Privacy Policy
Last updated: May 13, 2026
This policy explains what data Storydump collects, why we collect it, how we use it, and the rights you have. It applies to storydump.app, the Storydump dashboard, and the Storydump Telegram bot.
1. Who we are
Storydump ("Storydump", "we", "us") is an independent project operated by Christopher Rogers. For any privacy question or request, contact christophertrogers37@gmail.com. For the purposes of GDPR, this contact also serves as our data protection point of contact.
2. Scope
This policy covers the marketing site at storydump.app, the authenticated dashboard, the Storydump Telegram bot, and the background workers that perform scheduling and posting on your behalf. Third-party services we integrate with (Telegram, Meta / Instagram, Google) operate under their own privacy policies, which we link to below.
3. Information we collect
We collect only what we need to operate the service:
- Account data — from the Telegram Login Widget when you sign in: Telegram user ID, username, display name, and profile photo URL.
- Google Drive content — only when you explicitly grant the Google Drive scope during setup. We read file metadata (id, name, MIME type, size, parent folder) and the file bytes needed to render and post a Story. We do not store the original Drive bytes long-term; we store references (Drive file IDs) plus thumbnails and the rendered variants needed to post.
- Instagram / Meta data — long-lived access tokens for the Instagram Business account you connect, the account ID, and posting history (post IDs, timestamps, results).
- Operational data — queues, schedules, content mix preferences, caption style settings, and posting history.
- Technical data — IP address, user-agent, and request timestamps in server logs (retained for 30 days, then deleted).
4. Google user data — Limited Use disclosure
Storydump's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Permitted uses of Google Drive data in Storydump:
- Listing files and folders inside the folder(s) you select so you can build a posting queue.
- Reading the bytes of those files to render and post them to your own Instagram account on your behalf.
- Storing metadata (file IDs, names, MIME types) so the same media can be re-queued without re-downloading.
Prohibited uses (we never do any of these):
- Selling or transferring Google user data.
- Using Google user data for advertising, retargeting, or personalized advertising.
- Allowing humans to read Google user data, unless we have your explicit consent for a specific file, it is necessary for security (e.g., investigating abuse), it is required by law, or the data has been aggregated and anonymized for internal operations.
- Using Google user data to develop, improve, or train generalized machine learning models.
5. How we use information
- To operate the service — schedule and publish your Stories.
- To authenticate you and keep your session secure.
- To send service-related notifications via Telegram.
- To debug, monitor reliability, and prevent abuse.
- To comply with legal obligations, including responding to lawful requests.
6. Legal bases for processing (GDPR Article 6)
- Contract — processing necessary to deliver the service you signed up for.
- Consent — connecting Google Drive and Instagram (you may withdraw at any time).
- Legitimate interest — security, abuse prevention, and operating the service efficiently.
- Legal obligation — responding to valid legal process.
7. Sharing & sub-processors
We do not sell or rent your personal data. We share data only with the sub-processors below, each strictly to deliver the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel | Landing site & dashboard hosting | US / global |
| Neon | PostgreSQL database | US (configurable) |
| Railway | Worker & API hosting | US |
| Telegram | Chat & bot platform | Global |
| Meta (Instagram Graph API) | Posting to Instagram | Global |
| Google (Drive API) | Media sync from Drive | Global |
| Plausible Analytics | Privacy-friendly site analytics (cookieless) | EU |
We may also disclose data when required by law, to enforce our terms, or to protect the rights, property, or safety of users or the public.
8. Cookies & local storage
Storydump avoids non-essential tracking. The following are used:
| Name | Type | Purpose | Retention |
|---|---|---|---|
storydump_session | HttpOnly cookie | Authenticated session | 24 hours |
storydump-waitlist-registered | localStorage | Suppress waitlist form re-prompt | Until cleared |
| Plausible | None (cookieless) | Aggregate analytics | — |
The session cookie is strictly necessary to keep you logged in; Plausible does not set cookies or fingerprint visitors. We do not use advertising or cross-site tracking cookies, so we do not display a cookie banner.
9. Data retention
- OAuth tokens — until you disconnect the integration or after 6 months of account inactivity.
- Posting history — 24 months, then anonymized.
- Server logs — 30 days.
- Queue & media references — until you delete them.
- Backups — 30 days rolling.
10. Your rights
If you are in the EEA, UK, or Switzerland (GDPR):
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion (subject to legal exceptions).
- Restriction — limit how we process your data.
- Portability — receive your data in a portable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, without affecting prior processing.
- Lodge a complaint — with your local supervisory authority.
If you are a California resident (CCPA / CPRA):
- Right to know what personal information we collect.
- Right to delete personal information.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of personal information. Storydump does not sell or share personal information as those terms are defined under the CCPA.
- Right to non-discrimination for exercising your rights.
Children (COPPA):
Storydump is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such data, contact us and we will delete it.
To exercise any of these rights, email christophertrogers37@gmail.com. We respond within 30 days.
11. International transfers
Our sub-processors operate globally. Where data is transferred outside the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards published by those sub-processors.
12. Security
We use TLS in transit, encryption at rest via our database provider, scoped access tokens, and the principle of least privilege. No system is perfectly secure; if you believe you have found a security issue, please email christophertrogers37@gmail.com.
13. Revoking Google Drive access
You can disconnect Google Drive at any time from inside the Storydump dashboard. To fully revoke Storydump's access at Google, also visit myaccount.google.com/permissions and remove Storydump.
14. Account deletion
To request deletion of your Storydump account and associated data, email christophertrogers37@gmail.com from the email address linked to your account, or contact us via the Storydump Telegram bot. We complete deletion within 30 days, subject to backup retention windows and any legal hold.
15. Changes to this policy
We may update this policy from time to time. Material changes will be announced via the Storydump Telegram bot and via an in-app notice. The "Last updated" date at the top of this page always reflects the most recent revision.
16. Contact
Questions, requests, or complaints can be sent to christophertrogers37@gmail.com.
See also our Terms of Service.