Privacy Policy
Last updated 18 June 2026
How StoriFix collects, uses, and protects your data. In plain words: we keep what we need to run your account, we don’t read your files, and we don’t sell your data.
The short version
We collect the minimum we need to run your account and keep your storage working. We don’t read the contents of your files, and we don’t sell your personal data. You can export your data and ask us to delete it.
The rest of this page explains exactly what we collect, who we share it with to provide the Service, and the choices you have.
What we collect
We collect the information needed to give you an account, store your files, and bill you for the plan you choose.
- Account information
- Your email address and authentication details. If you use email and password, we store a one-way Argon2id hash of your password, never the password itself. If you sign in with Google, we receive your email and basic profile information from Google to create your account.
- Your files and folders
- The files you upload, their names, folder structure, and the storage metadata we need to serve them back to you. Files live in a private storage bucket dedicated to your organization.
- Billing information
- Your plan and subscription status. Card details are entered with and held by our payment processor; we don’t see or store your full card number.
- Technical and security data
- Session details such as IP address, browser user-agent, and sign-in times, which we keep so you can review and revoke your active sessions, and a security audit log of account events (sign-ins, share and key activity, plan changes) used to keep your account safe.
How we use it
We use your information to provide and secure the Service: to authenticate you, store and serve your files, process your subscription, send you the transactional emails the Service needs (verification, invitations, billing reminders, security notices), and detect and prevent abuse.
We do not use the contents of your files to train models, build advertising profiles, or scan them with AI. We process file metadata only to make features such as browsing, search within your own account, and previews work.
We don’t read your files
StoriFix does not run AI scanning over the contents of your files. Your sermons, footage, documents, and backups are yours. We store them faithfully and stay out of them. Our staff access your file contents only where you ask us to for support, or where we’re legally required to.
Who we share data with
We don’t sell your personal data, and we don’t share it for anyone else’s advertising. To run the Service we rely on a small set of processors, each handling only what they need:
- Object storage (MinIO)
- Your files are stored in a dedicated per-organization bucket on our MinIO storage cluster, encrypted at rest. This is where your uploaded content lives.
- Payments (Stripe)
- We use Stripe to process subscriptions and payments. Stripe handles your card details under its own privacy policy; we receive only your subscription status and the limited billing data we need.
- Email (Resend)
- We use Resend to deliver transactional email such as verification links, invitations, and billing reminders. Your email address is shared with Resend solely to send these messages.
- Sign in with Google
- If you choose Google sign-in, Google authenticates you and shares your email and basic profile with us, under Google’s own privacy policy.
How we protect it
Files are encrypted at rest in storage, and all traffic to and from StoriFix is encrypted in transit over HTTPS. Passwords are stored only as one-way hashes. We support two-factor authentication, keep an audit log of sensitive account events, and rate-limit sign-in and sharing endpoints to slow abuse. No system is perfectly secure, but we take reasonable steps to safeguard your data.
How long we keep it
We keep your account and file data for as long as your account is active. When you delete a file it goes to trash and is permanently removed after a short grace period; when you close your account, your data is removed after a wind-down period unless a longer hold is required by law. Security audit events are retained for 90 days in our active records before being archived. You can ask us to delete your data sooner; see your rights below.
Your choices and rights
It’s your data, and you stay in control of it:
- Access and export
- You can browse and download your files at any time. Because StoriFix gives you native S3 access keys, you can also reach your own bucket with standard tools and take everything with you; there’s no lock-in by design.
- Correction
- You can update your account information from your settings at any time.
- Deletion
- You can delete files and folders yourself, and you can close your account from your settings. To request deletion of your remaining personal data, contact us and we’ll act on it.
- Session control
- You can review your active sessions and revoke any of them, which signs that device out immediately.
Children
StoriFix is not directed to children, and it’s intended for use by people who can enter a binding agreement. We don’t knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we’ll remove it.
Acceptable use
Use of StoriFix is also governed by our Acceptable Use Policy, which you agree to when you sign up, and by our Terms of Service. They set out what the Service may and may not be used for.
Changes to this policy
We may update this policy as the product evolves. When we make material changes we’ll update the date above and, where appropriate, let you know by email or in the app. Continued use of the Service after a change takes effect means you accept the updated policy.
