Last Updated: 20 April 2026
This Privacy Policy describes how OurStories ("we", "us", or "our") collects, uses, and shares information when you use our mobile application (the "App"). We are based in Australia and comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.
Because OurStories helps you record interviews and generate written stories about you and your family, this policy is detailed on purpose. Please read it carefully.
OurStories is used to create profiles of, and record conversations with, family members and other people. This means you may provide personal information about other people to us for processing. Some of that information may be sensitive, such as ethnicity, religion, nationality, beliefs, or health.
Before you record someone, or create a profile about them, you must obtain their consent, including consent to audio recording, to transcription by a third party service provider, and to the processing of any sensitive information they share. For minors, a parent or legal guardian must provide that consent. By uploading a recording or creating a profile of another person, you confirm that you have obtained the necessary consent and have the legal right to provide that information for the purposes described below.
If a person featured in your recordings wants to access, correct, or delete information about them, they or you on their behalf can contact us at the email address provided below.
Information you provide directly. When you use the App, we collect account and authentication information (such as email address, a hashed password, an optional phone number, and, if you choose to sign in with Google, a Google account identifier); profile information about yourself and other people you create profiles for (such as name, date of birth, place of birth, gender, and biographical details); sensitive information you choose to enter or that is discussed in your recordings (which may include ethnicity, religion, nationality, beliefs, health, or similar categories); and audio recordings of conversations you record through the App.
Information generated from your recordings. When you submit a recording, the App produces and stores a transcript of the audio and written story content derived from that transcript, together with short contextual snippets that help improve future stories. You can edit or delete any of this generated content at any time.
Information collected automatically. We collect limited technical information, including platform (iOS or Android), operating system version, and app version; usage information such as recording and story creation timestamps and processing status; diagnostic information such as crash reports, error logs, IP address, and device context, collected through our error monitoring provider; subscription and purchase information, processed through our subscription provider and the App Store or Play Store; a push notification token, if you opt into notifications; and over the air update metadata so that your app can receive updates.
Information stored locally on your device. Some information is stored only on your device and is not transmitted to our servers as a standalone store, including session tokens and preferences such as dark mode.
Information we do not collect. We do not collect precise location, contacts, photos, or calendar data. We do not use advertising identifiers or advertising trackers, and we do not sell your personal information.
We request access to the microphone so you can record audio through the App; background audio so recording continues if your screen locks or you switch apps; and push notifications so you can receive optional local reminders. You can decline any permission in your device settings, but the core features of the App require microphone access.
We use the information we collect to provide the core service, including recording audio and generating written stories from your recordings; to organise and personalise your content; to process your subscription, if you purchase one; to send local reminders, if you opt into notifications; to monitor errors and crashes so we can keep the App stable; to operate, secure, and maintain the service, including authentication, session management, over the air updates, and abuse prevention; to respond to your questions and handle support requests; and to comply with legal obligations and protect our rights and the safety of users.
To produce transcripts and written stories from your recordings, we use third party artificial intelligence services as described under "Who we share your information with". We send these providers only the information necessary to perform the task, and we do not send them your email, password, phone number, or payment information.
For users in the EEA and UK, we rely on the following legal bases: contract, under Article 6(1)(b), to create your account and provide the service; explicit consent, under Article 9(2)(a), to process sensitive categories of information; legitimate interests, under Article 6(1)(f), to operate and secure the service and prevent abuse; consent, under Article 6(1)(a), for push notifications; and legal obligation, under Article 6(1)(c), where required. You can withdraw consent at any time without affecting the lawfulness of prior processing.
We rely on APP 3.3, collecting sensitive information with your consent and only where it is reasonably necessary for the App's purpose. For information about people other than yourself, we rely on you having obtained that person's consent before providing their information to us.
The App uses automated processing to produce written content from your recordings. This content is provided for your personal use and is not used to make legal or similarly significant decisions about you or anyone else. You are free to edit, delete, or ignore any generated content.
We share personal information only with service providers that help us operate the App. We do not sell your personal information and we do not share it for advertising.
Our service providers include backend and authentication providers, a subscription and payment provider, an error monitoring provider, an over the air updates and push notification provider, a sign in with Google provider, and the Apple App Store and Google Play Store for app distribution and payment. We also use third party artificial intelligence providers to transcribe your audio recordings and to generate written content from those transcripts, and a stock image provider to supply cover images for generated stories.
Our current service providers and links to their privacy policies are:
Our AI providers are accessed through their commercial API offerings, and under their current API terms they do not train their models on data sent through the API by default. Each provider may retain API inputs and outputs temporarily in accordance with its own policy, primarily for security and abuse prevention purposes.
We may also disclose personal information to comply with a valid court order, subpoena, or other legal obligation; to protect the rights, property, or safety of OurStories, our users, or the public; or in connection with a sale, merger, acquisition, or corporate reorganisation, in which case we will notify affected users where required by law.
OurStories is operated from Australia, and most of our service providers are based in the United States and may process information in the United States or other countries. For Australian users, by using the App you consent under APP 8.2(b) to the cross border disclosure of your personal information to these overseas recipients. Where an overseas recipient is not subject to a law or binding scheme substantially similar to the APPs, we take reasonable steps to ensure appropriate contractual safeguards are in place. For users in the EU and UK, we rely on appropriate safeguards under Articles 44 to 46 of the GDPR, such as the European Commission's Standard Contractual Clauses and, where applicable, EU–US Data Privacy Framework certifications. You can request a copy of the safeguards applicable to a specific transfer by contacting us.
We retain your account, profile, audio, and generated content for as long as your account exists and you choose to keep it, so that you can return to your stories later. Diagnostic and error data is retained by our error monitoring provider according to its retention policy, typically up to 90 days. Subscription data is retained by our subscription provider and the app stores for as long as required by their own policies and by tax and consumer protection law. Data held by third party processors is retained according to each provider's policy.
You can delete your account at any time using the "Delete my account" option in the App, or by emailing us. Deletion is permanent and cascades to your recordings, transcripts, generated content, profiles, and preferences. Residual copies in routine backups are overwritten on a rolling basis.
We take reasonable technical and organisational measures to protect your information. These include encryption in transit for all communication between the App, our backend, and our service providers; access controls on our database and storage so that you can only access your own information; authentication and ownership checks on server side requests; and abuse prevention measures such as rate limiting and input validation.
No system is completely secure. If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, and any affected EU or UK supervisory authorities within 72 hours where required by GDPR Article 33.
Regardless of where you live, you can ask us to access the personal information we hold about you, correct information that is inaccurate or out of date, delete your account and associated data, withdraw consent that you have previously given, and complain about how we handle your personal information. To exercise any of these rights, email us at the address provided below.
We comply with the 13 Australian Privacy Principles. In addition to the rights above, you can request access under APP 12 and correction under APP 13. If you are not satisfied with our response within 30 days, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au, by phone on 1300 363 992, or by post at GPO Box 5218, Sydney NSW 2001.
You have the rights provided by the GDPR and UK GDPR, including the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), objection (Article 21), and withdrawal of consent at any time. You also have the right not to be subject to decisions based solely on automated processing with legal or similarly significant effects (Article 22), and the right to lodge a complaint with your local supervisory authority. For GDPR requests, please write "GDPR Request" in the subject line of your email. We will respond within one month of receipt as required by Article 12(3).
If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any sale or sharing of personal information for cross context behavioural advertising. We do not sell or share personal information for cross context behavioural advertising. You also have the right to limit the use and disclosure of sensitive personal information to what is necessary to provide the service, and the right to be free from discrimination for exercising your privacy rights. Contact us at the email below to exercise these rights.
The App is not intended for children under the age of 13, or the minimum age of digital consent in your jurisdiction if that age is higher. We do not knowingly collect personal information directly from children under this age. However, OurStories is often used to record interviews with family members of all ages, including children. When you record a child or create a profile for a child, you must be the child's parent or legal guardian or have their consent. You are responsible for the information you upload about them and for exercising their privacy rights on their behalf. If you believe we have inadvertently collected information directly from a child under 13, please contact us immediately and we will delete it.
The App uses local push notifications scheduled on your device to remind you to record stories. These notifications are completely optional, can be disabled at any time through the App or your device settings, and are never used to send marketing or advertising.
The App itself does not use web cookies. Some of our service providers may use similar technologies for security, session management, and operation of their services, as described in each provider's own privacy policy.
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy in the App and at ourstories.app, update the "Last Updated" date at the top, and where required by law notify you by email or in app notification. For changes that require fresh consent, we will seek that consent before the change takes effect. Your continued use of the App after a non material update means you accept the revised policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, including to exercise your privacy rights, please contact us.
Email: support@ourstories.app
Developer: Sofoklis, OurStories
Location: Melbourne, Victoria, Australia
By using the OurStories app, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, storage, and sharing of your information as described.