Sign In

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information.

Last Updated: January 19, 2026

At a Glance

Story ScriptVault is committed to protecting your privacy. Here's what you need to know:

  • What we collect: Your email, username, and profile picture from Discord or GitHub when you sign in
  • Your content: Scripts, comments, and votes you create on the platform
  • How we use it: To provide features, prevent abuse, and send you notifications (if you choose)
  • Your rights: You can access, edit, or delete your account anytime
  • No tracking: We don't use advertising cookies or sell your data
  • Security: All connections are encrypted and your data is stored securely

This Privacy Policy explains how we collect, use, and protect your information when you use Story ScriptVault. By using our platform, you agree to the practices described here.

Data Controller & Legal Basis

Who Controls Your Data

Story ScriptVault is the data controller responsible for your personal information. For any questions about how we handle your data, contact us at [email protected].

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you create an account and agree to our terms
  • Contract: To provide the services you request (script hosting, comments, collaboration)
  • Legitimate Interests: For platform security, abuse prevention, and maintaining service quality
  • Legal Obligation: To comply with applicable laws and regulations

Information We Collect

OAuth Authentication Data

When you sign in with Discord or GitHub, we receive the following information:

  • Email address
  • Username/display name
  • Profile picture
  • OAuth provider ID

Note: We do not store passwords. Authentication is handled entirely through OAuth providers.

User-Generated Content

  • Scripts you create and publish
  • Comments and discussions
  • Votes and ratings
  • Profile information (bio, location, website - optional)
  • Script watches and notifications preferences

Usage Data

  • IP address (for rate limiting and abuse prevention)
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Timestamps of actions

How We Use Your Information

  • Provide and Improve the Service

    Enable core features like script sharing, commenting, and collaboration

  • Authentication and Authorization

    Verify your identity and manage your account permissions

  • Moderation and Safety

    Review reports, enforce community guidelines, and maintain a safe environment

  • Abuse Prevention

    Prevent spam, bots, and malicious activity to keep the platform safe for everyone

  • Email Notifications

    Send you updates about scripts you watch, replies to your comments, and important system notifications. You can control these in your notification settings.

Data Storage and Security

Where We Store Your Data

  • Your account information, scripts, and comments are stored securely with encryption
  • Script files and assets are encrypted and protected with strong access controls
  • All data is protected and only accessible to authorized systems

How We Protect Your Data

  • All connections to our site use encryption (HTTPS)
  • Your login sessions are secured with encrypted tokens
  • We keep our security systems up to date
  • Protection against automated attacks and unauthorized access

Note: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify relevant data protection authorities within 72 hours of discovering the breach (as required by GDPR Article 33)
  • Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms (as required by GDPR Article 34)
  • Inform you about what data was affected and what steps we're taking
  • Provide guidance on how to protect yourself

Backup Retention

Technical backups containing user data may be retained securely for up to 90 days for disaster recovery purposes and are automatically deleted once no longer needed.

Third-Party Services

We work with trusted third-party services to provide you with the best experience. These services may collect and process some of your data:

Discord

Lets you sign in using your Discord account. We receive your email, username, and profile picture.

Discord Privacy Policy

GitHub

Lets you sign in using your GitHub account. We receive your email, username, and profile picture.

GitHub Privacy Policy

Email Service

Sends you email notifications about script updates, comments, and important account information when you opt in to receive them.

Resend Privacy Policy

Error Monitoring

Helps us identify and fix bugs quickly to improve your experience on the platform.

Sentry Privacy Policy

File Storage

Securely stores your script files and assets with industry-leading infrastructure.

Cloudflare Privacy Policy

Your Rights (GDPR Compliance)

If you are in the European Union or other jurisdictions with data protection laws, you have the following rights regarding your personal data:

Right to Access

You can view and access your personal data through your profile and settings pages. For a complete data export, please contact support.

Right to Rectification

You can edit your profile information, scripts, and other content at any time through the platform's editing features.

Right to Erasure

You can delete your account at any time via Settings → Danger Zone. This will anonymize your profile and remove your personal information.

Note: Some data (email, moderation records, reports) may be retained for legitimate interests including ban evasion prevention and legal compliance.

Right to Data Portability

You can request a copy of your data in a machine-readable format by contacting support at [email protected].

Right to Object

You can object to the processing of your data by contacting support. You can also disable email notifications through your notification settings.

Right to Withdraw Consent

You can withdraw your consent for data processing by deleting your account or contacting support.

Legitimate Interest Processing: We retain certain data (such as email addresses, moderation penalties, and reports) even after account deletion based on our legitimate interests under GDPR Article 6(1)(f). This is necessary to prevent abuse, enforce community guidelines, maintain platform safety and integrity, and comply with legal obligations. We periodically review retained data and delete it when no longer necessary for these purposes.

Right to Lodge a Complaint

If you're located in the European Union and believe we haven't addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your authority at edpb.europa.eu.

Cookies and Tracking

Essential Cookies

We use essential cookies that are required for the site to work properly:

  • Session Cookies: Keep you logged in as you browse the site
  • Security Tokens: Protect you from malicious attacks
  • These cookies are necessary and cannot be disabled

What We Don't Use

  • No advertising cookies
  • No third-party tracking cookies
  • No analytics cookies
  • No social media tracking pixels

Data Retention

Active Accounts

Your data is retained indefinitely while your account is active.

Deleted Accounts

When you delete your account:

  • Email: Retained to prevent ban evasion and maintain platform safety (GDPR Article 6(1)(f) legitimate interest)
  • Profile Data: Immediately anonymized (name becomes "Deleted User")
  • Comments and Votes: Anonymized but preserved to maintain content integrity
  • Moderation Records: Retained permanently for compliance, safety, and platform integrity (GDPR Article 6(1)(c) legal obligation and Article 6(1)(f) legitimate interest)

Account Restoration

Deleted accounts may be restored within 30 days by contacting support. After restoration, you'll need to re-link your OAuth accounts and update your profile.

Children's Privacy

Story ScriptVault does not have a specific age restriction, but users must comply with the age requirements of our OAuth providers:

  • Discord: Users must be 13 years or older (per Discord Terms of Service)
  • GitHub: Users must be 13 years or older (per GitHub Terms of Service)

We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • The "Last Updated" date at the top of this page indicates when changes were made
  • For significant changes, we will notify you via email or a site-wide banner
  • We encourage you to review this policy periodically
  • Continued use of the platform after changes constitutes acceptance of the updated policy

Contact Information

Questions About This Privacy Policy?

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection and privacy matters:

[email protected]

For general support:

[email protected]

Your Privacy is Important to Us

We are committed to transparency and protecting your personal information. If you have any concerns, please don't hesitate to reach out.

Contact SupportManage Your Data