Storyforge

Privacy Policy

Last updated: 21 June 2026

Your privacy matters to us. This policy describes what information Storyforge collects, why, who we share it with, and the choices and rights you have.

1. Who we are and what this policy covers

This Privacy Policy explains how the operator of Storyforge (the "Service") at story.moja-app.com ("we", "us", "our") collects, uses, shares, and protects your personal information, and the rights you have. It applies to your use of the Service as a guest or as a registered user.

For the purposes of data-protection laws such as the EU/UK GDPR, Storyforge is the "controller" of the personal data described here. Our contact details are at the end of this policy.

2. Information we collect

We collect the following categories of information:

  • Account information you provide when you register: your name, email address, password (stored only in hashed form), and optional details such as a first name, full name, or display name.
  • Date of birth and derived age, which we use to determine an age tier (for example, child, teen, or adult) so we can show age-appropriate stories and gate mature content.
  • Sign-in information from third-party providers: if you log in with Google, Facebook, or GitHub, we receive basic profile and account-identifier information from that provider to create and link your account.
  • Reading activity: the stories you start, the chapters you read, the choices you make, and your reading progress, so we can let you continue where you left off and operate the story experience.
  • Token and entitlement data: the balance and use of choice tokens or similar virtual items associated with your account.
  • Technical and usage data: information your device and browser send automatically, such as IP address, device and browser type, language preference, and the dates and times of requests, including in server logs used for security and reliability.
  • Information stored on your device: an authentication token and small preferences (such as your chosen language and, for guests, an adult-content confirmation flag), described in the Cookies and local storage section below.

You do not have to provide a date of birth, but without it some mature content may be unavailable to you, and signed-in access is filtered conservatively.

3. How we use your information

We use personal information to:

  • provide, operate, and maintain the Service, including authentication, reading, and saving your progress;
  • apply age-appropriate filtering and gate mature content;
  • manage choice tokens and any entitlements;
  • keep the Service secure, prevent fraud and abuse, debug problems, and enforce our Terms of Use;
  • communicate with you about your account, security, and important changes; and
  • comply with legal obligations and respond to lawful requests.

We do not use your reading activity or account data to train artificial-intelligence models, and we do not sell your personal information.

5. Cookies and local storage

The Service uses a small number of strictly necessary technologies stored on your device rather than advertising or tracking cookies:

  • an authentication token, stored in your browser, that keeps you signed in;
  • a language preference (for example, a NEXT_LOCALE cookie) so the interface appears in your chosen language; and
  • for guests, a flag recording that you confirmed you are an adult, so we do not ask again on every page.

These are essential to the functioning of the Service. You can clear them through your browser settings, but doing so will sign you out and reset your preferences.

6. AI generation and your data

Stories and images on the Service are produced by third-party artificial-intelligence providers. Content is generated from story prompts and configuration created for the catalog, not from your personal account data. We do not send your account profile or reading history to AI providers to generate content for other users.

7. How we share information

We do not sell your personal information. We share it only as follows:

  • Service providers and processors who help us run the Service, such as hosting and infrastructure providers and the identity providers used for sign-in, under contracts that limit their use of the information;
  • AI providers, which receive story prompts to generate content as described above;
  • Legal and safety recipients, where disclosure is necessary to comply with law, enforce our Terms, or protect the rights, safety, and security of our users, the public, or us; and
  • In a business transfer, such as a merger, acquisition, or sale of assets, subject to this policy.

8. International data transfers

We and our service providers may process your information in countries other than your own, which may have different data-protection laws. Where we transfer personal data internationally, we take steps to ensure an appropriate level of protection as required by applicable law, such as using recognized safeguards (for example, standard contractual clauses).

9. Data retention

We keep personal information for as long as your account is active or as needed to provide the Service, and afterwards only as long as necessary to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. When information is no longer needed, we delete or anonymize it. You can ask us to delete your account as described below.

10. Security

We use technical and organizational measures designed to protect your information, including hashing passwords, using token-based authentication, and serving the Service over encrypted (HTTPS) connections. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. Please keep your credentials confidential and contact us if you believe your account has been compromised.

11. Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding your personal information: to access it; to correct inaccurate data; to delete it; to restrict or object to certain processing; to data portability; and to withdraw consent where processing is based on consent. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection authority.

If you are a California resident, you have rights under the CCPA/CPRA, including to know, access, correct, and delete your personal information, and to not be discriminated against for exercising your rights. We do not sell or share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at support@moja-app.com. We will respond as required by applicable law. We may need to verify your identity before acting on a request.

12. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from a child under 13 without verifiable parental consent. Children under 13 may use the Service only through an account created and supervised by a parent or legal guardian, who is responsible for their use and for consenting to this policy on the child's behalf.

We use date of birth to apply age-appropriate content filtering. If you believe a child has provided us personal information without the required consent, please contact us at support@moja-app.com and we will take appropriate steps to delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above reflects the most recent version. If we make material changes, we will make them reasonably available through the Service. Your continued use after the changes take effect means you accept the updated policy.

15. Contact us

If you have questions about this Privacy Policy or how we handle your information, contact us at support@moja-app.com.