This policy explains what personal data OutaStory GmbH processes, why, who we share it with, how long we keep it, and the rights you have. Where we name a third party below, that provider processes your data under its own privacy policy. You can view, export, or delete your data at any time from your privacy settings.
Reading the version for your role makes this easier to follow. We also publish three focused notices — for website visitors, for members and for writers. This page remains the complete reference policy.
Data Controller
The responsible party for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
Thimo Buchheister
OutaStory GmbH
Bemeroder Strasse 67
30559 Hannover, Germany
Data Protection Officer
Our appointed Data Protection Officer is Attorney Kai Flatau, Hamburg.
Contact
For all data protection enquiries, please contact us at privacy@outastory.com.
General Data Collection
Server Logs
When you visit OutaStory, our servers automatically record the following data: your IP address, access timestamps, and browser/client information. This data is stored for a maximum of 10 days and is used solely for security and technical diagnostics.
Cookies
We use session cookies that are required for the platform to function correctly. These cookies are temporary and are deleted when you close your browser. We do not use persistent tracking cookies without your explicit consent.
Third-Party Services
We rely on the third-party services below. Essential services are required for the platform to function and operate on a contractual or legitimate-interest basis. Consent-based services run only after you opt in through our cookie/consent banner — none of them load before you agree. Each provider processes data under its own privacy policy.
Essential services
Required for OutaStory to operate. We cannot provide the service without these.
- Auth0 (Okta) — Authentication and account identity. Processes your email address, name, and login identifiers.
- Stripe (incl. Stripe Connect) — Subscription billing and author/speaker payouts, including Stripe Connect onboarding and identity verification (KYC). Processes your payment instrument, billing/payout address, VAT/tax ID, bank details, and transaction history. OutaStory never sees your full card number; card data and KYC documents are handled directly by Stripe.
- Microsoft Azure (SQL, Blob Storage) — Hosts our application and stores your data — the primary database and file/image/audio storage. Your data is hosted within the EU.
- Azure AI Search (Microsoft, EU region) — Search index for stories and authors. Holds author names, author bios, story titles, and story descriptions as a derived, rebuildable search index — the authoritative data remains in our primary database. When you delete your account, your author profile and all your story entries are removed from the index. The search index is essential platform infrastructure and is not a consent-based tracker; it does not introduce any new personal-data fields beyond what is already in your data export.
- Azure OpenAI & Azure Speech — Generate story cover images, story descriptions, and the speech-synthesis markup and audio narration for chapters. Only story and chapter content is processed; no account profile data is sent.
- ElevenLabs — Text-to-speech narration (ElevenLabs Inc.). When an author enables ElevenLabs audio for a story, its chapter text is sent to ElevenLabs solely to generate the spoken audio; no account or personal profile data is shared. In addition, for Premium authors who actively opt into voice cloning, a biometric voice sample is shared with ElevenLabs to create a cloned voice — this happens only on the basis of your explicit consent (Art. 9(2)(a) GDPR).
- Azure Content Safety — Automated safety screening of comments, chapter text, and cover images. The text or image being checked is processed to detect harmful or disallowed content.
- SendGrid (Twilio) — Delivers transactional, newsletter, and marketing/announcement email. Processes your email address, display name, and delivery metadata. SendGrid is our only email vendor.
- Sentry — Error and performance monitoring on a legitimate-interest basis (no personal-data payloads by default). Optional session-replay diagnostics run only with your consent.
- Apple App Store, Google Play — Validate in-app purchases and subscriptions made through our mobile apps. Process purchase receipts and transaction identifiers.
- Stripe, Apple App Store, Google Play (Credits) — Processing credit purchases. Stripe handles credit purchases on the web app; the Apple App Store and Google Play process in-app credit purchases on mobile apps. OutaStory stores your current balance and an append-only transaction ledger (date, type, amount, balance after, reason). These financial records are retained for the statutory period under GDPR Art. 17(3)(b) and survive an erasure request.
- German Federal Central Tax Office (BZSt) — For authors who earn revenue, we are legally required to report identity and payout totals under the German Platform Tax Transparency Act (PStTG / DAC7).
Services used only with your consent
These load only after you accept the matching category in our consent banner. Until then, they are blocked.
- Google Analytics 4, Microsoft Clarity, Firebase Analytics — Web and app analytics, including session replay and heatmaps, used to understand how the platform is used. Process device, session, and event data.
- Google AdMob / AdSense, Meta Audience Network, Media.net, Monetag, Unity Ads — Advertising networks that may display ads and use cookies, advertising identifiers, and behavioural data. Shown only on ad-supported surfaces and only with your consent.
- OneSignal — Push-notification delivery. Processes a device push token and your account identifier, only if you enable push notifications.
- Bluesky, Meta / Instagram — When you connect a social account to cross-post a story, the story content, your author name, and an encrypted access token are shared with that network.
- LanguageTool — Optional grammar and spell-checking of your drafts. Draft text you submit for checking is sent to LanguageTool for analysis.
For the approximate location used in our own analytics, we use MaxMind GeoLite2 as a local database file embedded on our own servers — your IP address is never sent to MaxMind, so GeoLite2 is not a sub-processor.
Member Data
Registration & Account Data
When you register for an OutaStory account, we collect and store the information you provide: your name, email address, date of birth, gender, and postal address, plus optional preferences such as your favourite categories and relationship status. Date of birth, gender and address are required for registration; favourite categories and relationship status are optional and used to personalise your recommendations. This data is stored securely within the Microsoft Azure cloud infrastructure. You can view, change, export, or delete all of it at any time using the tools on this page. During the current closed testing phase we subscribe you to our newsletters (daily Story of the Day and the weekly digest) by default; you can unsubscribe at any time using the one-click link in any newsletter email or the toggles on your settings page.
Reading Activity
We track your reading progress, library interactions, and engagement metrics (e.g. pages read, time spent) in order to provide personalised recommendations and to support authors with aggregated analytics. For our own (first-party) analytics we store a salted, irreversible hash of your IP address — never the raw address by default — together with a privacy-bounded device signal that lets us link your anonymous sessions to your account once you sign in. We also derive an approximate location (country, region, and city) from your IP address for analytics purposes, without ever storing the IP address itself, and record a coarse indication of where you arrived from (e.g. a search engine, a social site, or direct) — never the full address of the page you came from. These first-party analytics records are kept for at most 14 months. Third-party analytics services (listed above) run only with your consent. Authors can see aggregate, anonymised statistics about the audience for their own works — including coarse age ranges and gender — only where at least 10 readers fall into a group, so no individual can be identified.
Marketing & Announcement Emails
From time to time we may send you marketing and announcement emails (for example, news about new features, contests, or noteworthy stories), and we may reach out to contacts who are not yet members. To understand whether these emails are useful and to improve them, we measure when an email is opened and when a link inside it is clicked, linked to your email address. Every such email contains a one-click unsubscribe link; once you unsubscribe — or if an email bounces or is reported as spam — your address is added to a suppression list so we no longer send you marketing emails. Your data export includes the campaign name, subject, and your own open/click signals, but never the body of the email. We keep that suppression entry even after you delete your data, on a legitimate-interest basis, solely so we can continue to honour your opt-out.
Marketing Contacts (Leads)
We may hold contact details (such as an email address, name, company, and which audience a contact belongs to) for marketing contacts who are not yet OutaStory members. For each such contact we record the lawful basis on which we hold their data and only ever contact them where we have one. Every marketing message includes a one-click unsubscribe link, and any contact can ask us to delete their details at any time. If you later create an account with the same email address, this contact record is included in your data export and is deleted when you erase your data.
Payment Processing
Payments — both subscription billing and, for authors and professional speakers, payouts — are handled by Stripe (including Stripe Connect). OutaStory does not store complete payment card details; your card data is held by Stripe under its own PCI-compliant systems.
Credit purchases are processed via Stripe (web app) or through the Apple App Store or Google Play (mobile apps). OutaStory stores your balance and a complete transaction history (date, type, amount, balance after, reason); these financial records are retained after an erasure request for the statutory period under GDPR Art. 17(3)(b).
Data Retention
Your personal data is retained for as long as your account is active. Upon account deletion, your personal data is removed within a reasonable timeframe. First-party analytics records are kept for at most 14 months, and abuse-prevention records that contain an IP address (such as content reports and moderation actions) have the IP removed after at most 12 months. An exception applies to financial transaction and tax records, which are retained for 10 years as required by German tax law (§ 147 AO).
Personalization
We personalize your home page from your reading activity — the categories, stories, authors and reading lengths you engage with — to surface stories you're more likely to enjoy. For signed-in adults, and only while this feature is enabled, we may also show a 'popular with readers like you' selection based on coarse age, gender and country groupings (never for under-18s, and only when enough readers share a grouping). You can view this personalization data in your data export and have it deleted at any time.
If you choose to add profession, music-genre or hobby details to your profile, signed-in adults may also see groupings such as "popular with jazz fans" or "popular among readers in your profession" — built from coarse, optional attributes only, never for under-18s, and only when enough readers share an attribute. These details are optional, are never shared with third parties, appear in your data export, and can be deleted at any time.
Children & Young Users
OutaStory is a general-audience platform that is also used by minors, so we take youth protection seriously. We protect young readers through content-band age ratings — every story is rated 0, 6, 12, 16, or 18 — combined with server-side filtering and youth-protection labels (JusProg, age rating, and RTA). When you create an account we ask for your date of birth to confirm you are old enough to use the service. If you are under 16 (the age of digital consent in Germany under Art. 8 GDPR), we ask a parent or guardian to confirm their consent — through a link we email to them — before your account can be fully used. Your date of birth is stored on your profile; you can export or delete it at any time using the tools on this page. We never build an advertising or analytics profile that targets you as a minor.
For more on how we keep younger readers safe, see our Youth Protection page.
Writer Data
Writers who publish on OutaStory agree to the following data practices:
- Submitted stories and associated metadata are stored on OutaStory's servers for the duration of the publishing relationship.
- The writer's identity (or chosen pseudonym) is linked to their published works and displayed publicly on the platform.
- Publication metrics — including page reads, ratings, and revenue data — are tracked and made available to the writer via their dashboard.
Voice Cloning (Narrating Your Own Stories)
If you are a Premium author and actively opt in, you record a short voice sample or upload an existing audio recording, and OutaStory — working with ElevenLabs — creates a cloned voice you can use to narrate your own stories. The voice sample is biometric data and therefore a special category of personal data under Art. 9 GDPR, whether you record or upload it. We process it solely on the basis of your explicit consent (Art. 9(2)(a) GDPR) and use the cloned voice exclusively to narrate your own stories. The voice sample is stored until you delete it; deletion completely and permanently removes both the stored voice sample and the cloned voice held at ElevenLabs. We also store when your cloned voice was last used (an activity timestamp), to operate the service and manage our voice capacity efficiently; this timestamp is removed when you delete your voice. You can withdraw your consent at any time by deleting your cloned voice.
For the Professional Voice Clone (PVC) option, you upload multiple longer audio recordings to train a high-quality cloned voice; the full collection of those voice samples constitutes biometric data under Art. 9 GDPR. As part of the PVC process, your voice also goes through a voice verification step at ElevenLabs (a voice-based captcha) that confirms you personally recorded the submitted audio. This step is part of ElevenLabs' processing and falls within the existing data-processing agreement. All voice sample files uploaded for a PVC voice are stored until you delete your voice; on deletion, every sample file and the derived cloned voice at ElevenLabs are permanently removed.
Payouts, Marketplace & Tax Data
If you earn through revenue share or as a professional speaker in our marketplace, you complete Stripe Connect onboarding, including identity verification (KYC). We hold your payout country, tax residency, optional VAT ID, payout address, and KYC/tax-form completion status; Stripe holds your legal name, date of birth, bank details, and tax forms directly. For German revenue-share authors we are legally required to report your identity, gross payout, and transaction count to the German Federal Central Tax Office (BZSt) under the Platform Tax Transparency Act (PStTG / DAC7). Financial transaction and tax records are retained for 10 years under German law (§ 147 AO, § 257 HGB) and therefore outlive your account: they survive an erasure request and are anonymised only when the statutory period ends.
Your Rights under GDPR
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:
- Right of Access (Art. 15 GDPR) — You may request confirmation of whether we process your personal data and, if so, obtain a copy of it.
- Right to Rectification (Art. 16 GDPR) — You may request correction of inaccurate or incomplete personal data we hold about you.
- Right to Erasure (Art. 17 GDPR) — You may request deletion of your personal data subject to applicable legal retention obligations.
- Right to Restriction (Art. 18 GDPR) — You may request that we restrict the processing of your data in certain circumstances.
- Right to Data Portability (Art. 20 GDPR) — You may receive your personal data in a structured, machine-readable format.
- Right to Withdraw Consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@outastory.com. We will respond within the timeframes required by applicable law.
Security
OutaStory uses 256-bit SSL/TLS encryption for all data transmitted between your device and our servers. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction.