Privacy Policy

Coco's Story is operated by Sagacious Heritage Corporation ("we", "us", "our"). We are the data controller responsible for your personal data under applicable data protection laws.

• Privacy contact: privacy@sagacious-heritage.com
• Mailing address: Sagacious Heritage Corporation, 160 Alewife Brook Pkwy #1181, Cambridge, MA 02138, United States

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe your personal data has been processed in violation of applicable data protection law.

When you use Coco's Story, we collect:

• Account information: Your name and email address when you sign up.
• Family stories and genealogical data: Names, relationships, dates, places, and other details about family members that you share during interviews. This includes information about people who have not signed up for the service themselves (e.g., ancestors, relatives).
• Billing information (paid plans only): When you subscribe to a paid plan, our payment processor Stripe, Inc. ("Stripe") collects your payment card details, billing address, and any tax-identification information required to charge you. We do not receive or store full card numbers. From Stripe we receive a tokenized customer/payment-method identifier, your billing email, the last four digits and brand of your card, the card's expiration date, the billing country and ZIP/postal code, and transaction-level metadata (amount, currency, status) needed to operate billing, issue receipts, and prevent fraud.
• Technical data: Device information, browser type, and usage statistics to operate and improve the service.

We use the information we collect for the following purposes:

• Providing the service: Processing your stories through AI, building your family tree, generating written narratives, and managing your account.
• Billing and subscription management (paid plans only): Processing payments, preventing fraud and abuse, calculating taxes, issuing receipts and invoices, handling refunds and disputes, and complying with tax and accounting record-keeping obligations.
• Improving the service: Analyzing usage patterns, interview quality, and extraction accuracy to improve features, fix issues, and develop new capabilities. This may include reviewing anonymized or aggregated data derived from user interactions. We may also review individual stories or extraction results to diagnose errors, improve AI prompts, and evaluate service quality.
• Security and reliability: Detecting and preventing abuse, monitoring system performance, and debugging issues.
• Communication: Responding to your inquiries and sending service-related notices.

Lawful basis (GDPR): We process your data based on: (a) performance of our contract with you to provide the service (including billing for paid plans); (b) our legitimate interests in improving and securing the service (Article 6(1)(f)); (c) compliance with legal obligations, including tax and accounting record-keeping (Article 6(1)(c)); and (d) your consent where required by applicable law.

Coco's Story uses artificial intelligence to help you capture and organize family history. Specifically:

• AI-powered interviews: Your story content is processed by Google's Gemini large language models to conduct interactive interviews and extract structured information (names, dates, relationships, places) from your narratives.
• Entity extraction: The AI identifies people, places, events, and relationships mentioned in your stories and organizes them into your family tree.
• Content generation: The AI helps generate written family stories from your interview conversations.

How your data is processed by Google: Story content is sent to Google's AI services for processing. We use Google's Gemini API and may also use Google Cloud Vertex AI, depending on the model and feature. These services have different data handling terms:

• Gemini API (paid tier): Google states that it does not use paid API inputs or outputs to train its models. See Google's Gemini API Terms of Service for current details.
• Vertex AI: Governed by the Google Cloud Platform Terms of Service and Data Processing Addendum. Google does not use customer data to train models under these terms.

We use paid service tiers for production workloads. However, Google's terms may change, and we recommend reviewing Google's current policies directly for the most up-to-date information.

Paid plans are billed through Stripe, Inc., a global payment processor. Stripe is an independent data controller for the payment information you provide to it and processes that information under Stripe's Privacy Policy and Terms of Service.

What is shared with Stripe: When you start a paid subscription, your browser sends your card details and billing address directly to Stripe. We forward to Stripe your billing email, your Coco's Story user/customer identifier, the plan you selected, and any coupon code, so Stripe can create a customer record, charge your card on a recurring basis, and send you receipts. Stripe may use the device, browser, and behavioral signals it collects from its checkout components to detect fraud (Stripe Radar).

What we receive from Stripe: Stripe returns to us a tokenized payment-method identifier, the last four digits of the card and its brand, the card's expiration month/year, the billing country and ZIP/postal code, the transaction amount, currency, status, and timestamps, and webhook events about the subscription lifecycle (created, renewed, payment_failed, canceled, refunded).

Retention of billing records: Even if you delete your Coco's Story account, we and Stripe must retain a record of completed transactions for tax, accounting, and anti-fraud purposes for the period required by applicable law (typically up to 7 years in the United States and EU). Where possible we pseudonymize the user-facing fields after account deletion, retaining only what is required to comply with these obligations.

International data transfers via Stripe: Stripe processes payment data on its own global infrastructure (United States, European Union, and other regions). For transfers from the EEA or UK, Stripe relies on Standard Contractual Clauses and its own data-processing terms.

If you only use the free tier of the Service, no payment data is collected and Stripe is not involved.

Your data is stored in Google Cloud Platform (GCP) infrastructure. All data is encrypted in transit and at rest using Google Cloud's default encryption. Payment data is stored by Stripe on its own infrastructure.

Retention periods:

• Account and profile data (name, email, authentication credentials): Retained while your account is active. Deleted within 30 days of an account deletion request.
• Family tree and story data (persons, relationships, facts, stories, interview transcripts): Retained while your account is active. Deleted within 30 days of an account deletion request.
• Uploaded media (photos, documents): Retained while your account is active. Deleted within 30 days of an account deletion request.
• Billing records (transaction history, receipts, tax documentation): Retained by us and by Stripe for the period required by applicable tax, accounting, and anti-fraud law (typically up to 7 years), even if you close your account.
• Backups: Firestore data may persist in automated database backups for up to 7 days after deletion from active systems, after which backups are rotated and overwritten.
• Operational logs (Cloud Logging): Retained for 30 days and then automatically deleted. See Operational Logs section below.
• Observability and tracing data (LangSmith): Retained subject to LangSmith's data retention policies. We use commercially reasonable efforts to limit the personal data sent to observability tools.

Coco's Story uses cookies and similar technologies for:

• Authentication: Session cookies to keep you signed in.
• Functionality: Preferences and settings you choose within the application.
• Privacy signal state (cs-gpc): A short non-sensitive cookie that records whether your browser sent a Global Privacy Control (GPC) opt-out on your last request, so we can consistently honor it across page loads.
• Stripe checkout (paid plans only): When you visit our pricing, checkout, or billing pages, Stripe sets cookies that are necessary to operate its checkout form and fraud-detection systems. These are governed by Stripe's privacy policy.

We do not use third-party advertising cookies. We may use analytics tools to understand how the service is used in aggregate.

Coco's Story honors the Global Privacy Control browser signal as a valid opt-out of the sale or sharing of personal information under the California Consumer Privacy Act (CCPA) and similar state laws.

How it works:

• We detect the Sec-GPC: 1 request header on every request and record the decision in a cs-gpc cookie so it is honored consistently throughout your session.
• When GPC is active we do not initialize or emit events to our non-essential analytics tools. Specifically, Firebase Analytics, Vercel Analytics, and Vercel SpeedInsights are fully disabled for the session, and no user or event identifiers are sent to them.
• Strictly necessary functionality — authentication, loading your data, AI interviews and story generation, billing for paid plans, error logging, and abuse prevention — continues to work normally because it is required to provide the service you signed up for.

Verifying our support: We publish machine-readable GPC support metadata at /.well-known/gpc.json.

You do not need to take any additional action beyond enabling GPC in a supported browser (Firefox, Brave, or other browsers / extensions that implement the standard) for Coco's Story to honor the signal.

During normal operation, our systems generate logs that may transiently contain personal data:

• What may be logged: Names, relationships, and story excerpts may appear in operational log messages during AI processing.
• Retention: Operational logs are retained for up to 30 days and then automatically deleted.
• Access: Logs are restricted to authorized system administrators for debugging and service reliability purposes.
• Third-party tracing: We may use AI observability tools (such as LangSmith) for monitoring service quality. These tools may temporarily process story content subject to their own data retention policies.

We use commercially reasonable efforts to minimize personal data in operational logs.

Coco's Story is designed to record family history, which inherently involves information about people who have not signed up for the service — including living relatives, ancestors, and other family members.

• What we store: Names, birth/death dates, relationships, biographical details, and places associated with family members you mention.
• Lawful basis: We process this data based on the legitimate interest of preserving family history (GDPR Article 6(1)(f)), having considered and balanced this interest against the rights of the individuals concerned.
• Rights of data subjects: Any person whose data is stored in our system may contact us to request access to, correction of, or deletion of their personal information. We may require reasonable verification of identity before processing such requests.

We do not sell your personal information. We share data only with:

• Google Cloud Platform: Infrastructure, database services (Firestore, Firebase Authentication, Cloud Storage), and AI processing (Gemini API, Vertex AI).
• Stripe, Inc. (paid plans only): Payment processing, subscription management, fraud detection, tax calculation, and receipt delivery. See the Payment Processing (Stripe) section above for the categories of data shared and Stripe's role as an independent data controller for payment information.
• Service providers: Third-party tools that help us operate and monitor the service (e.g., LangSmith for AI observability, Vercel for web hosting).
• Legal requirements: When required by law, regulation, or valid legal process.

Your data is processed and stored on Google Cloud Platform infrastructure located in the United States. If you are located outside the United States, your personal data will be transferred to the United States for processing. Payment data is processed by Stripe on its own global infrastructure (United States, European Union, and other regions).

For transfers of personal data from the EEA or the United Kingdom, we rely on the safeguards provided by our service providers' data processing terms. Google's Cloud Data Processing Addendum and Stripe's data processing terms each incorporate Standard Contractual Clauses (SCCs) approved by the European Commission as a lawful transfer mechanism. Other service providers are selected based on their compliance with applicable data transfer requirements.

Depending on your jurisdiction, you may have the right to:

• Access: Request information about the personal data we hold about you.
• Correction: Ask us to correct inaccurate information.
• Deletion: Request deletion of your account and associated data. We will use commercially reasonable efforts to delete your data from active systems within 30 days. Operational logs and backups containing your data will expire within their respective retention windows. Billing records that we are legally required to retain (typically up to 7 years) are an exception and will be retained for the period required by law.
• Data portability: Where technically feasible, request your data in a commonly used format.
• Objection: Object to processing of your data where we rely on legitimate interest as the legal basis.
• Opt-out of sale/sharing (CCPA): California residents may opt out of the sale or sharing of personal information. Coco's Story honors the Global Privacy Control browser signal as a valid opt-out; see the Global Privacy Control section above.
• Complaint: If you are in the EEA or UK, lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@sagacious-heritage.com. We may require verification of your identity before processing requests. For requests concerning payment data held by Stripe directly, see Stripe's privacy policy.

Coco's Story is not intended for use by anyone under the age of 13. Account creation by users under 13 is prohibited. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will delete their account and associated data. If you believe a child under 13 has created an account, please contact us at privacy@sagacious-heritage.com.

Family stories may reference minors as part of genealogical records. These references are entered by and stored under the responsibility of the adult account holder.

We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Your continued use of Coco's Story after changes take effect constitutes acceptance of the updated policy.

This privacy policy and any disputes arising from it are governed by the laws of the State of California, United States, without regard to conflict of law principles. This does not affect your statutory rights under applicable data protection laws, including GDPR or UK GDPR, where those laws apply to you.