Privacy Policy

Operated by Story Suite Pty Ltd

1. Introduction

StoryDesk (https://storydesk.ai) is an AI-powered content management platform operated by Story Suite Pty Ltd, an Australian company. StoryDesk enables content creators, agencies, and publishers to create, manage, and distribute content across multiple brands and platforms.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use StoryDesk, including when you connect third-party platforms such as Facebook and Instagram through our service.

By using StoryDesk, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree with this policy, please do not use our platform.

2. Who We Are

StoryDesk is operated by Story Suite Pty Ltd, registered in Australia. For the purposes of applicable data protection laws, Story Suite Pty Ltd is the data controller responsible for your personal information.

Privacy Officer: privacy@storydesk.ai
Website: https://storydesk.ai

3. Information We Collect

3.1 Information You Provide Directly

• Account Information: Name, email address, username, password, and account preferences.
• Billing Information: Payment details processed through our third-party payment provider. We do not store full credit card numbers.
• Content Data: Articles, drafts, prompts, media uploads, brand voice configurations, and other content you create or upload within StoryDesk.
• Communications: Support tickets, emails, and feedback you send to us.

3.2 Information Collected Automatically

• Usage Data: How you interact with StoryDesk, including features used, pages visited, and actions taken.
• Technical Data: IP address, browser type, device information, operating system, and access times.
• Cookies and Similar Technologies: We use cookies to maintain sessions, remember preferences, and analyse platform usage.

3.3 Information from Third-Party Platforms (Facebook and Instagram)

When you connect your Facebook Pages or Instagram Business accounts to StoryDesk, we may collect the following information through the Meta (Facebook) Graph API, subject to the permissions you grant:

Facebook Data

• Page Information: A list of Facebook Pages you manage, including Page names, Page IDs, profile pictures, and categories.
• Page Content: Posts, images, videos, and other content published on your Pages, for the purpose of managing and scheduling new content.
• Engagement Data: Likes, comments, shares, reactions, and other engagement metrics on your Page posts, used to provide analytics and performance insights.
• User-Generated Content: Content posted by users on your Pages (such as comments, reviews, and visitor posts), to enable you to monitor and respond to audience interactions.
• Business Manager Data: Information about your Business Manager assets, including associated Pages, accounts, and team roles, to enable multi-brand management within StoryDesk.

Instagram Data

• Account Information: Instagram Business or Creator account name, username, profile picture, biography, follower count, and media count.
• Comments: Comments on your Instagram posts and media, to enable you to monitor and respond to audience interactions from within StoryDesk.
• Direct Messages: Instagram Direct Messages sent to your Business or Creator account, to enable you to manage and respond to customer and audience messages from within StoryDesk.

4. How We Use Your Information

4.1 Platform Operations

• To provide, maintain, and improve StoryDesk and its features
• To process your account registration and manage your subscription
• To provide customer support and respond to your enquiries

4.2 Content Management and Publishing

• To publish, schedule, and manage content on your connected Facebook Pages and Instagram accounts on your behalf
• To display your connected Pages and accounts within StoryDesk for brand management
• To enable you to read and respond to comments and messages on your connected accounts

4.3 Analytics and Performance

• To provide engagement analytics and content performance insights for your published content
• To generate SEO recommendations and content optimisation suggestions
• To track trending topics and provide content recommendations based on your defined subjects and interests

4.4 Security and Compliance

• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations and enforce our Terms and Conditions

5. How We Share Your Information

StoryDesk does not sell your personal information. We share information only in the following circumstances:

• Third-Party Platforms (at your direction): When you use StoryDesk to publish content or manage interactions on Facebook, Instagram, Wix, Substack, or other connected platforms, we transmit the necessary data to Meta via their APIs. This is done solely at your direction and on your behalf.
• Service Providers: We engage trusted third-party service providers for hosting, analytics, payment processing, and customer support. These providers are contractually required to protect your data and use it only for the services they provide to us.
• AI Service Providers: StoryDesk uses AI services (such as OpenAI and AWS Bedrock) to generate and refine content. Content data may be sent to these providers for processing. We do not send your personal account information or Facebook/Instagram access tokens to AI providers.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6. Facebook and Instagram Data: Specific Provisions

This section provides additional detail on how StoryDesk handles data obtained from Meta (Facebook and Instagram) APIs, in compliance with the Meta Platform Terms and Developer Policies.

6.1 Purpose of Data Access

StoryDesk accesses Facebook and Instagram data solely to provide you with content management, publishing, engagement monitoring, and analytics features. We do not use Facebook or Instagram data for any purpose other than delivering and improving our service to you.

6.2 Data Storage and Security

• Facebook and Instagram access tokens are encrypted at rest and in transit.
• Data received from Meta APIs is stored on secure, access-controlled servers.
• We implement industry-standard security measures including encryption, access controls, and regular security audits.
• Only authorised personnel have access to stored Meta platform data.

6.3 Data Retention and Deletion

• Facebook and Instagram data is retained only for as long as your account is active and you maintain an active connection to the respective platform.
• If you disconnect a Facebook Page or Instagram account from StoryDesk, we will delete the associated data within 30 days.
• If you delete your StoryDesk account, all associated Facebook and Instagram data will be deleted within 90 days.
• You may also request deletion of specific data at any time by contacting privacy@storydesk.ai.

6.4 Revoking Access

You can revoke StoryDesk's access to your Facebook or Instagram data at any time by disconnecting the platform within your StoryDesk account settings, or by removing StoryDesk from your Facebook App Settings at https://www.facebook.com/settings/?tab=applications. Upon revocation, we will cease accessing new data and delete existing data in accordance with Section 6.3.

6.5 Compliance with Meta Platform Terms

StoryDesk complies with Meta's Platform Terms, Developer Policies, and all applicable API Terms of Use. We do not sell, licence, or otherwise commercialise data obtained from Meta APIs, except as necessary to provide our service to you.

7. Data Security

We take reasonable and appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or alteration. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and secure development practices.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal and contractual limitations.
• Data Portability: Request a copy of your data in a structured, commonly used format.
• Objection/Restriction: Object to or request restriction of certain processing activities.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@storydesk.ai. We will respond within 30 days.

10. International Data Transfers

StoryDesk is operated from Australia. Your information may be transferred to, and processed in, countries other than your country of residence, including countries where our service providers operate. We take appropriate safeguards to ensure that your personal information is protected in accordance with this policy and applicable data protection laws.

11. Children's Privacy

StoryDesk is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of StoryDesk after any changes indicates your acceptance of the updated policy.

13. Applicable Law

This Privacy Policy is governed by the laws of Australia, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our users are located in the European Economic Area or the United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and the UK GDPR as applicable.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact:

StoryDesk Privacy Officer
Story Suite Pty Ltd
Email: privacy@storydesk.ai
Website: https://storydesk.ai