BackPrivacy Policy

Privacy Policy

Last updated: 2026-04-09

1. Information We Collect

We collect your email address and password (hashed) for authentication. We store the content you create: text entries, photos, and voice recordings. We also store metadata such as dates, mood tags, and milestone tags you assign to entries.

2. How We Process Photos

Photos are compressed client-side (max 800px, ~150KB) before upload. Photos are stored securely in Supabase Storage with server-side encryption. When AI story generation is enabled, photos are sent to Anthropic Claude Vision API for analysis. Anthropic does not use API data for model training. Anthropic may retain API logs for up to 30 days for abuse detection, after which they are deleted.

3. How We Process Voice Recordings

Voice recordings are sent to OpenAI Whisper API for transcription. After transcription, the original voice recording is permanently deleted from our servers. We only keep the text transcript. OpenAI does not use API data for model training.

4. AI Story Generation

Your text and photo descriptions are sent to Anthropic Claude API to generate polished stories. Anthropic does not use API data for model training. Anthropic may retain API request logs for up to 30 days for safety and abuse detection purposes, after which they are permanently deleted. The AI-generated stories are stored in our database alongside your original input.

5. Voice Profiles (ElevenLabs)

If you create a voice profile for narration, your voice sample is sent to ElevenLabs to create a cloned voice. ElevenLabs stores the voice profile on their servers for as long as it is active. When you delete your account, we delete your voice profile from ElevenLabs. You can also delete your voice profile independently from the settings page.

6. Payment Information

Payments are processed by Stripe. We never store credit card numbers or payment details on our servers. We only store your Stripe customer ID and subscription status. Stripe is PCI-DSS Level 1 certified. For details on how Stripe handles your data, see Stripe's privacy policy.

7. Data Storage & Security

All data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest. All connections use TLS/SSL encryption in transit. File storage (photos) uses server-side encryption. Row Level Security (RLS) ensures users can only access their own data. We never expose service-level credentials to the client application.

8. Data Sharing

We do not sell your data to third parties. We share data only with the service providers listed above (Anthropic, OpenAI, ElevenLabs, Stripe) solely to provide the service. If you invite viewers or contributors to your book, they can see the entries you share. Public memory pages (/memory/[slug]) are accessible via unique, unguessable URLs.

9. Data Retention

Your data is retained for as long as your account is active. Voice recordings are deleted immediately after transcription. When you delete your account, all your data is permanently removed within 30 days, including entries, photos, voice profiles, and personal information from all third-party services.

10. Your Rights

You can access all your data through the app at any time. You can delete individual entries, photos, or your entire account. You can request a copy of your data by contacting us. You can delete your voice profile from the settings page. EU/EEA users have additional rights under GDPR, including the right to data portability and the right to be forgotten.

11. Cookies

We use essential cookies only: authentication session cookies (Supabase Auth), active book selection, and language preference. We do not use tracking cookies, analytics cookies, or advertising cookies.

12. Children's Privacy

Lismil is not directed at children under 16. If a parent creates a book about their child, the parent controls all data and is responsible for their child's privacy. We do not knowingly collect data from children under 16 without parental consent.

13. Changes to This Policy

We will notify you of significant changes to this privacy policy via email. The updated policy will be posted on this page with a new "last updated" date.

14. Contact

For privacy questions or data requests, contact us at info@lismil.com.