Privacy Policy | High StoryPrivacy Policy | High Story
High Story Logo

Privacy Policy

Last updated: December 30th, 2025

Highstory.ai ("High Story", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.

1. Scope of This Policy

This Privacy Policy applies to:

  • The Highstory.ai website and applications
  • Our APIs and backend services
  • Our integrations with third-party platforms (Google/YouTube, Meta, TikTok, LinkedIn, ChatGPT)

By using High Story, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect only the data necessary to provide and improve our services.

2.1 Account Information

  • Email address and account identifiers
  • Profile information (name, photo if provided)
  • Communications with our support team

2.2 Content You Create

  • Marketing campaigns, posts, and generated content
  • Prompts, instructions, and scheduling preferences

2.3 Technical Information

  • IP address and request timestamps
  • Device and browser information
  • Logs related to API usage and performance

2.4 Third-Party Platform Data

When you connect social media accounts, we access:

  • Google/YouTube: Channel ID, channel name, video metadata (titles, descriptions, thumbnails), upload capabilities
  • Meta (Facebook/Instagram): Page IDs, page names, profile pictures, posting permissions
  • TikTok: Account ID, username, video publishing permissions
  • LinkedIn: Profile ID, organization pages, posting permissions

3. Google API Services User Data

High Story's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Google Data We Access

When you connect your YouTube account, we access:

  • YouTube channel information (ID, name, profile picture)
  • Video upload capabilities to publish content on your behalf
  • Video metadata for published content (title, description, status)

3.2 How We Use Google Data

We use Google/YouTube data exclusively to:

  • Display your connected channel in the High Story dashboard
  • Upload and schedule videos via our Autopilot feature
  • Retrieve publication status and basic analytics

3.3 Limited Use Disclosure

We DO NOT:

  • Use Google data for advertising, retargeting, or market research
  • Sell, rent, or share Google data with third parties for their own purposes
  • Transfer Google data to AI/ML models for training purposes
  • Use Google data for any purpose other than providing the High Story service

3.4 Google Data Security

  • Encryption at Rest: OAuth tokens are encrypted using AES-256 before storage
  • Encryption in Transit: All communications use HTTPS with TLS 1.2 or higher
  • Access Control: Google credentials are accessible only to authenticated users for their own accounts

3.5 Revoking Google Access

You can revoke High Story's access to your Google account at any time:

  1. Go to Google Account Permissions
  2. Find "High Story" in the list
  3. Click "Remove Access"

This will immediately revoke our access. You can also disconnect from within your High Story account settings.

4. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain High Story's services
  • Publish content to your connected social media accounts
  • Generate AI-powered marketing content
  • Improve product quality, performance, and reliability
  • Communicate service updates or important notices
  • Ensure security and prevent abuse

We do not use your data for advertising purposes and do not sell personal data.

5. Data Sharing and Sub-Processors

We do not sell or rent personal data. We share data only with trusted service providers:

  • Supabase: Database, authentication, and backend infrastructure (EU servers)
  • Vercel: Web hosting and edge functions
  • OpenAI: AI content generation (prompts only, no personal data)
  • Stripe: Payment processing (PCI-DSS compliant)

These providers process data solely on our behalf under contractual confidentiality obligations.

6. Data Storage and Security

6.1 Where We Store Data

  • Primary database: Supabase (EU region)
  • Encrypted backups with 30-day retention

6.2 Security Measures

  • AES-256 encryption for sensitive data at rest
  • TLS 1.2+ for all data in transit
  • Row-level security policies on database
  • Regular security audits and monitoring

7. Data Retention and Deletion

7.1 Retention Period

  • Account data: Retained while your account is active
  • Published content logs: 12 months for analytics
  • OAuth tokens: Until you disconnect the account

7.2 How to Request Data Deletion

To delete your data:

  1. Email us at privacy@highstory.ai with subject "Data Deletion Request"
  2. Include your account email address
  3. We will process your request within 30 days

You can also delete your account directly from the app settings, which will remove all associated data.

8. Your Rights

Depending on your location, you have the right to:

  • Access your personal data
  • Correct or update inaccurate information
  • Request deletion of your data
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@highstory.ai.

9. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases include:

  • Performance of a contract: to deliver requested services
  • Consent: when you connect third-party accounts
  • Legitimate interests: to secure and improve our services
  • Legal obligations: when required by law

10. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure appropriate safeguards are in place in accordance with applicable data protection laws (Standard Contractual Clauses, adequacy decisions).

11. Contact Information

For questions about this Privacy Policy or your personal data:

Email: privacy@highstory.ai

Company: WELINK TECH, 6 RUE DES BATELIERS, 92110 CLICHY, FRANCE

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.