StoryVoxStoryVox
Log inStart free
Full legal textPlain English

StoryVox — Privacy Policy

Effective Date: April 28, 2026
Last Updated: April 28, 2026

This Privacy Policy describes how StoryVox LLC ("StoryVox," "we," "us") collects, uses, shares, retains, and protects information about you when you use our website at storyvox.app and our text-to-speech audiobook generation services (the "Service"). It also explains your choices and rights regarding that information.

This Privacy Policy is part of our Terms of Service and incorporates our Voice Biometric Privacy Notice, which contains additional disclosures specific to voice cloning. Capitalized terms not defined here have the meaning given in the Terms of Service.

1. Who Is Responsible for Your Information

StoryVox LLC, a Colorado limited liability company, is the data controller for the personal information you provide through the Service.

Mailing address:
StoryVox LLC
6547 N. Academy Blvd. #2206
Colorado Springs, CO 80918
United States

Privacy contact: hello@storyvox.app

2. Where StoryVox Is Available

The Service is offered to users in the United States (excluding Illinois), Canada, Australia, and New Zealand. We do not offer the Service in the European Economic Area, the United Kingdom, Switzerland, the State of Illinois, or any U.S.-sanctioned country or region. If you are located outside an offered region, you may not use the Service. This Privacy Policy is written for users in offered regions.

3. Information We Collect

We collect information in three ways: (a) information you provide; (b) information collected automatically when you use the Service; and (c) information from third parties.

3.1 Information You Provide

  • Account information: name, email address, password (stored as a salted hash), profile picture, and any preferences you set.
  • Billing information: when you purchase a paid plan, our merchant of record collects your payment method, billing name, billing address, and country. We receive limited information from the merchant, such as the last four digits of your card, the card brand, and transaction details. We do not receive or store full card numbers.
  • Content you submit: the text you upload, voice samples you provide for cloning, voice settings, custom instructions, project metadata, and any audiobook output that we generate from your inputs.
  • Voice biometric data: when you create a Custom Voice, we collect raw voice samples and the voice consent recording you supply. Detailed handling is in the Voice Biometric Privacy Notice.
  • Communications: if you contact us, we collect your email, the content of your message, and any attachments.

3.2 Information Collected Automatically

  • Device and connection information: IP address, user-agent string, browser type and version, operating system, device type, screen size, and language preference.
  • Usage information: pages visited, features used, time spent, generation jobs run, errors encountered, click events, and similar product analytics.
  • Cookies and similar technologies: we use only essential cookies (described in Section 8). We do not set advertising or behavioral tracking cookies.
  • Server logs: request paths, timestamps, response codes, latency, and approximate region inferred from IP. We use logs to operate and secure the Service.

3.3 Information from Third Parties

If you sign in via a third-party identity provider (where supported), we receive the basic profile information that provider releases to us, such as your email address and display name. Our merchant of record (Stripe) confirms successful payment and provides limited transaction metadata.

3.4 Sensitive Information

The raw voice samples you upload to create a Custom Voice, and the resulting cloned voice model, are biometric information under several U.S. state laws. We describe our handling of biometric information separately in the Voice Biometric Privacy Notice, including consent, retention, and destruction.

We distinguish between (a) raw voice samples and voice models, which are stored privately and accessible only to your account and to our service providers acting on our instructions; and (b) synthesized preview audio — short audio clips of a Custom Voice used to play that voice back in the in-product voice picker, which are stored separately and are not biometric identifiers within the meaning of biometric privacy laws. Your raw uploads are never publicly accessible.

We do not request or knowingly collect government-issued identification numbers, financial-account numbers (other than what our merchant of record passes through), precise geolocation, health information, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, union membership, or genetic data.

3.5 Information About Children

The Service is not directed to and not intended for use by anyone under eighteen years of age. We do not knowingly collect personal information from children. If we learn we have, we will delete it. If you believe we have inadvertently collected information from a child, contact us at hello@storyvox.app.

4. How We Use Information

We use information for the following purposes:

PurposeExamples
Provide the ServiceCreate your account, authenticate you, store your text and audio projects, run text-to-speech generation, deliver Output to you, save your settings
Voice cloningBuild a Custom Voice from samples you supply, with your recorded consent
BillingProcess subscriptions, send receipts, handle refunds and chargebacks (via Stripe)
Customer supportRespond to your questions, resolve issues, communicate about your account
Service operationMonitor performance, debug errors, manage capacity, plan improvements
Security and abuse preventionDetect and prevent fraud, abuse, unauthorized access, and other security incidents; investigate suspected violations of our Terms; comply with our DMCA process
Legal complianceRespond to lawful requests, enforce our Terms, comply with tax, recordkeeping, and other legal obligations
Product analyticsUnderstand how the Service is used in aggregate, improve features, prioritize development
CommunicationsSend transactional emails (account, billing, security, service notices) and, with your consent, occasional product updates

We do not use Your Content (including text uploads, voice samples, and Output) to train or fine-tune any artificial intelligence model unless you give specific opt-in consent at the time we collect that content.

5. Legal Basis for Processing

For users protected by privacy laws that require a stated legal basis (such as some state privacy laws), we rely on the following bases:

  • Performance of a contract — to provide the Service you request.
  • Legitimate interest — to operate, secure, and improve the Service in ways you would reasonably expect, such as fraud prevention and product analytics.
  • Consent — for voice biometric collection, marketing communications (where required by law), and any future training opt-ins.
  • Legal obligation — to comply with applicable laws, court orders, and tax recordkeeping.

You may withdraw consent at any time; withdrawal does not affect the lawfulness of prior processing.

6. How We Share Information

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising as that term is defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). We do not run advertising pixels.

We disclose information only to the categories of recipients below, and only to the extent reasonably necessary.

6.1 Service Providers (Sub-processors)

We work with the following providers, each of which is contractually limited to processing personal information on our instructions:

Category of providerPurposeWhere the data lives
Database, authentication, and storageAccount data, projects, audio files, file storageUnited States
Web hosting and edge computeWeb application hosting, serverless computeUnited States
GPU computeText-to-speech inferenceUnited States
Stripe, Inc.Payment processing, merchant of record (Stripe Managed Payments), tax handling, billingUnited States
Product analyticsAggregated product usage analyticsUnited States
Transactional email deliveryAccount, billing, and security emailUnited States
Content delivery and DDoS protectionCDN, DNS, denial-of-service protectionGlobal edge with U.S. control plane

We may add or change sub-processors. We will update this section when we do. The specific identities of sub-processors in each category are available on request to hello@storyvox.app.

6.2 Compliance and Protection

We may disclose information to (a) comply with applicable law, court order, subpoena, or other lawful request; (b) protect the rights, property, or safety of StoryVox, our users, or the public; (c) enforce our Terms; or (d) detect, investigate, prevent, or respond to fraud, abuse, security incidents, or technical issues.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal information may be transferred to the successor or acquirer, subject to confidentiality protections.

6.4 With Your Direction or Consent

We may disclose information when you ask us to or when you give us consent.

7. International Data Transfers

We are based in the United States. The infrastructure that powers the Service is also primarily based in the United States. If you access the Service from Canada, Australia, or New Zealand, your information will be transferred to and processed in the United States, which may have data-protection laws different from those of your country. By using the Service, you understand and agree to that transfer. Where required, we use appropriate transfer mechanisms, including Standard Contractual Clauses, with our sub-processors.

8. Cookies and Tracking

We use only essential cookies, including cookies needed to keep you signed in, secure session tokens, and remember basic preferences. We do not set behavioral, advertising, or cross-site tracking cookies. We do not use Google Analytics or any tracking-pixel-based advertising network.

We do not respond to "Do Not Track" browser signals because there is no industry consensus on how to interpret them, but because we do not engage in behavioral tracking, the practical effect is the same.

We honor the Global Privacy Control signal as a "do not sell or share" preference under California law. Because we do not sell or share, this signal does not change anything for our users; we describe the support here for transparency.

9. How Long We Keep Information

We retain information only as long as needed for the purposes described in this Policy, then delete or de-identify it. Specific retention periods:

DataRetention
Account informationUntil you delete your account; we delete inactive accounts after twelve (12) months of inactivity, after a reminder email
Generated audiobooks (Output)Until you delete them or your account
Uploaded textUntil you delete it or your account
Voice samples (raw audio uploaded for cloning)Thirty (30) days from upload, with an in-product "renew" control and a 7-day advance notice email; deleted after 30 days unless renewed
Custom Voice models (cloned voices)Until you delete the voice or your account, or until three (3) years pass with no use of that voice
Voice consent recordingFor the life of the related Custom Voice plus three (3) years, then deleted
Server access logsThirty (30) days
Security and authentication event logsOne (1) year
Billing recordsSeven (7) years (tax recordkeeping)
BackupsDaily backups, retained up to seven (7) days (point-in-time recovery), then aged out
Support correspondenceThree (3) years

If we are required by law to retain information longer, we will. After deletion, residual copies may persist in encrypted backups for up to ninety (90) days, after which they are aged out and rendered unrecoverable.

10. Your Rights and Choices

Depending on where you live, you may have the following rights regarding personal information about you:

  • Access — ask what information we hold and receive a copy.
  • Correction — ask us to correct information that is inaccurate or incomplete.
  • Deletion — ask us to delete information.
  • Portability — ask for a machine-readable copy of information you provided to us.
  • Opt-out of sale or sharing — we do not sell or share, but you may direct us not to in the future.
  • Withdraw consent — for processing based on consent (such as voice biometric data).
  • Non-discrimination — we will not discriminate against you for exercising a right.

10.1 How to Exercise

You can:

  • Delete your account at any time using in-product controls. This deletes your projects, generated Output, voice samples, and Custom Voices according to the schedule in Section 9.
  • Email hello@storyvox.app to make any other request. Please include the email associated with your account so we can verify the request.

We respond to verifiable requests within forty-five (45) days, or sooner where required by law. We may extend by up to forty-five additional days if reasonably necessary, with notice.

10.2 Verification

To prevent unauthorized access, we may ask you to verify your identity, typically by confirming control of the email associated with your account.

10.3 Authorized Agents

You may authorize an agent to make a request on your behalf if you provide signed authorization and we can verify your identity.

10.4 California Residents

If you are a California resident, you have rights under the CCPA/CPRA in addition to those above, including the right to know the categories of personal information we collect, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we disclose it. Those categories are described in Sections 3, 4, and 6.

We do not "sell" or "share" personal information as those terms are defined in the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes that would require a right-to-limit notice. We have not sold or shared personal information about California residents in the past twelve months.

10.5 Other State Privacy Rights

If you are a resident of a U.S. state with a comprehensive privacy law that applies to us (including, depending on the law's scope, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia), you have the rights listed in Section 10. To exercise them, follow the process in Section 10.1.

If you are dissatisfied with our response, in some states you may appeal by replying to our response email with the word "Appeal" in the subject line. We will respond to appeals within sixty (60) days. After exhausting our appeal process, you may complain to your state attorney general.

10.6 Canada (PIPEDA), Australia (APP), and New Zealand (Privacy Act 2020)

Users in these countries have rights to access and correct personal information and to complain to a privacy regulator. To exercise rights, follow Section 10.1. You may also contact your national privacy regulator.

11. Security

We use technical and organizational measures designed to protect personal information, including:

  • TLS for data in transit;
  • Encryption at rest by our database, storage, and backup providers;
  • Access control and least-privilege principles;
  • Salted-hash password storage; we never store plaintext passwords;
  • Audit logging of administrative actions;
  • Internal review of new sub-processors and material changes that touch personal information.

No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and applicable regulators without undue delay and consistent with applicable law.

You are responsible for keeping your password and any second-factor credentials confidential. Notify us at hello@storyvox.app immediately if you suspect unauthorized access to your account.

12. Voice Biometric Information

Voice samples and voice models are subject to additional protections. See our Voice Biometric Privacy Notice for full disclosures, including the specific consent we obtain, the retention schedule, and our destruction practices.

13. AI Training

We do not use Your Content (including text uploads, voice samples, the Custom Voice models, the consent recording, or generated Output) to train or fine-tune any artificial intelligence model, including any text-to-speech, voice-cloning, or large language model. If we ever change this practice, we will (a) describe the new use plainly, (b) ask you to opt in before any new content is included, and (c) update this Policy with notice.

14. Account Communications and Marketing

We send transactional and account-related emails (such as receipts, security alerts, renewal reminders, deletion notices, and material changes to our policies) as part of operating the Service. You cannot unsubscribe from these without closing your account.

If we send marketing emails, we will obtain consent where required and provide a one-click unsubscribe link in every message.

15. Third-Party Links and Services

The Service may link to third-party websites and services. This Policy does not apply to those third parties. Review their privacy notices before sharing information with them.

16. Changes to This Policy

We may update this Policy. The "Last Updated" date at the top reflects the most recent change. For material changes, we will provide reasonable advance notice through the Service or by email. Continued use after the effective date of an updated Policy means you accept the changes; if you do not agree, stop using the Service before the effective date.

17. Contact Us

Privacy questions, requests, or complaints? Reach us at:

Email: hello@storyvox.app

Mail:
StoryVox LLC
Attn: Privacy
6547 N. Academy Blvd. #2206
Colorado Springs, CO 80918
United States

Questions? Email hello@storyvox.app.

See all legal documents.

Other legal documents