Cookie Policy

Learn how we use cookies and similar technologies to enhance your experience.

Effective date: 1 November 2025•Version: 1.0

This Cookie Policy explains how StoryBored ("we", "us", "our") uses cookies and similar technologies on storybored.ai and related apps (the "Service"). It should be read together with our Privacy Policy.

What are cookies?

Cookies are small text files placed on your device to make sites work or function better. We also use localStorage, sessionStorage, and IndexedDB ("similar technologies"). Some cookies are set by us (first-party); others are set by our service providers (third-party).

Legal basis & consent

Essential cookies are necessary for the Service and are set under legitimate interests (GDPR Art. 6(1)(f)).
All other categories (Preferences, Analytics, Marketing) are set only with your consent (GDPR Art. 6(1)(a)).

You can grant, deny, or withdraw consent at any time via the Cookie Settings link in the footer.

How we categorize cookies

Essential – Security, sign-in, load balancing, network protection.
Preferences – Remember choices such as theme, language, reader settings.
Analytics (opt-in) – Understand usage to improve UX; not for profiling.
Marketing (opt-in) – Measure campaigns; only if you consent.

What we do not do

We do not sell your personal data.
We do not use fingerprinting or cross-site tracking without consent.
We do not use your books, prompts, or images for advertising.

Managing your choices

Use Cookie Settings to toggle categories. You can also control cookies in your browser:

Firefox: Preferences → Privacy & Security → Cookies and Site Data
Chrome: Settings → Privacy and security → Cookies and other site data
Edge: Settings → Cookies and site permissions
Safari: Settings → Safari → Advanced → Website data

Blocking some cookies may impact functionality.

Retention

We store cookies for the durations below (see Annex). LocalStorage/IndexedDB items persist until you clear them or we delete them programmatically.

Third-country transfers

Some providers may process data outside the EEA. Where they do, we rely on SCCs and appropriate safeguards, as described in our Privacy Policy.

Updates

We may update this Policy. We'll post changes here with a new "Effective date" and update the in-product consent banner if needed.

Contact

Questions?

privacy@storybored.ai
Postal: [Company legal name], [Address]

Annex A – Detailed cookie & storage table (sample)

Replace or confirm names/retention based on your actual implementation. Leave items you use; remove the rest.

Essential (always active)

Name	Type	Provider	Purpose	Retention
`sb_session`	HTTP-only cookie	StoryBored	Keeps you signed in (session integrity).	Session / up to 7 days (if "remember me").
`sb_csrf`	Cookie	StoryBored	CSRF protection during form/API actions.	Session
`sb_consent_v2`	Cookie	StoryBored	Stores your category choices so we honor them.	6 months
`__cf_bm`, `cf_clearance`	Cookie	Cloudflare (3P)	Bot management / DDoS protection / challenge state.	30 min / up to 1 year (varies)
`sb_route`	Cookie	StoryBored	Load balancing / edge routing stickiness.	Session

Preferences (opt-in)

Name	Type	Provider	Purpose	Retention
`sb_theme`	localStorage	StoryBored	Light/dark/system theme.	1 year
`sb_reader_font`	localStorage	StoryBored	Reader font & size preferences.	1 year
`sb_reduced_motion`	localStorage	StoryBored	Honors reduced-motion setting in the reader.	1 year
`sb_lang`	Cookie	StoryBored	UI language.	1 year

Analytics (opt-in)

Choose one stack; examples shown for cookieless + cookie-based options.

Option A – Plausible (cookieless by default)

Name	Type	Provider	Purpose	Retention
(none by default)	—	Plausible (3P, EU)	Anonymous, cookieless analytics.	—

Option B – PostHog (self-hosted or EU cloud)

Name	Type	Provider	Purpose	Retention
`ph_phc_<siteID>_posthog`	Cookie	PostHog (3P)	Event analytics (if cookies enabled).	1 year
`sb_analytics_optin`	localStorage	StoryBored	Records your analytics consent state.	1 year

Marketing (opt-in; only if you run ads)

Name	Type	Provider	Purpose	Retention
`_gcl_au`	Cookie	Google Ads (3P)	Conversion tracking.	3 months
`_fbp`	Cookie	Meta (3P)	Ad delivery/measurement.	3 months
`_tt_enable_cookie`, `_ttp`	Cookie	TikTok (3P)	Conversion tracking.	13 months
`sb_utm`	localStorage	StoryBored	Stores first-touch UTM for on-site attribution only.	90 days

Annex B – Consent management details

Banner & preferences panel

We display a banner on first visit (and after 6 months or material change).
Categories: Essential (locked), Preferences, Analytics, Marketing.
Buttons: Accept all, Reject non-essential, Save choices.
You can revisit choices anytime via Cookie Settings in the footer.

Granular consent logs

We store a consent record (sb_consent_v2) with: timestamp, country/region, categories chosen, version of this policy.
Retention for consent logs: 6 years (separate from the cookie itself) for compliance purposes.

Do Not Track / GPC

If your browser sends Global Privacy Control (GPC) or Do Not Track, we interpret it as a signal to reject non-essential cookies by default, which you can override in Cookie Settings.

Annex C – Similar technologies we use

localStorage / sessionStorage for UI preferences, consent state, and session hints.
IndexedDB for offline reader cache (book assets); cleared when you use Clear cache in Settings or your browser clears site data.
CDN caching may transiently store anonymized assets at the edge to improve performance.

Optional clauses you can toggle based on product decisions

Analytics choice: If you always use cookieless analytics (e.g., Plausible), remove the PostHog row.
Marketing: If you are pre-launch with no ads, remove the Marketing table and category toggle.
Data residency: Add: "We store analytics on EU-based infrastructure where feasible."
IAB TCF: If you adopt IAB TCF v2.2, add a note that you honor that framework in addition to your own banner.