Privacy Policy

Effective: February 14, 2026

This policy describes how StoryCare Health ("StoryCare," "we," "us") collects, uses, and protects information. If you have questions, contact us through the contact form on our homepage.

Who This Policy Covers

This policy applies to clinicians, researchers, and other visitors who interact with the StoryCare website (storycare.health) and the StoryCare platform (app.storycare.health). Patient data handled through the platform is governed by HIPAA and the Business Associate Agreements we maintain with covered entities.

Information We Collect

Website visitors. When you visit storycare.health, we collect standard web analytics data: pages viewed, browser type, referring URL, and approximate location. We do not use third-party advertising trackers.

Contact form submissions. If you submit a request through our contact form, we collect your name, email address, and message. This information is used only to respond to your inquiry.

Platform users (clinicians). When you use the StoryCare platform, we collect account information (name, email, credentials), session data you upload or record (audio, transcripts), and platform usage data.

Patient data. StoryCare processes patient session data including audio recordings, transcripts, AI-generated images, video, and music, reflection prompt responses, and survey responses. This data is classified as Protected Health Information (PHI) under HIPAA and is handled accordingly.

How We Use Information

To provide and operate the StoryCare platform
To generate AI images, video, music, and Story Pages from therapy sessions
To produce transcripts with speaker diarization
To respond to contact form inquiries
To improve platform reliability and performance
To support clinical evaluation and research (with appropriate consent and IRB oversight)

What We Do Not Do

We do not sell personal information or patient data to third parties
We do not use patient session data to train AI models
We do not share PHI with third parties except as required to operate the platform (e.g., HIPAA-compliant cloud infrastructure) or as required by law
We do not serve advertising or share data with advertising networks

HIPAA Compliance

StoryCare is designed and operated in compliance with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards including:

End-to-end encryption for data in transit and at rest
Role-based access controls
Audit logging of all data access
Business Associate Agreements with all service providers who handle PHI
HIPAA-compliant email through Paubox

Data Storage and Security

All platform data is stored on HIPAA-compliant cloud infrastructure within the United States. Access to patient data is restricted to the treating clinician and authorized StoryCare personnel operating under Business Associate Agreements. We retain data in accordance with applicable healthcare record retention requirements.

Your Rights

Clinicians and website visitors may request access to, correction of, or deletion of their personal information by contacting us through the contact form.

Patients should direct data access and deletion requests to their treating clinician, who can coordinate with StoryCare as needed.

Children's Privacy

StoryCare is a clinical tool used under the direction of licensed clinicians. We do not knowingly collect information directly from individuals under the age of 13 through our website. Clinical use involving minors is managed by the treating clinician in accordance with applicable law.

Changes to This Policy

We may update this policy as our practices or legal requirements evolve. Material changes will be posted on this page with an updated effective date. Continued use of StoryCare after changes constitutes acceptance of the revised policy.

Contact

For privacy-related questions, use the contact form on our homepage.