Privacy Policy

• Account info — email, name, optional avatar, timezone.
• Work content — everything you put in projects, work items, comments, attachments, queries.
• Usage metadata — pages visited, API and MCP call counts, errors, request timing. Used to run the service and debug issues.
• Billing info — handled by Stripe. We store a customer reference; we do not see your card details.
• GitHub data — only if you connect a repo; only the events we need to auto-transition work items.

• We don’t sell your data.
• We don’t train AI models on your content.
• We don’t run analytics cookies or tracking pixels.

• Vercel — hosting, edge delivery.
• Neon — Postgres database.
• Stripe — billing and payments.
• Email provider — transactional mail (password reset, invites, billing).

These are data processors acting on our behalf. Their privacy policies govern what they do; we only send them what’s needed for the function they provide.

You can connect an MCP client to Stori. When you do, the client authenticates against Stori and reads/writes data on your behalf. Stori doesn’t call any AI provider server-side — the LLM runs in your client. What you send to the model goes to that provider under their terms, not ours.

We keep your data as long as your account exists. Delete your account from /account or email us — we purge within 30 days (backups roll off within 90).

Session cookie only — required to keep you signed in. No tracking, no marketing, no third-party pixels.

Access, correction, deletion, portability — email us and we’ll act within 30 days. You can also export most of your data yourself via the REST API / MCP.

hannes@stori.zone.