Privacy & frequently asked questions
Your family's stories are deeply personal. Here's how we keep them safe, and answers to the questions we hear most often.
How does TheirStory keep my data safe?
All data is encrypted at rest and in transit using industry-standard protocols. Your recordings, transcriptions, and personal information are stored in secure, access-controlled infrastructure. We follow security best practices including regular audits, least-privilege access controls, and secure development processes.
Do you sell my data?
Never. TheirStory is a product-funded service — your payment is our business model, not your data. We do not sell, rent, or trade your personal information or recordings to any third party for advertising, analytics, or any other purpose.
Who can access my project and recordings?
Only you (the project organiser) can view, edit, and manage the stories in your project. Contributors can only submit recordings to your project via the secure link you share — they cannot see other people's submissions. No TheirStory staff member accesses your content unless you explicitly request support assistance.
What happens if TheirStory shuts down?
We are committed to serving families for the long term. However, we maintain a data continuity plan: if we ever need to wind down, we will provide advance notice and ample time for you to download all your recordings, transcriptions, and memory books. Your memories belong to you.
How long do you keep my data after I delete my account?
When you delete your account, personal data is removed from active systems within 30 days. Encrypted backups are purged within 90 days. We may retain minimal, anonymised account information solely for legal and accounting purposes as required by law.
Can I download or export my recordings and memory book?
Yes. You can download your original audio recordings, transcriptions, and the generated memory book PDF at any time from your dashboard. Your content is always available to you.
Do contributors need to create an account?
No. Contributors receive a secure, unique link and can record directly from their phone or computer browser. No login, no app download, no password. The link expires and can be revoked by you at any time.
Is the contributor recording link secure?
Yes. Each contributor link is unique and cryptographically signed. It can only be used for the specific project you created it for. You can revoke any link at any time, and links can be set to expire after a certain period.
Do you use AI to process my recordings?
We use AI-assisted transcription to convert audio recordings to text. The transcription happens in secure infrastructure, and your audio is not used to train any AI models. You always review and approve every transcription before it appears in the memory book.
Where is my data stored?
Your data is stored in secure, SOC 2-compliant cloud infrastructure. We use Supabase for database and storage, which provides enterprise-grade encryption, regular backups, and compliance with international data protection standards.
Do you comply with GDPR and other privacy laws?
Yes. We are committed to compliance with applicable data protection regulations including the GDPR, the Australian Privacy Act, and other relevant laws. You have the right to access, correct, or delete your personal data at any time by contacting us or through your account settings.
What information do you collect from contributors?
We collect only the minimum information needed: the audio recording itself and a display name (which can be a first name or nickname). We do not require an email address, phone number, or any other personal details from contributors.
Still have questions?
We're here to help. Reach out any time and we'll get back to you as soon as we can.