ 07417
United States
Email: privacy@easyprompter.com
3. Information We Collect
3.1 Information You Provide Directly
- Account Information: Name, email address, and password (or OAuth credentials via Google, Apple, or Microsoft sign-in) when you create an account.
- Script Content: The text, formatting, and metadata of scripts you create, edit, or upload to the Service.
- Organization Information: Organization name, member roles, and team structure when you create or join an organizational workspace.
- Billing Information: Payment card details, billing address, and subscription information. Payment processing is handled by Stripe, Inc. We do not store full credit card numbers on our servers.
- Enterprise Inquiry Information: Company name, job title, company size, phone number, country, and use-case description when you submit an enterprise sales inquiry.
- Support Communications: Information you provide when contacting our support team, including ticket content and attachments.
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, click events, session duration, and user flow data. This data is collected only with your explicit consent via our cookie consent mechanism.
- Device & Technical Data: IP address, browser type and version, operating system, device type, screen resolution, and referring URLs.
- Cookies & Similar Technologies: We use essential cookies for authentication and session management. Analytics and marketing cookies are only set after you provide explicit consent. See Section 8 (Cookies & Tracking) for details.
- Audit Logs: For security and compliance purposes, we log account actions such as sign-ins, role changes, permission modifications, and content access events. Audit logs are retained for 90 days and then permanently deleted.
3.3 Information We Do Not Collect
- We do not send your scripts, content, or personal data to any artificial intelligence (AI) or large language model (LLM) service. EasyPrompter does not use AI features.
- We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Performance of contract |
| Account authentication and security | Performance of contract; Legitimate interest |
| Processing payments and subscriptions | Performance of contract |
| Sending transactional emails (billing, security, account) | Performance of contract; Legal obligation |
| Analytics and product improvement (with consent) | Consent |
| Audit logging for security and compliance | Legitimate interest; Legal obligation |
| Responding to support requests | Performance of contract; Legitimate interest |
| Sending product updates and marketing (with consent) | Consent |
| Preventing fraud and enforcing our Terms of Service | Legitimate interest; Legal obligation |
5. Third-Party Service Providers
We share your information with the following categories of third-party service providers, solely to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (Cognito) | Authentication & Identity | Email, hashed password, OAuth tokens |
| Amazon Web Services (SES) | Transactional Email | Email address, email content |
| Stripe, Inc. | Payment Processing | Billing information, subscription status |
| PostHog | Product Analytics (consent-based) | Anonymized usage data, device info |
| Google Analytics | Web Analytics (consent-based) | Anonymized usage data, device info |
| Hetzner Online GmbH | Infrastructure Hosting | All data stored on the platform |
Each third-party provider is bound by their own privacy policies and, where applicable, data processing agreements. Analytics providers (PostHog and Google Analytics) only receive data when you have explicitly consented to analytics cookies.
6. Data Hosting & International Transfers
All data is hosted on infrastructure provided by Hetzner Online GmbH, physically located in Ashburn, Virginia, United States (US-East region). Data is stored and processed within the United States.
If you are accessing the Service from outside the United States — including from the European Economic Area (EEA), United Kingdom, Canada, or Brazil — your personal data will be transferred to and processed in the United States. We rely on the following safeguards for international data transfers:
- Standard Contractual Clauses (SCCs): Where required under GDPR and UK GDPR, we execute standard contractual clauses approved by the European Commission with our data processors.
- Adequacy Decisions: Where applicable, we rely on adequacy decisions or equivalent transfer mechanisms recognized by relevant data protection authorities.
7. Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this Policy:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account data | Until you delete your account | Immediate cascading deletion upon request |
| Script content | Until you delete the script or account | Immediate deletion |
| Billing records | As required by law (typically 7 years) | Stripe customer record deleted on account deletion; tax records retained per legal requirements |
| Audit logs | 90 days | Automatic daily purge |
| Inactive ghost accounts | 30 days from creation | Automatic daily purge |
| Expired share links | 30 days after expiry | Automatic daily purge |
| Orphaned user data | 90 days after access revoked | Automatic daily purge |
| Database backups | 7 days (rolling) | Automatic overwrite |
8. Cookies & Tracking Technologies
We use cookies and similar technologies as follows:
| Category | Purpose | Consent Required |
|---|---|---|
| Essential | Authentication, session management, CSRF protection | No (strictly necessary) |
| Analytics | Product usage analytics (PostHog, Google Analytics) | Yes — opt-in only |
| Marketing | Communication preferences and email marketing | Yes — opt-in only |
You can manage your cookie preferences at any time through the consent banner displayed when you first visit the Service, or through the Privacy & Data section in your account Settings. Declining analytics cookies does not affect the functionality of the Service.
9. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including:
- Encryption in Transit: All data is transmitted over TLS/HTTPS.
- Row-Level Security (RLS): Database-level access controls ensure users can only access data within their authorized workspaces.
- Authentication Security: Passwords are hashed via AWS Cognito with industry-standard algorithms. We support multi-factor authentication (TOTP), passkeys, and OAuth/OIDC single sign-on.
- Session Management: HttpOnly, Secure cookies with CSRF protection.
- Rate Limiting: API endpoints are rate-limited to prevent abuse.
- Audit Logging: All sensitive operations are logged for 90 days.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
10.1 Rights Under GDPR (EU/EEA) and UK GDPR
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Restrict Processing: Limit how we process your data.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing).
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
10.2 Rights Under CCPA/CPRA (California)
California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: What personal information we collect, use, and disclose.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out: Opt out of the “sale” or “sharing” of personal information. Note: We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: Exercise your rights without discriminatory treatment.
- Right to Correct: Correct inaccurate personal information.
- Right to Limit Use of Sensitive Information: Limit the use and disclosure of sensitive personal information.
10.3 Rights Under PIPEDA (Canada)
Canadian residents have the right to access, correct, and challenge the accuracy of their personal information held by us. You may also withdraw consent for non-essential data processing.
10.4 Rights Under LGPD (Brazil)
Brazilian residents have rights including access, correction, anonymization, portability, deletion, information about sharing, and the right to revoke consent.
10.5 Exercising Your Rights
To exercise any of these rights:
- Account Deletion: You can delete your account directly through the Settings > Privacy & Data section. This immediately and permanently deletes your account, cancels all active subscriptions, removes your Stripe customer record, and cascades deletion through all associated data.
- Data Export: To request an export of your personal data, please contact us at privacy@easyprompter.com. We will respond within 30 days (or sooner as required by applicable law).
- Other Requests: For all other privacy-related requests, contact us at privacy@easyprompter.com. We will verify your identity and respond within the timeframe required by applicable law.
11. Children’s Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under the age of 13, you may not create an individual account.
Users between the ages of 13 and 18 may use the Service, but we recommend they do so under the supervision of a parent or guardian. Users under 18 may also access the Service through an organizational account managed by a parent, guardian, or educational institution, in which case the supervising adult or institution assumes responsibility for compliance with applicable law.
If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@easyprompter.com.
12. Government & Institutional Users
If you are accessing the Service on behalf of a government agency, educational institution, or other regulated organization:
- The terms of this Privacy Policy apply to your use of the Service, subject to any additional terms in your organization’s service agreement.
- We will cooperate with your organization’s data protection officer or privacy officer to address privacy-related inquiries.
- Where required by law or regulation, we will execute data processing agreements or similar instruments.
- For FERPA-covered educational institutions: We do not use student data for targeted advertising and we will comply with applicable FERPA requirements.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last Updated” date. For significant changes, we will also provide notice through the Service or via email.
Your continued use of the Service following the posting of changes constitutes your acceptance of those changes.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Story Tailors, LLC d/b/a EasyPrompterAttn: Privacy
852 Franklin Ave, #154
Franklin Lakes, NJ 07417
United States
Email: privacy@easyprompter.com
For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at edpb.europa.eu.