Privacy Policy

1. Introduction

Story2Board ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our AI-powered creative platform.

This policy applies to users in the European Union (EU), European Economic Area (EEA), United States, and other regions. We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Story2Board-Specific Data: Your Creative Work

Because Story2Board is a creative tool, we want to be explicit about what happens to the work you produce on the platform — this is the question we get asked most often, and it is separate from the standard account information described below.

Scripts, prompts, and chat messages

When you describe a scene to the AI co-director or paste in a script, that text is stored in your account so you can resume the project later. It is sent to the underlying large-language model (Google Gemini, OpenAI, Anthropic, or other providers we may add) for the sole purpose of generating your storyboard response. We do not use your scripts to train any model, and we have agreements with our model providers that they do not retain inputs for training.

Generated images and shot frames

Storyboard frames produced on your behalf are stored in regional cloud object storage (Amazon S3 for global users, with presigned URLs that expire) and are linked to your project. You own the copyright in the images you generate, subject to the license terms of the underlying image-generation models (Replicate, fal.ai, Google Imagen/Veo, etc.). When you delete a project, we soft-delete the associated frames and purge them from storage within 30 days.

Reference images you upload

If you upload a character reference, location photo, or mood board, that image is stored alongside your project and used only as conditioning input for your generations. Uploaded reference images are never used for AI training, never indexed for search by other users, and never shared outside your account.

Content moderation

To comply with the policies of our model providers and applicable law, prompts and uploaded images are screened by automated content-moderation systems. Submissions that violate our acceptable-use policy (CSAM, real-person deepfakes, content designed to incite violence) are blocked at submission time and logged for compliance review. We do not store the rejected content beyond what is needed for that review.

3. Account Information We Collect

We collect minimal personal information necessary to provide our services. Specifically, when you sign in using Google, we collect:

• Email Address: Your Google account email address
• Profile Picture: Your Google account profile image (avatar)

We do not collect:

• Your Google account password
• Your contacts or address book
• Your location data
• Any other personal information from your Google account

4. How We Use Your Information

We use your information solely for the following purposes:

• Authentication: To verify your identity and allow you to log in to our platform
• Account Identification: To display your profile within the application
• Communication: To send you important service-related notifications (optional marketing can be opted out)

We do not use your information for:

• Advertising or marketing profiling
• Selling to third parties
• Training our AI models

5. Data Sharing

We may share your information only in the following limited circumstances:

• Service Providers: With trusted partners who help us operate our platform (e.g., cloud hosting), under strict data protection agreements
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

6. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure cloud infrastructure with access controls
• Regular security audits and updates
• Limited employee access on a need-to-know basis

Your data is stored on secure servers. We retain your personal information only for as long as necessary to provide our services or as required by law.

7. Your Rights (GDPR)

If you are located in the EU/EEA, you have the following rights under the GDPR:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at support@genkeeai.com.

8. Your Rights (CCPA)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: Request information about what personal data we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise your CCPA rights, please contact us at support@genkeeai.com.

9. Cookies

We use cookies and similar technologies to:

• Essential Cookies: Required for the website to function (authentication, security)
• Analytics Cookies: Help us understand how visitors use our site (optional, with consent)

You can manage your cookie preferences through our cookie consent banner or your browser settings.

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the EU/EEA.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: