Privacy Policy
Last Updated: February 15, 2026
Effective Date: February 15, 2026
Your Privacy Matters: Forever Stories is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information. Please read this carefully.
Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- How We Share Your Information
- Data Security
- Data Retention
- Your Privacy Rights
- Children's Privacy
- International Data Transfers
- Cookies and Tracking Technologies
- California Privacy Rights (CCPA)
- European Privacy Rights (GDPR)
- Changes to This Policy
- Contact Us
1. Introduction
Forever Stories ("we," "us," or "our") operates a memory preservation platform. We respect your privacy and are committed to protecting your personal data. This Privacy Policy applies to all users of our mobile application and services.
1.1 Who We Are
Forever Stories is a digital memory preservation service that helps individuals record, store, and share personal stories with their loved ones.
1.2 Scope
This Privacy Policy applies to information collected through:
- Our mobile applications (iOS and Android)
- Our website (foreverstories.co)
- Emails and communications with us
- Any related services
2. Information We Collect
2.1 Information You Provide Directly
| Data Type |
Examples |
Purpose |
| Account Information |
Name, email address, password |
Account creation and authentication |
| Profile Information |
Profile photo, bio, preferences |
Personalization and user experience |
| User Content |
Stories, responses, photos, videos |
Core service functionality |
| Communication Data |
Emails, support messages |
Customer support and service improvements |
| Invite Information |
Email addresses of people you invite |
Sharing features |
2.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Features used, content viewed, time spent, interaction patterns
- Log Data: IP address, browser type, access times, pages viewed
- Location Data: General location (city/state level) based on IP address
- Crash Data: Error reports and diagnostic information
2.3 Information from Third Parties
- Authentication Services: If you sign in with Apple or Google
- Analytics Providers: Usage statistics and app performance
- Payment Processors: Payment transaction data (if applicable)
3. How We Use Your Information
We use your information for the following purposes:
3.1 Provide and Improve Our Service
- Create and manage your account
- Store and organize your stories and content
- Deliver daily prompts and notifications
- Enable sharing with invited family members
- Provide customer support
- Improve app features and functionality
- Fix bugs and technical issues
3.2 Communication
- Send you service-related emails (account verification, password reset, etc.)
- Send daily prompt notifications (if enabled)
- Respond to your inquiries and support requests
- Send important updates about the Service
- With your consent, send marketing communications (you can opt-out anytime)
3.3 Safety and Security
- Detect, prevent, and address fraud, abuse, and security issues
- Enforce our Terms of Service
- Protect the rights and safety of our users
- Comply with legal obligations
3.4 Analytics and Research
- Understand how users interact with our Service
- Analyze trends and usage patterns (aggregated, non-personal data)
- Measure the effectiveness of features
- Conduct research to improve user experience
4. How We Share Your Information
Important: We do NOT sell your personal information to third parties. Your stories and personal content are private and only shared as you direct through the app's sharing features.
4.1 Sharing You Control
- Invited Users: Stories and content are shared with family members you explicitly invite
- Revocable Access: You can revoke access at any time through account settings
4.2 Service Providers
We share information with trusted third-party service providers who assist us in operating our Service:
- Cloud Storage (AWS): Secure storage of your content
- Email Services (Resend): Sending notifications and service emails
- SMS Services (Twilio): Sending invitation text messages on behalf of users
- Analytics (if applicable): Understanding app usage (anonymized data)
- Push Notifications: Delivering daily prompts and alerts
These providers are contractually obligated to protect your data and only use it for specified purposes.
4.3 Legal Requirements
We may disclose your information if required by law or if we believe such action is necessary to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Protect the rights, property, or safety of our users or the public
4.4 Business Transfers
If Forever Stories is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
4.6 SMS/Text Messaging
When a user sends an invitation via SMS through our app, we use Twilio to deliver a one-time text message to the recipient's phone number containing an invite code. Key details about our SMS practices:
- Opt-in: SMS messages are only sent when a user explicitly enters a recipient's phone number and taps "Send Invite" in the app. The user is shown a consent disclosure before sending.
- Message frequency: Recipients receive only one SMS per invitation. We do not send recurring or marketing text messages.
- Opt-out: Recipients can reply STOP to any message to opt out of future messages.
- No sharing: Mobile opt-in data and consent information will not be shared with or sold to third parties for their marketing or promotional purposes.
- Message and data rates may apply. Contact your carrier for details.
For more information about our SMS practices, see our SMS Terms.
5. Data Security
We implement industry-standard security measures to protect your personal information:
5.1 Technical Safeguards
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
- Secure Authentication: Password hashing with bcrypt
- Access Controls: Role-based access restrictions
- Secure Infrastructure: Cloud hosting with AWS security features
- Regular Backups: Automated backups to prevent data loss
- Monitoring: Continuous security monitoring and logging
5.2 Organizational Safeguards
- Limited employee access to personal data
- Confidentiality agreements with service providers
- Regular security training
- Security incident response procedures
5.3 Your Responsibility
- Use a strong, unique password
- Enable two-factor authentication (if available)
- Keep your login credentials confidential
- Log out from shared devices
- Notify us immediately of any unauthorized access
Note: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy.
6.1 Active Accounts
- Account data: Retained while your account is active
- User content (stories, photos, videos): Retained permanently unless you delete it
- Usage logs: Retained for 12 months
6.2 Deleted Accounts
- Account deletion is permanent and immediate
- Your content is deleted within 30 days
- Some data may be retained longer for legal/compliance purposes
- Backup copies may exist for up to 90 days
6.3 Legal Retention
We may retain certain information longer if required by law or to resolve disputes, enforce agreements, or protect legal rights.
7. Your Privacy Rights
7.1 Access and Portability
- Access: Request a copy of your personal data
- Portability: Receive your data in a portable format
- How: Email privacy@foreverstories.co
7.2 Correction and Update
- Right: Correct inaccurate or incomplete data
- How: Update through app settings or contact us
7.3 Deletion
- Right: Request deletion of your personal data
- How: Delete account through app settings or email us
- Note: Some data may be retained for legal compliance
7.4 Object and Restrict
7.5 Opt-Out of Marketing
- Right: Unsubscribe from marketing emails
- How: Click "unsubscribe" in emails or adjust app settings
7.6 Response Time
We will respond to your requests within 30 days. For complex requests, we may extend this to 60 days with notification.
8. Children's Privacy (COPPA Compliance)
8.1 Age Restriction
Forever Stories is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
8.2 If We Learn of Child Data
If we discover that we have collected information from a child under 13 without parental consent, we will delete that information immediately.
8.3 Parental Rights
Parents who believe their child under 13 has provided information to us should contact us at privacy@foreverstories.co for immediate deletion.
8.4 Teens (13-18)
If you are between 13 and 18, you should obtain parental or guardian consent before using Forever Stories.
9. International Data Transfers
9.1 Data Location
Forever Stories is based in the United States. Your information may be transferred to and processed in the United States or other countries where our service providers operate.
9.2 Protections
When transferring data internationally, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with service providers
- Compliance with applicable data protection laws
10. Cookies and Tracking Technologies
10.1 What We Use
| Type |
Purpose |
Duration |
| Essential Cookies |
Authentication, security, core functionality |
Session/Persistent |
| Analytics |
Usage statistics, performance monitoring |
12 months |
| Preference Cookies |
Remember settings and preferences |
12 months |
10.2 Your Choices
- Mobile: Adjust settings in app preferences
- Browser: Configure browser to reject cookies
- Note: Disabling essential cookies may affect functionality
10.3 Third-Party Tracking
We do not allow third-party advertising trackers. Analytics tools are configured to anonymize data.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
11.1 Right to Know
You can request:
- Categories of personal information collected
- Categories of sources
- Business purposes for collection
- Categories of third parties we share with
- Specific pieces of personal information collected
11.2 Right to Delete
Request deletion of your personal information (subject to legal exceptions).
11.3 Right to Opt-Out of Sale
We do NOT sell personal information. There is no opt-out needed because we don't sell your data.
11.4 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
11.5 How to Exercise Rights
11.6 Authorized Agent
You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization.
11.7 Verification
We will verify your identity before fulfilling requests by matching information you provide with information we have on file.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
12.1 Legal Basis for Processing
We process your data based on:
- Contract: To provide our Service to you
- Legitimate Interests: To improve and secure our Service
- Consent: For marketing communications (where applicable)
- Legal Obligation: To comply with laws
12.2 Your GDPR Rights
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure ("Right to be Forgotten"): Request deletion
- Right to Restrict Processing: Limit how we process your data
- Right to Data Portability: Receive your data in portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for processing
12.3 How to Exercise Rights
Email: privacy@foreverstories.co with "GDPR Request" in subject line.
12.4 Data Protection Officer
For GDPR-related inquiries: dpo@foreverstories.co
12.5 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
13.1 Notification of Changes
We will notify you of material changes by:
- Posting a notice in the app
- Sending an email to your registered address
- Updating the "Last Updated" date at the top of this page
13.2 Your Acceptance
Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. If you disagree with changes, please stop using the Service and delete your account.
13.3 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
14.1 General Privacy Inquiries
14.2 Data Protection Officer (GDPR)
14.3 Legal/DMCA
14.4 Response Time
We strive to respond to all inquiries within 48 hours for general questions and within 30 days for formal privacy rights requests.
Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. While we strive to comply with all applicable privacy laws, we recommend consulting with a legal professional if you have specific legal questions about your privacy rights.