staging · test data, test payments
Legal

Privacy Policy

Last updated: 15 June 2026

01

What we collect

  • Account info — email, name, optional avatar, timezone.
  • Work content — everything you put in projects, work items, comments, attachments, queries.
  • Usage metadata — pages visited, API and MCP call counts, errors, request timing. Used to run the service and debug issues.
  • Product-analytics events — pseudonymous records of significant actions (e.g. creating or updating a work item, running a query) and whether each came from you in the web app or from an agent acting on your behalf via the API/MCP. Tagged with a short-lived per-user pseudonym that rotates daily, so we can understand how Stori is used across the two surfaces without storing your identity against the events. Self-hosted (Umami, on our own server), no cookies, no third parties. You can opt out anytime in account settings.
  • Security & audit logs — for accountability and abuse prevention we record significant actions taken within an organization, including the acting user and the IP address the request came from.
  • Billing info — handled by Stripe. We store a customer reference; we do not see your card details.
  • GitHub data — only if you connect a repo; only the events we need to auto-transition work items.
02

What we don’t do

  • We don’t sell your data.
  • We don’t train AI models on your content.
  • We don’t run tracking cookies or advertising pixels, and we don’t share analytics with third parties. Our analytics is self-hosted (Umami, on our own server in Germany) and cookieless. Where it records pseudonymous product-analytics events (see “What we collect”), we process them under legitimate interest (GDPR Art. 6(1)(f)); you can object and opt out anytime in account settings.
03

Legal bases (GDPR Art. 6)

  • Contract — to provide the account and service you signed up for.
  • Legitimate interests — to keep the service secure, prevent abuse, maintain audit logs, and run privacy-respecting product analytics (which you can opt out of in account settings).
  • Legal obligation — e.g. retaining billing records required by tax law.
  • Consent— only where we explicitly ask for it. We don’t currently rely on consent for anything.
04

Third-party processors

  • Hetzner Cloud — hosting and Postgres database. Germany (EU).
  • Amazon Web Services (SES) — transactional email (sign-in links, invites, billing, and activity notifications such as @mentions). Frankfurt (EU).
  • Stripe — billing and payments. USA.
  • Backblaze — encrypted off-site backups. USA.
  • Healthchecks.io — monitoring pings for our backup jobs (no customer content). USA.

These are data processors acting on our behalf; we only send them what’s needed for the function they provide. Our error tracking is self-hosted on our own server in Germany — error reports are not sent to a third party. See the full sub-processor list for locations and transfer mechanisms.

05

International transfers

Our database, attachments, email provider, and error tracking are in the EU. Stripe, Backblaze, and Healthchecks.io are in the USA; those transfers rely on the EU Standard Contractual Clauses and, where available, the EU–US Data Privacy Framework.

06

AI / MCP clients

You can connect an MCP client to Stori. When you do, the client authenticates against Stori and reads/writes data on your behalf. Stori doesn’t call any AI provider server-side — the LLM runs in your client. What you send to the model goes to that provider under their terms, not ours.

07

Retention and deletion

We keep your data as long as your account exists. To delete your account, use the danger zone in your account settings (or email us) — we purge within 30 days (backups roll off within 90). Security and audit logs are kept as long as needed for security and accountability.

08

Cookies

Session cookie only — required to keep you signed in. No marketing or third-party pixels; our self-hosted analytics (Umami) is cookieless and sets nothing on your device.

09

Your rights (GDPR / similar)

Access, correction, deletion, portability, and objection — email us and we’ll act within 30 days. You can also export most of your data yourself via the REST API / MCP, and object to product analytics directly with the opt-out toggle in account settings. You have the right to lodge a complaint with a supervisory authority — for us that’s the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI).

10

Contact

Controller: Johannes Nanninga — full details in the Impressum.

hey@stori.zone.