Privacy Policy

Last updated: 12 April 2026

1. Introduction

LivingStory (“Service”) is operated by Ideaslake.com (“Company”, “we”, “us”, or “our”). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and profile image provided by your Google account during sign-in.
  • Stories and recordings: Voice recordings, written text, photographs, and documents you upload or create through the Service.
  • Story metadata: Titles, tags, language selections, and collection names you assign to your content.
  • Gift recipient information: If you purchase a gift subscription, you may provide the recipient's name, WhatsApp number, or email address.
  • Communications: Any messages you send to us via email or through the Service.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, playback history, and interactions with the Service.
  • Device information: Browser type, operating system, screen resolution, and language preferences.
  • Log data: IP address, access times, referring URLs, and request details for security and diagnostic purposes.

2.3 Information from Third Parties

  • Authentication providers: When you sign in with Google, we receive your name, email, and profile image as authorised by you.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service;
  • Transcribe your voice recordings using AI-powered speech-to-text;
  • Generate audio narrations of your written stories using text-to-speech;
  • Generate descriptions of photographs you upload;
  • Organise and display your stories, collections, and playback history;
  • Send story prompts to gift recipients via WhatsApp or email (when these features are active);
  • Monitor and analyse usage patterns to improve user experience;
  • Track AI service usage for cost management and system performance;
  • Detect, prevent, and address technical issues and security threats;
  • Comply with legal obligations.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you have requested (e.g. storing your stories, managing your account).
  • Consent: Where you have given explicit consent (e.g. sharing stories with gift recipients, processing voice recordings through third-party AI services).
  • Legitimate interests: Improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Legal obligation: Where processing is required to comply with applicable law.

5. How We Share Your Information

We do not sell your personal data. We may share your information with:

  • AI service providers (OpenAI, ElevenLabs): Your voice recordings and text content are sent to these providers for transcription, narration, and photo description. These providers process data under their respective privacy policies and data processing agreements.
  • Cloud infrastructure providers (Railway, Cloudflare, MongoDB Atlas): Your data is stored and served using these providers' infrastructure, protected by their security measures and data processing terms.
  • Authentication providers (Google): Your sign-in is facilitated through Google OAuth. We only receive information you authorise Google to share.
  • Communication providers (Twilio, Resend): When active, story prompts and notifications may be delivered through these services using recipient contact details you provide.
  • Payment processors (Stripe): If you make a payment, your payment information is handled directly by Stripe. We do not store your full card details.
  • Law enforcement or legal process: We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Storage and Security

Your data is stored using the following infrastructure:

  • Database: MongoDB hosted via Railway (account and story metadata, transcripts, playback history).
  • Audio and file storage: Cloudflare R2 (voice recordings, TTS audio, uploaded documents and photos). Files are accessed via time-limited presigned URLs.
  • Application hosting: Railway.com with Cloudflare CDN.

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), access controls, and secure authentication. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

7. International Data Transfers

Your data may be processed in countries outside the jurisdiction of England and Wales, including the United States, where our third-party service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with applicable data protection law.

8. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active, plus 30 days after deletion request to allow recovery.
  • Stories and recordings: Retained for as long as your account is active. Upon account deletion, your content will be permanently deleted within 30 days.
  • Playback history: Retained for as long as your account is active.
  • AI usage logs: Retained for up to 12 months for cost analysis and service improvement, then anonymised or deleted.
  • Server logs: Retained for up to 90 days for security and diagnostic purposes.

9. Your Rights

Under UK GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Data portability: Request your data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

10. Cookies and Local Storage

The Service uses minimal cookies and browser local storage for essential functionality:

  • Authentication cookies: Session cookies set by Auth.js to keep you signed in.
  • Theme preference: A local storage item (ls-theme) to remember your light/dark mode preference.
  • Admin preferences: Local storage items for admin panel section collapse state.

We do not use advertising cookies or third-party tracking cookies. If we introduce analytics in the future (e.g. PostHog), we will update this policy and obtain consent where required.

11. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also notify you via email or an in-app notification. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

← Back to homeTerms of Service