Privacy Policy

Last updated: April 6, 2026

Stream to Story ("we," "us," or "our") is operated by Phillip Harrington. This Privacy Policy describes how we collect, use, and protect your information when you use our website at streamtostory.com (the "Service").

Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a one-way hash). You may optionally provide a username.

Usage Data

We collect information about how you use the Service, including streams, ripples (word entries), and stories you create. We do not share this content with third parties.

Anonymous Usage

You can use the Service without creating an account. When you do, we store a cookie on your device (lasting 7 days) that links your browser to the streams you create. This cookie contains a randomly generated token and no personal information. If you later create an account, your anonymous streams are migrated to your account and the cookie is no longer needed.

Cookies and Sessions

We use the following cookies:

• Session cookie (PHPSESSID): keeps you logged in during your visit
• Anonymous token (sts_token): links your browser to streams created before signup, expires after 7 days
• Remember me (remember_token): keeps you logged in between visits, if you choose
• CSRF token (XSRF-TOKEN): protects against cross-site request forgery

We do not use third-party tracking cookies or advertising pixels.

How We Use Your Information

• To provide and maintain the Service
• To authenticate your account and manage sessions
• To link anonymous streams to your account when you sign up
• To send transactional emails (verification, password reset)
• To improve the Service through aggregated, non-identifying analytics

Data Storage and Security

Your data is stored on Amazon Web Services (AWS) infrastructure in the United States. We use encryption in transit (HTTPS) and at rest (encrypted database storage). Passwords are hashed using bcrypt and cannot be retrieved or viewed by anyone, including us.

Third-Party Services

We use the following third-party services:

• Amazon Web Services: hosting and email delivery (AWS Privacy Policy)

Data Retention

We retain your account data for as long as your account is active. Anonymous streams associated with expired cookies may be removed after a reasonable period. If you delete your account, we will remove your personal data within 30 days.

Your Rights

You may:

• Access and update your account information through your Profile page
• Request a copy of your data
• Request deletion of your account and associated data
• Opt out of non-essential communications

To exercise these rights, contact us at hello [at] streamtostory [dot] com.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, contact us at hello [at] streamtostory [dot] com.