This MyHiddenStory Privacy Policy (the "Privacy Policy") strives to protect user privacy and information when using any system of MyHiddenStory or being in contractual relationship between MyHiddenStory as a service provider and any natural person as a service user.
BY USING THIS MyHiddenStory WEBSITE https://myhiddenstory.com (the "Website") OR ANY OTHER SYSTEM / ONLINE ECOSYSTEM USED BY MyHiddenStory TO PROVIDE YOU SERVICES (collectively — the "System"), YOU AGREE TO THE PRIVACY POLICY, WHICH MAY GET UPDATED WITHOUT PRIOR NOTIFICATION.
1.1 MyHiddenStory is the operating name of the platform and its owning entity (the "Company" / "us" / "we").
1.2 Any person using Company's services / systems is considered to be a client of the Company (the "Client" / "You").
1.3 The Company and the Client are legally bound by the Terms of Service (the "Agreement") which governs the contractual relationship between the Company as a service provider and the Client, any natural person, as a service user, or a user of System prior to / without logging-in / creating an account ("Account").
1.3.1 The Company provides a digital platform offering creative writing and storytelling tools and experiences. Clients access story creation features, narrative tools, and AI-assisted writing that dynamically adapt to their preferences. The Services use AI technology to assist with narrative generation, character development, tone, and other creative elements for individual entertainment and creative purposes (the "Services"). The Services can be accessed and used via the System as indicated in the Agreement. The types and features of the Services may vary and may depend on the Client. In order to provide personalized creative experiences, You may choose to share certain optional personal data (such as preferences, writing style, or character information). This information is processed solely to deliver the requested Services and is not intended to reveal sensitive personal data or special categories of personal information as defined under Article 9 of the GDPR. As indicated in Clause 3.5.6, providing such information is entirely voluntary and based on Your free choice in order to achieve the desired personalized experience from the Services.
1.3.2 The latest version of the Agreement shall be available at Terms of Service.
1.4 This Privacy Policy shall be applicable and interpreted in line with the Agreement. The definitions set out in the Agreement shall be applicable to this Privacy Policy.
1.5 You can contact the Company by filling a question box on the Website in the "Contact" section, as well as by sending us an email or inquiry to hello@myhiddenstory.com. For matters regarding this Privacy Policy, as well as regarding any privacy matter, we recommend contacting the Company via email, by sending Your inquiry to hello@myhiddenstory.com.
1.6 The Company shall have the right to unilaterally modify and / or update the Privacy Policy at any time without notice. The continuous use of the Services / System by the Client shall be deemed as acceptance of the Privacy Policy in the last and most updated version. Any Client shall periodically check and assess the Privacy Policy. Any updated version of this Privacy Policy comes into force at the moment it is published on the System.
1.7 The latest version of the Privacy Policy shall be available at Privacy Policy page.
1.8 By agreeing to the Agreement as per the rules set forth in the Agreement, You are automatically agreeing to the Privacy Policy. For the avoidance of doubt, You acknowledge understanding that by using the System in any way prior to creating an Account (Clause 2 of the Agreement) or without logging-in to the System (for example, when browsing the Website), You are also bound by this Privacy Policy and Your data / information may be collected by the Company automatically.
1.9 If You disagree to be bound by the Privacy Policy in any scope or way, You must not use or must immediately cease Your use of the Services, System or any part of it, as well as its features and functionalities.
1.10 The Company values the trust that You place in the Company when using Services / System. For this reason, privacy and data security are extremely important to the Company. It is very important to the Company that You feel safe when You visit our System and use our Services, as well as in all other business transactions with the Company. As soon as You use the Company's System / Services, You entrust the Company with the processing of Your personal data. The Company wants to offer You the best possible experience with the System to ensure that You can enjoy using Services now and in the future. That is why the Company wants to understand user behaviour on the System in order to continuously improve it. The processing of Your personal data is therefore not only necessary for the provision of Services, but also to improve user-friendliness. In this Privacy Policy You are informed which personal data the Company collects from/about You, how the Company processes it, and to whom the Company passes it on. In addition, the Company informs You about the precautions it takes to protect Your personal data, what rights You have in this context, and who You can contact regarding data protection issues.
1.11 In the light of the above, the Company strives to protect Your privacy and obliges to process Your personal data in accordance with the following rules and principles:
1.11.1 Processing shall be performed lawfully, fairly, and in a transparent manner.
1.11.2 Personal data must be adequate and limited to what is necessary in relation to the purpose for which it is processed.
1.11.3 Personal data shall be accurate and, where necessary, kept up to date.
1.12 This Privacy Policy is prepared in accordance with applicable global data protection legislation, including: Regulation (EU) 2016/679 (the "GDPR") for users in the European Economic Area; the UK GDPR and Data Protection Act 2018 for users in the United Kingdom; the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents; the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users; and other applicable regional data protection laws. You can find further information on applicable EU legal acts at https://commission.europa.eu/law/law-topic/data-protection_en.
1.13 With regard to the terms used in this Privacy Policy, such as "Processing" or "Controller", we refer to the definitions of the GDPR.
1.14 Your contact information (phone number or email address) will not be shared with third parties/affiliates for marketing/promotional purposes.
2.1 This Privacy Policy applies to all persons who use the System / Services or otherwise interact with the Company (e.g. business partners, interested parties, service providers, etc.); generally, those persons who are hereinafter referred to as "Client" or "You".
2.2 The Company's System and Services are not meant for anyone under the legal age. Only people of legal age are allowed to use the System, Services, and register for an Account. The Company therefore does not knowingly collect personal data from minors. If You are under 18 years of age / under legal age under the laws imperatively applicable to You, please do not use the System / Services and do not provide us with any personal data.
3.1 For the purposes of applicable data protection law, the Company is typically the "data controller" of any personal information provided to the Company. Very occasionally, the Company might act on specific retainers as a "processor" (by processing personal data only in accordance with the directions of a data controller, or as otherwise permitted by law).
3.2 This Privacy Policy shall be applied to the processing of personal data by the Company processing the personal data of data subjects (You) residing or working within or outside the European Economic Area (the "EEA") and in any other jurisdiction worldwide.
3.3 If You have any questions regarding the processing of Your personal data and the exercise of Your rights, You can contact our team at hello@myhiddenstory.com.
3.4 The Company might require additional identification data from You for certain inquiries (e.g. Passport, ID card, etc.) in order to ensure that Your personal data is only passed on to You.
3.5 The Company, as a data controller (or in some cases – data processor), has the following obligations:
3.5.1 Data transfers. The Company shall not transfer personal data to a country or territory unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
3.5.1.1 Where an adequate level of protection is not ensured, an exemption shall be made by: (a) creating adequate protection through appropriate safeguards (for example, by using Standard Contractual Clauses), or (b) by getting the data subject's explicit consent and making sure the transfer does not conflict with the nature of applicable data protection law.
3.5.2 Data processing records. The Company shall keep data processing records upon its own decision, unless such record keeping is a mandatory legal requirement.
3.5.3 Data protection. The Company shall ensure proper data protection requirement implementation and optimization of procedures. The Company shall be equipped with the skills and know-how for safeguarding personal data. You can contact the Company's staff regarding data protection by sending an email to hello@myhiddenstory.com.
3.5.4 Data breach notification. The Company strives to protect Your personal data in the best way possible. However, sometimes data breaches occur, and such events can happen for various reasons.
3.5.4.1 In the case of a data breach that would prejudice the privacy, confidentiality, and security of the personal data of a data subject, the Company, as a data controller, immediately upon becoming aware of such breach, shall notify the relevant supervisory authority and, where required, the affected data subjects.
3.5.4.2 The required notification shall include details such as: the nature, category, reasons, approximate number and records of the data breach; a description of the likely consequences of the data breach; and a description of the measures and remedial action taken by the controller to address the data breach.
3.5.5 Data retention. The Company shall not store personal data after the completion of the purpose for which such data was processed unless the identity of the data subject is no longer identifiable through the use of anonymization techniques. We retain your personal data only for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Account details (such as your name, email, and profile information) are kept while your account is active and deleted or anonymized within 30 days of closure or inactivity. Content and creative data (such as stories, drafts, and writing preferences) are stored only while your account is active and deleted or anonymized within 30 days of account closure or inactivity. Transactional data (such as invoices and payment records) may be retained for up to 7 years in compliance with applicable tax and accounting laws. Technical or log data (such as device identifiers and usage logs) may be retained for up to 12 months for security and troubleshooting purposes. We may also keep anonymized and aggregated data for analytics and service improvement without time limitation. You may request deletion of your personal data at any time, subject to legal requirements, by contacting us at hello@myhiddenstory.com.
3.5.6 Sensitive personal data protection. In general, the Company does not process any special categories of personal data from Clients. This includes data that reveal racial or ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as genetic and biometric data. In some cases, during the provision of Services, some personal data may be provided by Clients and recorded by the Company. Processing of such personal data takes place exclusively based on Your own choice and expressed consent, which You can revoke at any time. The Company explicitly urges You not to provide any sensitive information since it is not required by the Company to provide Services.
3.5.7 Proper agreements between controller and processor. The processor shall perform and implement the processing of personal data based on the instructions of the controller and in accordance with the contracts and agreements entered into between them, which shall specifically set out the scope, subject-matter, purpose and nature of the processing, the type of personal data, and categories of data subjects. The Company, either acting as a controller or a processor, shall make sure beforehand that such agreements are concluded and are proper for the planned data processing.
4.1 The Company may collect personal information from You in the course of provision of the Services, when You use the System, contact us or request information from us, or as a result of Your relationship with any of our personnel or clients.
4.2 The personal information that we might process includes:
4.2.1 Contact data. When creating a new user Account or communicating with the Company (for example, by contacting our support team), we may process basic details, such as Your name, Your contact information (such as Your email address, physical address, contact numbers).
4.2.2 Order data. In the context of ordering Services, we might process information relating to the matter on which You are seeking our Services.
4.2.3 Financial data. In the context of ordering Services and accepting payments, as well as making refunds, we might process, for example: payment method details, information about the payment service provider, payment details, transaction IDs, etc. Full card numbers are never stored on our servers — payments are handled by our third-party payment processor.
4.2.4 Log data. During activities on the System and while using Services, we might process, for example: IP address, traffic data, transaction data, computer or mobile device information, frequency, time, length of visit and other page interaction data, operating system, browser type, device type, unique device identification number, identification cookies, optionally form data, crash reports, performance data, etc.
4.2.4.1 IP address of first or last login.
4.2.4.2 Account credentials and other information as per Clause 2 of the Agreement, including date and time of Account creation, as well as log-in date and time.
4.2.4.3 Information collected by cookies and analytics tools (see Clause 12), for example: access time and dates, unique device identification number, and other. The mentioned data in this Clause might be collected without assigning it to a specific user.
4.2.5 Marketing data. If You visit the System or our social media sites, we might process statistical and marketing data, for example: number of visitors, frequency, clicks, time, places, target groups, data from cookies and similar technologies (pixels, ClearGIFs, etc.), consumer behaviour, interests and preferences, data on market research and target group surveys, etc.
4.2.6 Photo, video and audio data. When we attend or organize events or conduct interviews, or You conduct video / phone conversations with our team, we may take recordings and process photo, video and audio data. We will always inform You separately about any such recordings.
4.2.7 Hiring data. If You apply for a job on our System or social media platforms, we may process data necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, national identity documents, and links to Your portfolio or social media platforms.
5.1 All processing is carried out in accordance with applicable data protection law. We process Your personal data based on at least one of the legal bases mentioned below. If the Company requests the provision of other personal data not described above, this data as well as the purpose and legal basis for the collection and processing will be communicated to the Client at the point of collecting the personal data.
5.1.1 Performance of the contractual obligations under the Agreement. A controller (the Company) / processor may process personal data without the consent of the data subject (You) to which the data relates where processing is necessary for the performance of a contract (the Agreement) to which the data subject is party or in order to take steps at the request of the data subject for entering into, amending, or terminating an Agreement.
5.1.2 Consent. We may ask You to provide Your consent if the data subject's (Yours) consent is relied upon as a lawful basis for the processing of Your personal data. If You have given us Your consent to the processing of Your personal data, the processing will only occur for the defined purposes and to the extent agreed in the declaration of consent. A given consent can be revoked at any time without giving reasons with effect for the future.
With Your consent, we process data for the following purposes:
Direct marketing and advertising (e.g., satisfaction surveys, newsletters, and other advertising communications).
Website analysis and tracking for advertising purposes (see also our cookie policy at Clause 12).
Certain uses of audio, video and photo data for marketing and other representing purposes.
Application management system, recruitment process, and processing of Your application.
5.1.3 Compliance with legal obligations. Processing of personal data may also be necessary to abide by various legal obligations, including: contract management, accounting and invoicing, monitoring to prevent fraud, misuse, money laundering and terrorist financing, and providing information to authorities in the context of legal proceedings.
5.1.4 Protection of legitimate interests. Where necessary, data processing can occur beyond the performance of the contract to ensure the legitimate interests of the Company or a third party. Such legitimate interests include:
Prevention of fraud, misuse (e.g. for illegal purposes), money laundering and terrorist financing.
Risk management and risk minimization.
Identification and examination of potentially incorrect or suspicious business cases and access to our websites.
Data transfer within the Company for internal administrative purposes.
Account management and processing of general Client requests and inquiries.
Measures to protect our customers and partners as well as to ensure network and information security.
Processing of inquiries from authorities or legal counsel in the context of legal proceedings.
Market research, business management, and further development of services and products.
Processing of statistical and performance data via the website, the app, or social media platforms.
Processing of customer preferences (e.g. language, region) via cookies on our website.
Direct marketing and advertising (e.g. implementation of marketing strategies).
5.2 The Company may also process personal data without the consent of the data subject to which the data relates where the data has been made public by the data subject.
6.1 The Company maintains social media presences on various platforms in order to communicate with its active customers, potential customers, and interested social media users about Company's services, products, and other news. When accessing such social media platforms, the general terms and conditions and the privacy policies of these operators also apply. User data may be processed outside of the EEA or the region / location You are in, which can result in risks for users due to different legal frameworks.
6.2 As part of the technical process of various social media platforms (e.g. Google, Facebook, X, etc.), when You click on content or a website You are visiting, they may find out whether You are logged into Your social media account at the same time. By logging out of Your accounts, You can prevent these companies from associating the collected information with Your accounts.
6.3 The activities of these companies are not controlled by the Company and therefore we do not accept any liability for any damage You may suffer because of the use of Your data by these companies.
6.4 The Company may only process personal data from social media users if they communicate directly with the Company via such platforms (e.g. visitor numbers, posted articles, likes, direct messages, customer inquiries, comments, etc.).
6.5 For a detailed explanation of the respective processing and the possibilities of objection (opt-out) by providers of social media networks, we refer to the respective privacy policies of the providers. In the case of requests for information and the assertion of data subject rights, we point out that these can be asserted with the respective providers.
6.6 The Company uses the following social media accounts in order to engage with You and other third parties. The latest and up-to-date list of Company's social media accounts shall be available in the System's "Social" section.
6.7 You should always make sure that the social media account is the Company's before submitting or revealing any personal information while engaging in any social media communication.
6.8 You should be aware that SMS / messaging and email services are susceptible to spoofing and phishing attacks. You should always use communication tools in the System or contact us via email at hello@myhiddenstory.com if You are unsure about the authenticity of a communication. The Company takes no responsibility for any loss due to spoofing, phishing, or other equivalent attacks.
7.1 You shall be entitled to the following rights:
7.1.1 Right to withdraw Your consent and right to opt-out. In all cases You are entitled to object to and suspend the processing of Your personal data where the processing is performed based on Your consent, for example — for direct marketing purposes, and when the processing is performed for statistical survey purposes.
7.1.1.1 You have the right to revoke Your consent at any time within the methods described in this Privacy Policy or by email to hello@myhiddenstory.com. Please note that if You withdraw Your consent, we may no longer be able to offer You all of our Services. Withdrawing Your consent does not affect the legality of the processing of Your personal data based on Your consent up to the point of withdrawal.
7.1.1.1.1 By checking the respective box during the registration process (creating an Account) or when updating after logging into Your Account, You expressly confirm that You have read the Agreement together with the Privacy Policy and that You agree to the data processing described therein.
7.1.1.1.2 By checking the respective box during the registration process (creating an Account) or when updating after logging into Your Account, You expressly confirm that You have read other policies as indicated in such notice.
7.1.1.1.3 By checking the respective box during the registration process or when updating Your Account for news and updates by email (including newsletter and other marketing material), You expressly consent to receiving electronic communications.
7.1.1.1.4 By checking the respective box(es) during the use of System for use of cookies, You expressly consent to usage of cookies as indicated in this Policy and as per Your expressed preferences.
7.1.2 Right prior to the start of processing activities, to get information on the purpose of the processing, sectors or entities inside or outside the EEA with whom Your personal data will be shared, and the appropriate safeguards used by the Company in the context of cross-border processing.
7.1.3 Right to obtain additional information upon request, including:
7.1.3.1 Confirmation whether we are processing personal data related to You.
7.1.3.2 The types of personal data of the data subject being processed.
7.1.3.3 The decisions taken on the basis of automated processing.
7.1.3.4 The rules and criteria of the periods for which the personal data will be stored and kept.
7.1.3.5 The measures to be taken upon the occurrence of a data breach.
7.1.4 Right to rectification. You are entitled to obtain the rectification of inaccurate personal data concerning You, and to have incomplete personal data completed.
7.1.5 Right to erasure. You are entitled to request the Company to delete Your personal information if:
7.1.5.1 The personal data is no longer necessary in relation to the purposes for which it was collected or processed.
7.1.5.2 You withdraw Your consent or expressed objection to processing and there are no legitimate grounds for the Company to continue the processing.
7.1.5.3 The personal data have been illegally processed.
7.1.5.4 The deletion of personal data is necessary to fulfill a legal obligation under law to which the Company is subject.
7.1.6 Right to receive a copy and have Your personal data transmitted to another controller, if technically feasible. You shall have the right to receive the personal data concerning You that You have provided to us in a structured, commonly used and machine-readable format where the processing is based on Your consent or is necessary to fulfil a contractual obligation and implemented by automated means. You also shall have the right to have this data transmitted directly to another controller named by You, insofar as this is technically feasible and the rights and freedoms of others are not impaired.
7.1.7 Right to object to decisions based on automated processing. The Company usually does not use any personal data for automated decision-making including profiling. In case we would make such a decision in any scope, You shall be entitled to object. Additionally, You have the right to object to the processing of Your personal data at any time if the processing is based on legitimate interests.
7.1.8 Right to restriction of processing. You shall have the right to request that we restrict processing if one of the following conditions is met:
7.1.8.1 You dispute the accuracy of the personal data (the restriction applies for a period of time that enables the Company to verify the accuracy of the personal data).
7.1.8.2 The processing of Your personal data was unlawful, and You refuse to delete Your personal data and instead request that its use be restricted.
7.1.8.3 The Company no longer needs Your personal data for processing purposes, but You need them to assert, exercise, or defend legal claims.
7.1.8.4 You have objected to the processing of Your personal data, and it has not yet been determined whether the Company's legitimate grounds outweigh Your own.
7.1.9 You can exercise Your rights and lodge a complaint with the relevant supervisory authority in Your jurisdiction. For EEA residents, this is your national data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at https://ico.org.uk. For US residents, You may contact the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov. For California residents, additional rights under the CCPA/CPRA apply as described in Clause 11.
7.1.10 Right to contact. To exercise any of the above rights, You can send an email to hello@myhiddenstory.com. We shall respond to Your inquiry within 30 days from the day of receiving it (with the possibility of two 30-day extensions).
7.2 In all cases we encourage You to contact us directly. We at the Company believe that best decisions can be made by mutual agreement and effort.
7.3 As a general principle of the Company, we process personal data only for the purposes for which they were collected. In exceptional cases, however, we may process Your personal data that we have collected for another purpose. In this case, before the intended processing, we will inform You of this purpose, the duration of the storage of Your personal data, the exercise of data subject rights, the possibility of revoking consent, the existence of a right to complain to the data protection authority, whether the provision of the data was necessary on legal or contractual grounds, and possible consequences of non-provision.
8.1 The Company implements appropriate technical and organizational measures to protect Your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include encryption of data in transit and at rest, access controls, and regular security reviews.
8.2 While we strive to use commercially acceptable means to protect Your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
8.3 You are responsible for maintaining the confidentiality of Your Account credentials and for any activities that occur under Your Account.
9.1 The Company operates globally and Your personal data may be transferred to and processed in countries other than Your country of residence. These countries may have different data protection laws than Your country.
9.2 Where we transfer personal data outside of the EEA, the UK, or other regions with data protection laws, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.
9.3 By using the Service, You acknowledge and consent to the transfer of Your information to countries outside Your country of residence, including countries that may not provide the same level of data protection as Your home country.
10.1 The Company uses third-party service providers to help operate our Services. These providers act as data processors on our behalf and are contractually obligated to protect Your data and use it only as directed by us. Categories of third-party processors include:
Cloud hosting and infrastructure providers.
Payment processing providers (e.g. Stripe). We do not store full card details on our servers.
Analytics and performance monitoring tools.
Customer support and communication tools.
Email delivery services.
10.2 The System may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage You to review the privacy policies of any third-party services You access.
California Residents (CCPA / CPRA)
11.1 California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to know what personal information is collected, used, shared, or sold.
Right to delete personal information held by us.
Right to opt-out of the sale or sharing of personal information. We do not sell Your personal data.
Right to non-discrimination for exercising Your privacy rights.
Right to correct inaccurate personal information.
Right to limit the use of sensitive personal information.
11.2 To exercise these rights, contact us at hello@myhiddenstory.com.
Canadian Residents (PIPEDA)
11.3 Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and withdraw consent for the processing of Your personal data. To exercise these rights, contact us at hello@myhiddenstory.com.
Australian Residents
11.4 Australian residents have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. To exercise these rights or to make a complaint, contact us at hello@myhiddenstory.com.
12.1 The Company uses cookies and similar tracking technologies (such as pixels and web beacons) to enhance Your experience on the System, analyze usage, and support marketing activities.
12.2 We use the following categories of cookies:
Strictly necessary cookies: Required for the System to function and cannot be switched off.
Analytical / performance cookies: Allow us to count visits and traffic sources to measure and improve System performance.
Functionality cookies: Enable the System to provide enhanced functionality and personalization.
Targeting / advertising cookies: May be set through our site by our advertising partners.
12.3 Upon Your first visit to the System, You will be presented with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or manage Your preferences. You can update Your cookie preferences at any time via the cookie settings in Your Account or browser.
12.4 Most web browsers allow You to control cookies through browser settings. Please note that disabling certain cookies may affect the functionality of the System.
13.1 For all privacy-related inquiries, requests, or complaints, please contact us at:
Email: hello@myhiddenstory.com
General inquiries: hello@myhiddenstory.com
Website: https://myhiddenstory.com
13.2 We shall respond to Your inquiry within 30 days from the day of receiving it.
© 2026 MyHiddenStory. All rights reserved.