1. Introduction and Scope of This Privacy Policy

1.1 This Privacy Policy explains how StoryMoments collects, uses, stores, shares, and protects personal data when you access or use the StoryMoments mobile application, the StoryMoments website, or any related products or services (together, the “Platform”).

1.2 This Privacy Policy applies to all users of the Platform, including individuals who create accounts, upload content, purchase packages or subscriptions, or are designated as recipients of content.

1.3 This Privacy Policy should be read together with the StoryMoments Terms and Conditions and Cookie Policy. Where there is any conflict, this Privacy Policy governs matters relating to personal data.

1.4 StoryMoments is committed to protecting personal data and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.5 By using the Platform, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

2. Who We Are (Data Controller Details)

2.1 The Platform is operated by Lambda Partnership Ltd, trading as StoryMoments (“StoryMoments”, “we”, “us”, or “our”).

2.2 For the purposes of applicable data protection laws, StoryMoments is the data controller in respect of personal data processed through the Platform.

2.3 Our contact details and support channels are made available via the Platform. Privacy related enquiries, requests, or complaints should be submitted using the contact

information published on the StoryMoments website.

2.4 If required by law, we may appoint additional representatives or data protection contacts, details of which will be made available through the Platform.

3. Key Definitions and Interpretation

3.1 In this Privacy Policy, the following terms have the meanings set out below:

• “Personal Data”means any information relating to an identified or identifiable individual.
• “Special Category Data”means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, biometric data, or other data classified as sensitive under UK GDPR.
• “User”means an individual who accesses or uses the Platform, including account holders.
• “Recipient”means an individual designated by a user to receive access to content.
• “Processing” means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• “Controller” and “Processor” have the meanings given under UK GDPR.

3.2 Capitalised terms not defined in this Privacy Policy have the meanings given in the Terms and Conditions.

3.3 Headings are for convenience only and do not affect interpretation.

4. Summary of How We Use Personal Data

4.1 StoryMoments is an app-first digital storytelling platform. We process personal data primarily to allow users to create accounts, record and store content, control access to that content, and share it with chosen recipients.

4.2 Most personal data processed by StoryMoments is provided directly by users or generated through their use of the Platform.

4.3 Content uploaded to the Platform is private by default and is only made accessible to recipients chosen by the user, in accordance with the user’s settings.

4.4 StoryMoments does not sell personal data and does not use personal data for third party advertising.

4.5 Users remain in control of their content and how it is shared, subject to the technical and operational limits described in the Terms and Conditions.

5. Categories of Personal Data We Collect
5.1 Depending on how you use the Platform, we may collect and process the following categories of personal data:

(a) Account and Identity Data

• Name
• Email address
• Account credentials
• Profile information you choose to provide

(b) Content Data

• Video recordings
• Audio recordings
• Images and photographs
• Written stories, letters, and messages This data may include personal data about you or about other individuals you choose to reference.

(c) Recipient Data

• Names
• Email addresses or other contact details provided by you for delivery or access purposes

(d) Technical and Usage Data

• Device type and operating system
• App version
• IP address
• Log and usage data
• Interaction and feature usage information

(e) Transaction Data

• Purchase history
• Subscription status
• Package or credit information (Full payment card details are not stored by StoryMoments.)

6. Special Category and Sensitive Personal Data
6.1 Due to the nature of the Platform, user-generated content may include special category or otherwise sensitive personal data, including health-related information, personal beliefs, or information about family relationships.

6.2 StoryMoments does not require users to upload special category data and does not actively solicit such information.

6.3 Any special category data included in content is providedsolely at the user’s discretion, and users are responsible for ensuring that they have a lawful basis to share such data, including obtaining consent where required.

6.4 StoryMoments applies additional technical and organisational safeguards to protect sensitive content, but users acknowledge that no system can be guaranteed to be completely secure.

7. How and When We Collect Personal Data
7.1 We collect personal data in the following ways:

(a) Data You Provide Directly

• When you create an account
• When you upload or record content
• When you purchase packages or subscriptions
• When you contact us or submit enquiries

(b) Data Generated Through Use of the Platform

• Usage logs
• Feature interaction data
• Technical performance data The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest.

(c) Recipient Data Provided by Users

• Contact details and identifiers supplied by users for sharing or delivery purposes

7.2 StoryMoments does not independently verify the accuracy of personal data provided by users and relies on users to ensure that information supplied is accurate and lawful.

8. Recipient Data and Third-Party Personal Data
8.1 The Platform allows users to provide personal data relating to Recipients, such as names, email addresses, or other contact details, for the purpose of sharing or delivering content.

8.2 Users are solely responsible for ensuring that they have a lawful basis to provide Recipient data to StoryMoments, including informing Recipients that their personal data has been shared where required by law.

8.3 StoryMoments does not independently verify Recipient identities, consent, or the accuracy of Recipient data provided by users.

8.4 Recipient data is used only to enable access to content or communications expressly configured by the user. Where access is provided via links, notifications, or deep linking, limited technical metadata (such as device type, IP address, timestamp, app version, and access logs) may be processed solely for access delivery, security, troubleshooting, and performance monitoring.

Data collected through Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises
We use Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises, a third-party software development kit (SDK), to enable deep linking, referral attribution, and to improve your experience within the Kinterak app. When you use our app, Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises may automatically collect the following information:

• Account identifiers, such as authentication tokens generated by the Kinterak Story Planner website when you log in via deep links.
• Device identifiers, such as your device ID, advertising ID, or similar unique identifiers.
• App interaction events, such as pages viewed, links clicked, and actions taken within the app.
• Device and network information, including device type, operating system version, network provider, and IP address.

Purpose of collection: This data is used only to enable deep linking, authentication, referral attribution, and to improve app functionality and user experience.

Data sharing: This information is shared with Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises solely for the purposes stated above and in accordance with their privacy policy, available at https://branch.io/policies/#privacy.

Data security: All information transmitted to Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises is encrypted in transit.

User rights: You may request deletion of your data at any time by contacting us at contact@storymoments.co.uk or by managing your account through the Kinterak Story Planner website.

8.5 Such technical metadata is not used for advertising, profiling, or tracking Recipients beyond the specific access event.

9. Purposes and Legal Bases for Processing
9.1 StoryMoments processes personal data for the following purposes and on the following lawful bases under UK GDPR:

• Performance of a contract and legitimate interests: to process Recipient data strictly as required to deliver user-directed content securely, enable access, prevent misuse, and maintain Platform integrity.
• Legitimate interests: to operate, maintain, secure, and improve the Platform, prevent misuse, and protect StoryMoments legal rights, provided those interests are not overridden by user rights.
• Legal obligations: to comply with applicable laws, regulations, and lawful requests from authorities.
• Consent: where required, including for certain communications or cookie use.

9.2 Where consent is relied upon, users may withdraw consent at any time, subject to lawful processing already carried out.

10. How We Use Personal Data in Practice
10.1 StoryMoments uses personal data to:
(a) create and manage user accounts;
(b) store, process, and display user-generated content;
(c) enable sharing and recipient access as configured by users;
(d) operate future-access or scheduling features;
(e) communicate with users regarding account, service, or support matters; and
(f) ensure the security and integrity of the Platform.

10.2 StoryMoments does not use content data for advertising or profiling purposes.

10.3 Certain features of the Platform use automated or AI-assisted processing to support user-requested functionality, such as transcription, content previews, written letters, or compilation of books. Such processing is assistive in nature, operates under user control, and does not involve behavioural profiling, automated decision-making with legal or significant effects, or advertising use of personal data.

11. Payments, Subscriptions, and Financial Data
11.1 Payments for website purchases are processed by third-party payment processors. StoryMoments does not store full payment card details.

11.2 App-based subscriptions and in-app purchases are processed by third-party app marketplaces, such as Apple or Google, in accordance with their own privacy policies.

11.3 StoryMoments may receive limited transaction metadata, such as confirmation of purchase status, subscription type, or renewal dates, for account and service management purposes.

12. Cookies, Analytics, and Similar Technologies

12.1 The StoryMoments website uses cookies and similar technologies to enable core functionality, improve performance, and understand how visitors interact with the site.

12.2 The mobile application may use analytics tools to collect aggregated or pseudonymised usage and performance data to understand feature usage and improve reliability.

12.3 Details of cookies used, purposes, and user choices are set out in the Cookie Policy, which forms part of this Privacy Policy.

12.4 Users can manage cookie preferences through browser or device settings, subject to limitations on functionality.

13. Sharing and Disclosure of Personal Data
13.1 StoryMoments may share personal data with trusted third parties, including:
(a) hosting and cloud service providers;
(b) payment processors;
(c) analytics and technical service providers; and
(d) professional service providers where Add-On Services are requested.

13.2 All third parties are required to process personal data only on documented instructions and to apply appropriate security measures.

13.3 StoryMoments may disclose personal data where required by law, regulation, court order, or to protect legal rights, safety, or security.

13.4 StoryMoments does not sell personal data to third parties.

Data sharing: This information is shared with Branch | Mobile Attribution Platform & App Analytics Solutions For Enterprises solely for the purposes stated above and in accordance with their privacy policy, available at https://branch.io/policies/#privacy.

14. International Data Transfers
14.1 Personal data may be stored or processed outside the United Kingdom as required to operate the Platform, including through evolving global cloud and infrastructure providers.

14.2 Where personal data is transferred outside the UK, StoryMoments ensures appropriate safeguards are in place in accordance with UK GDPR, including adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

14.3 Users acknowledge that the use of distributed and evolving global infrastructure may involve international data transfers, subject to the protections described in this Privacy Policy.

15. Data Retention and Storage Periods
15.1 StoryMoments retains personal data for as long as reasonably necessary to provide the Platform, fulfil user instructions, comply with legal obligations, resolve disputes, and enforce agreements.

15.2 Account data and content are generally retained while an account remains active. Where an account becomes inactive or is closed, personal data may be retained for a limited period, subject to user deletion requests, legal obligations, technical constraints, and system backup requirements.

15.3 Long-term retention is an intended feature of the Platform but does not constitute a guarantee of perpetual or indefinite storage.

15.4 Backup copies of data may persist for a limited time and may not be immediately accessible or deletable.16. Data Security and Protection Measures
16.1 StoryMoments implements appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

16.2 Such measures may include encryption, access controls, secure hosting environments, and internal policies governing data access.

16.3 While reasonable efforts are made to protect personal data, no method of transmission or storage is completely secure. Users acknowledge and accept this inherent risk.

16.4 Users are responsible for maintaining the security of their account credentials and for any activity carried out through their account.

17. Your Rights Under UK GDPR
17.1 Subject to applicable law, you have the following rights in relation to your personal data:
(a) the right to access your personal data;
(b) the right to request correction of inaccurate or incomplete data;
(c) the right to request deletion of personal data;
(d) the right to restrict processing;
(e) the right to object to processing based on legitimate interests; and
(f) the right to data portability, where applicable.

17.2 These rights are not absolute and may be limited where permitted by law.

If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements. The list of our data processors that will have access to your personal data includes:

18. Exercising Your Rights and Complaints
18.1 Requests to exercise data protection rights should be submitted using the contact details published on the StoryMoments website.

18.2 StoryMoments may require reasonable verification of identity before responding to a request.

18.3 We aim to respond to valid requests within the timeframes required by law.

18.4 If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the United Kingdom.

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

19. Children’s Data and Vulnerable Individuals
19.1 The Platform is not intended for use by individuals under the age of 18, and we do not knowingly collect personal data directly from children.

19.2 Users may include content relating to children or vulnerable individuals. In such cases, users are responsible for ensuring that all necessary consents and lawful bases are in place.

19.3 StoryMoments does not independently verify consent relating to third-party data included in user-generated content.

20. Changes to This Privacy Policy and Contact
20.1 We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or how the Platform operates.

20.2 Where required by law, we will notify users of material changes. The effective date at the top of this Privacy Policy indicates when it was last updated.

20.3 Questions, requests, or concerns relating to this Privacy Policy or personal data should be directed using the contact details provided on the StoryMoments website.