Storyfinch

Storyfinch Privacy Policy

Last updated: 8 July 2026

Overview

Storyfinch is an ebook delivery and mailing-list signup tool for authors.

Authors use Storyfinch to offer a free ebook (a “reader magnet”), collect readers’ email addresses with explicit consent, connect a mailing-list provider, and deliver the book securely. This Privacy Policy explains how Storyfinch collects, uses, stores, and protects information when you use the Storyfinch website and application.

By using Storyfinch, you agree to the collection and use of information in accordance with this policy.

Our role: controller and processor

For information about account holders, website visitors, customers, payments and support, Storyfinch is the data controller. For information collected through an author’s reader-magnet signup page (such as a reader’s email address and consent record), the author is the controller and Storyfinch acts as a processor, handling that data on the author’s behalf so we can provide the service. Authors are responsible for their own mailing-list use and for giving their readers appropriate privacy information.

Information We Collect

Account Information

When you create an author account, we may collect information including:

  • Name
  • Email address
  • Account credentials (passwords are stored only as a secure hash)
  • Author or pen name
  • Subscription and billing status
  • Support communications

Reader Magnet Information

To host signup pages and deliver books, we collect and store the reader magnets you create, including:

  • Uploaded book files (EPUB and optional PDF)
  • Cover images
  • Titles, descriptions and the public signup-page address
  • Signup, consent and delivery-email settings
  • Landing-page theme and accent colour
  • The mailing provider and list you choose for each magnet

Reader Signup and Delivery Information

When a reader signs up on an author’s page, we collect (on the author’s behalf) information such as:

  • Email address, and name if provided
  • Whether they ticked the mailing-list consent box, and the exact consent wording shown at the time
  • The signup page, date and time
  • IP address and browser user-agent, kept as evidence of consent
  • Delivery and download records, and the outcome of any mailing-provider push

Readers do not need a Storyfinch account to receive a book.

Technical Information

We may collect technical information necessary to operate and improve the service, including:

  • Browser type and version
  • Device information
  • Operating system
  • Application errors and diagnostics
  • Usage and feature activity within Storyfinch

We do not use the contents of uploaded book files for analytics or monitoring purposes.

How We Use Information

We use information to:

  • Provide and maintain Storyfinch
  • Authenticate users and manage accounts
  • Host reader-magnet signup pages and record consent
  • Deliver ebooks securely and, where configured, send readers to an author’s mailing list
  • Process subscriptions and payments
  • Respond to support requests
  • Monitor reliability, performance, and security
  • Prevent spam, fraud and abuse
  • Improve the product and user experience
  • Communicate important service updates

Uploaded Book Files

Your uploaded ebooks, PDFs and covers are processed only to host your signup page and deliver the book to your readers. Storyfinch does not claim ownership of your files.

Storyfinch does not use uploaded files to train artificial intelligence models and does not provide them to AI training systems. We do not sell your files.

Book files are delivered through secure, expiring links rather than permanent public URLs. Storyfinch does not provide digital rights management and cannot prevent a reader from copying or sharing a file after download.

Reader Consent

Storyfinch helps authors collect explicit mailing-list consent and records the exact wording a reader agreed to, along with the time and the request details, as evidence. These consent records are treated as immutable and are kept even if the reader magnet is later deleted, so the author retains their audit trail. Authors can export their consent records at any time.

Mailing-List Integrations

Storyfinch can connect to third-party mailing providers such as EmailOctopus, Mailchimp, MailerLite, Kit, Brevo, ActiveCampaign, SendFox and Beehiiv, or send a signed webhook to a service such as Zapier or Make. When a reader consents, we send their email address and relevant consent information to the provider the author has chosen. The author is responsible for their relationship with that provider and for the emails they send.

Analytics and Product Usage

We collect information about how Storyfinch is used, including events such as:

  • Account registration
  • Reader magnet creation
  • Signup-page views and reader signups
  • Book deliveries and downloads
  • Subscription activity

This helps us understand product usage, improve functionality, and monitor service performance. Where possible, analytics information is aggregated or pseudonymised and does not include the contents of uploaded book files.

Error Monitoring and Reliability

We use monitoring and error-reporting tools to identify and diagnose technical problems. These tools may receive technical information such as:

  • Application errors
  • Browser information
  • Device information
  • Request metadata

We take reasonable steps to avoid sending uploaded book files or other sensitive user data to monitoring systems.

Payments

Payments are processed by a third-party payment provider (Stripe). Storyfinch does not store full payment card numbers on its own servers. Payment information is handled in accordance with the payment provider’s policies.

Cookies

Storyfinch may use cookies and similar technologies for:

  • Login sessions
  • Security
  • User preferences
  • Analytics
  • Performance monitoring

You can control cookies through your browser settings, although some functionality may not work correctly if cookies are disabled.

Sharing Information

We may share information with trusted service providers that help operate Storyfinch, including providers of:

  • Hosting and infrastructure
  • File and object storage
  • Payment processing
  • Transactional email delivery
  • Mailing-list providers chosen by authors
  • Analytics
  • Error monitoring and diagnostics
  • Customer support tools

We may also disclose information:

  • To comply with legal obligations
  • To enforce our rights and agreements
  • To protect Storyfinch, our users, or the public from fraud, abuse, or security threats

We do not sell personal information.

Data Retention

We retain information for as long as necessary to:

  • Provide the service
  • Maintain user accounts
  • Keep reader consent records as evidence for the author
  • Maintain delivery and download history
  • Comply with legal obligations
  • Resolve disputes and maintain business records

When information is no longer required, we will take reasonable steps to delete or anonymise it.

Account Deletion

You may delete your account and its associated data from your account settings, or by contacting us. This removes your reader magnets and their files, subscribers, integrations and billing, and cancels any active subscription. Some information may be retained where required for legal, accounting, fraud-prevention, or legitimate business purposes.

Data Security

We take reasonable technical and organisational measures to protect information against unauthorised access, loss, misuse, alteration, or disclosure. This includes HTTPS, encryption of stored credentials and API keys, access controls, private file storage and secure, expiring delivery links. No online service can guarantee absolute security, but we work to protect information using industry-standard practices where appropriate.

Children

Storyfinch is intended for authors aged 18 or over and is not directed at children. Authors must not knowingly use Storyfinch to collect personal data from children where this would require special safeguards.

International Processing

Information may be stored and processed by Storyfinch and its service providers in the United Kingdom, the European Economic Area, or other jurisdictions where those providers operate.

Legal Basis for Processing

Where applicable, we process personal information because:

  • It is necessary to provide the service you have requested
  • It is necessary to fulfil contractual obligations
  • It is necessary to comply with legal obligations
  • It supports our legitimate interests in operating, securing, and improving Storyfinch
  • A reader has given consent, where processing is based on consent

Changes to This Policy

We may update this Privacy Policy from time to time. If significant changes are made, we will update the date above and, where appropriate, notify users through the service or by email.

Contact

If you have questions about this Privacy Policy, please contact [email protected].

Back home