Privacy Policy
This Privacy Policy describes how Smashing Garlic Entertainment Inc. ("we," "us," or "SGE") collects, uses, and protects information when you use the Story // Stack suite of applications (the "Service"), including Suite Home, Project Manager, Bite Stack, Info Stack, and any related browser extensions.
1. Information we collect
When you use the Service, we collect the following categories of information:
- Account information. Your email address, display name, and (if you sign in with Google) your Google profile picture URL and Google account identifier. Sign-in timestamps and the authentication method used.
- User profile data. Your role within the suite (e.g., administrator, editor, viewer), the organization you belong to, theme preference, account status (active/disabled), and the time of your most recent sign-in.
- Activity records. A log of meaningful actions you take within the Service (for example: creating a project, uploading a source, editing an episode). Each entry records your user identifier, the action performed, which application within the suite you used, and a timestamp.
- AI usage metadata. When you invoke a feature that calls a third-party large-language-model provider (currently Anthropic), we record metadata about the call (user identifier, timestamp, and token-count estimates) for cost attribution and rate-limit enforcement. We do not store the full prompt or response indefinitely; long-form content is retained only as needed to deliver the requested feature.
- Content you submit. Material you upload or create within the Service, including transcripts, source documents (e.g., PDFs, web pages, images), references, highlights, episode and project records, and notes. This content is stored on your behalf and accessible to you and to other users within your organization or project according to the access controls you and your administrators configure.
- Uploaded files. Files you upload (such as PDFs, screenshots, and reference images) are stored in encrypted cloud storage and associated with your account, organization, and project.
- Technical and operational logs. Standard server and access logs maintained by our infrastructure provider (Google Firebase), including IP addresses, request timestamps, user-agent strings, and error reports, retained for security and reliability purposes.
- Session storage. Authentication session cookies and a small amount of browser local storage (for example, your currently active organization) used to maintain your session and preferences across pages.
2. How we use information
We use the information we collect to:
- Provide and operate the Service, including authenticating you, enforcing access controls, and delivering the features you request.
- Maintain audit trails of activity within the Service for security, accountability, and operational review.
- Attribute usage of third-party services (such as AI providers) for cost management and to enforce rate limits.
- Investigate and respond to suspected misuse, fraud, security incidents, or violations of our Terms of Service.
- Communicate with you about your account, security notices, and material changes to the Service.
- Improve the Service, including diagnosing problems, monitoring reliability, and developing new features.
3. How information is shared
We do not sell your personal information. We share information only in the following circumstances:
- Within your organization. Content and activity you create within the Service is visible to other users in your organization or project consistent with the access controls in place.
- Service providers. We use third-party infrastructure and service providers to operate the Service, including Google Firebase (authentication, database, file storage, hosting, serverless functions), Anthropic (large-language-model inference for AI features), and Resend (transactional email for invitations). These providers process information only on our behalf and under contractual confidentiality obligations.
- Legal requirements. We may disclose information when required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business transfers. If we sell, merge, or transfer any part of our business, information may be transferred as part of that transaction, subject to the protections of this Policy.
4. Data retention
We retain your information for as long as your account is active and as needed to provide the Service. Activity records and operational logs are retained for security, accountability, and audit purposes. When your account is deleted, we make commercially reasonable efforts to remove or anonymize your personal information, except where retention is required by law, by legitimate business interests (such as fraud prevention), or where information has been aggregated and anonymized.
5. Security
We use industry-standard security measures to protect your information, including encrypted transport (HTTPS), encrypted storage at rest, authentication on every server-side endpoint, role-based access controls, rate limits, and security headers. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.
6. Your choices and rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at the address below. We may need to verify your identity before responding to a request. We will respond within the timeframe required by applicable law.
7. International transfers
The Service is hosted on infrastructure that may store and process information in the United States and other countries. By using the Service, you understand that your information may be transferred to, stored, and processed in jurisdictions other than your own.
8. Children
The Service is intended for use by adults in professional production contexts. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will take steps to delete it.
9. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when this Policy was last revised. Material changes will be communicated through the Service or by email. Your continued use of the Service after a change takes effect constitutes acceptance of the revised Policy.
10. Contact
For privacy questions, data-rights requests, or any other matter related to this Policy, contact:
Smashing Garlic Entertainment Inc.
joey.allen@smashinggarlic.com