Storystruct
Early access Let’s write
Privacy

Short by design.

Last updated June 6, 2026. Plain language; the legal version lives below.

Storystruct is a writing tool. We store your stories, your account, and the minimum metadata we need to make the app work. We don’t sell it, mine it, or share it with advertisers. The whole policy in one paragraph:

Your data lives in the European Union. You can ask for a copy of it at any time, and you can ask us to delete it at any time — we will, within thirty days, and we’ll email you when it’s done. Your drafts and stories are private to you; we can’t read them, and we don’t want to. The Storystruct app does not call any third-party AI service: there is no foundation model, no “smart” suggestion engine, no automatic analysis of your prose. The only people who ever see your data are the people on our small team, and only when there’s a real reason to look.

EU-hosted, EU-controlled

Accounts, stories, and backups are stored on infrastructure inside the European Union. Nothing is replicated to a non-EU region. The data-protection regime is the GDPR, and the supervisory authority is the Dutch Autoriteit Persoonsgegevens.

What we store

  • Account basics. Email address, display name, password (hashed with Argon2id, never stored in plain text), and the date you signed up.
  • Your stories. The titles, taglines, synopses, plot beats, characters, world entries, threads, scenes, and chapter prose you write. Encrypted in transit and at rest.
  • Operational metadata. Login timestamps, IP addresses (for rate-limiting and abuse prevention), and basic device info. Kept for thirty days unless something looks off.
  • Your uploaded feedback documents. If you import beta-reader notes or feedback files, they live in your account alongside your story. They are never used to train any model, never shared, and can be deleted by you at any time.

What we never do

  • We never sell your data. To anyone, ever, for any reason.
  • We never share your stories with anyone outside the team, including for “training” or “analytics.”
  • We never use your drafts as input to a foundation model — yours, ours, or anyone else’s. The public release of Storystruct is fully AI-free.
  • We never put advertising on the app. There is no ad network, no retargeting pixel, no analytics script that follows you around the web.

Beta-reader feedback

Storystruct lets you upload feedback from your beta readers — a Word document (.docx) with track changes and comments, or a Markdown (.md) file — against a specific chapter. We parse the document in our backend, diff it against a snapshot of the chapter’s prose, and store the result (insertions, deletions, style changes, and anchored comments) so the review can be replayed later — even after you edit the chapter.

The original document is kept alongside the parsed review, private to your account. We do not read, summarise, or analyse it with any third-party service. Only the people on our small team can access it, and only when you ask us to (for support) or when something looks off.

Your rights

Under the GDPR, and because it’s the right thing to do, you can at any time:

  • Export everything. A single click in the app gives you an archive of every story, scene, character, and note, plus a .docx of any manuscript you choose.
  • Ask for a copy of your data. Email privacy@storystruct.com and we’ll send a full export within seven days.
  • Delete your account. From the app, or by emailing us. The account, the stories, and the backups go within thirty days, and we confirm by email.
  • Rectify or restrict. If something in your account is wrong, or you want us to stop processing some part of it, write to us. We’ll do it.
  • Complain. You have the right to lodge a complaint with the Autoriteit Persoonsgegevens. We’d rather you wrote to us first, so we can fix it — but the right is yours.

Sub-processors

We use a small number of infrastructure providers, all in the EU:

  • Hosting & storage: Your data is securely stored in the Smilde Datacenter in Drenthe, the Netherlands. Backups are stored off-site, not leaving a radius of 15 kilometers.
  • Transactional email: Integrated by yours truly. We have our own SMTP infrastructure. Because we care.

Cookies & tracking

We use one first-party session cookie to keep you signed in. That’s it. No third-party cookies, no analytics cookies, no advertising cookies, no “consent management platform” full of trackers.

How long we keep your data

  • While your account is active: everything in your account is kept.
  • If you stop logging in for 24 months, we’ll email you a heads-up. If we don’t hear back, we delete the account and the stories after a further 30 days.
  • Operational logs (IPs, login timestamps) are kept for 30 days unless needed to investigate abuse.
  • Backups are kept for 30 days rolling; they’re overwritten on the same schedule.

Security

We take it seriously, in the boring, durable way:

  • Passwords are hashed with Argon2id. We never see them, and we can’t send them to you.
  • All traffic is HTTPS only. We force a redirect from HTTP.
  • Sessions are signed and encrypted with a key derived from a secret that lives only in our environment.
  • The web app, the API, and the database sit behind a private network — the database is not reachable from the public internet.
  • Two-person review on any change that touches authentication, the feedback parser, or the data export.

Changes to this policy

If we change anything material, we’ll email you and post a notice in the app at least 30 days before it takes effect. The previous versions stay available, so you can always see what changed and when.

Get in touch

For privacy questions, data requests, or anything that smells like a security issue, write to privacy@storystruct.com. We’re a small team and a real person reads this inbox.

This page is the readable version. The formal, legally-binding privacy statement is available at privacy@storystruct.com.