StorySpin – Privacy Policy
Last updated: 2 September 2025
This Privacy Policy explains how Spinverse Ltd (“Spinverse”, “we”, “us”, “our”) collects, uses, shares, and protects information when you use the StorySpin mobile app and related services (“StorySpin” or the “Services”). We are the data controller for personal data processed in connection with StorySpin under the UK GDPR and the Data Protection Act 2018.
1) Who we are & how to contact us
Controller: Spinverse Ltd
Contact: developer@spinverse.co.uk
Registered address: London, United Kingdom
2) What we collect
We collect the following categories of data, depending on how you use StorySpin:
- Account data – email, display name, username, profile photo, date of birth (to determine eligibility and age-appropriate features), and your Firebase UID.
- User content – stories, paragraphs, votes, comments, bookmarks, reports, likes, and related timestamps/IDs.
- Usage & device data – IP address, device model/OS, app version, language, timezone, referral information, in-app events (e.g., opens, taps), crash/performance diagnostics.
- Advertising & analytics data – pseudonymous identifiers (e.g., Ad ID), ad impressions/clicks, and anti-fraud signals.
- Payment data (if applicable) – purchase status, product identifiers, and receipts via the relevant app store; we do not store card details.
- Permissions – media/gallery for avatars, notifications for FCM, and other optional permissions you grant.
3) Sources of data
- Directly from you when you create an account, post content, vote, comment, or contact support.
- Automatically via the app and SDKs (e.g., Firebase Analytics, Crashlytics, AdMob).
- From platform providers (e.g., Apple/Google) for purchase validation and device-level settings.
4) How we use your data
- Provide and maintain StorySpin (authentication, story collaboration, comments, voting, notifications).
- Personalise discovery (e.g., recommendations, trending features) and measure feature effectiveness.
- Communicate with you about updates, service notices, and support.
- Ensure safety and integrity (moderation, fraud and abuse prevention, enforcing our Terms).
- Perform analytics, fix bugs/crashes, and improve performance and reliability.
- Serve and measure advertising (if enabled) and manage subscriptions/in-app purchases.
- Comply with legal obligations and exercise legal claims.
5) Legal bases (UK GDPR)
| Purpose | Legal basis |
|---|---|
| Account setup, sign-in, core features (posting, voting, comments) | Performance of a contract (Article 6(1)(b)) |
| Crash reports, security, fraud/abuse prevention | Legitimate interests (Article 6(1)(f)) |
| Personalised suggestions & non-essential analytics | Consent where required, otherwise legitimate interests |
| Marketing communications (email/push) | Consent where required; you can withdraw at any time |
| Compliance, tax/accounting, legal requests | Legal obligation (Article 6(1)(c)) |
| In-app purchases/subscriptions administration | Performance of a contract; legitimate interests |
6) Sharing your information
- Community visibility: Your profile (username, avatar) and user content (stories, comments, votes) are visible to other users according to your actions in StorySpin.
- Service providers: We use trusted vendors to operate the app (e.g., Firebase Auth/Firestore/Functions/Analytics/Crashlytics/Remote Config, FCM; AdMob; cloud hosting; email/support tooling). They are bound by contracts and process data on our instructions.
- Legal/compliance: We may disclose information where required by law, to protect rights/safety, or to enforce our terms.
- Business transfers: If we undergo a merger, acquisition, or asset sale, data may be transferred under appropriate safeguards.
7) International transfers
We may process and store data outside the UK (e.g., in the EEA or US) via our providers. Where we transfer personal data internationally, we rely on appropriate safeguards such as adequacy regulations, the UK International Data Transfer Addendum (IDTA) or EU Standard Contractual Clauses (as applicable).
8) Cookies & SDKs
StorySpin uses app-integrated SDKs (e.g., Firebase, AdMob) and similar technologies to remember preferences, measure usage, deliver ads, and improve the service. Platform settings (iOS/Android) may let you reset advertising IDs or limit ad tracking. Where consent is required for non-essential tracking, we will ask for it.
9) Retention
We retain personal data while your account is active or as needed to provide StorySpin. We also retain certain information to meet legal, tax, and audit obligations. If you request deletion, we will remove or anonymise personal data unless we must keep some information for legal or security reasons. Aggregated/anonymised data may be kept.
10) Security
We apply technical and organisational measures (e.g., access controls, encryption in transit, monitoring, least-privilege) to protect your data. No online service is completely secure; please keep your account credentials confidential and notify us of any suspected unauthorised use.
11) Your rights
Subject to conditions and exemptions under UK data protection law, you may have the right to:
- Access your personal data and receive a copy;
- Rectify inaccurate or incomplete data;
- Erase data (where applicable) or restrict processing;
- Object to certain processing, including direct marketing;
- Withdraw consent where we rely on consent (this does not affect prior lawful processing);
- Data portability (for information you provided to us, where technically feasible).
To exercise these rights, contact developer@spinverse.co.uk. You also have the right to complain to the UK Information Commissioner’s Office (ICO).
12) Children
StorySpin is not directed at children under 13. If you are 13–17, you should use StorySpin with parental permission. If we learn that a child under 13 has provided personal data, we will take steps to delete it. Parents/guardians can contact us to request removal.
13) Communications preferences
You can manage push notifications in your device settings and marketing emails via unsubscribe links or in-app preferences. We will still send essential service messages (e.g., password resets, transactional notices).
14) In-app purchases & payments
Purchases are processed by Apple App Store or Google Play. We receive transaction confirmations and subscription status, but we do not receive or store your full payment card details. Please review your platform provider’s privacy notice for more details.
15) Automated decision-making
We do not make decisions that produce legal or similarly significant effects based solely on automated processing. Certain features (e.g., recommendations, trending) involve algorithmic ranking to improve your experience.
16) Changes to this policy
We may update this Privacy Policy from time to time (for example, to reflect changes in the law, our services, or technology). We will post the updated version in-app and on this page. If changes are material, we will take additional steps to inform you.
17) Contact
Questions or requests about this policy? Email us at developer@spinverse.co.uk.