Bindlestory

Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes what we collect, how we use it, and the choices you have. It applies to the Bindlestory mobile application and related services (together, the "Service").

1. Information We Collect

Account information. When you sign up we collect your email address, display name, chosen sign-in method (email/password, Sign in with Apple, or Google Sign-In), and preferred language.

Voice recordings (biometric data). To clone your voice, we collect short audio samples you record in-app. We also collect a per-language consent recording in which you read a scripted phrase. Voice recordings are biometric data under applicable privacy laws.

Content you create. Text you paste or upload for narration, extracted text from documents you upload (PDF, EPUB, DOCX, ODT, plain text), generated audiobooks, cover art, bookmarks, and playback positions.

Content fingerprints. For every piece of text we process, we compute and store a SHA-256 fingerprint of the normalised text. The fingerprint is used to deduplicate identical uploads and — where we have actioned a DMCA notice against a specific piece of content — to prevent re-uploads of the same material. See Section 9 (DMCA) for how the fingerprint interacts with takedown notices.

Payment information. We do not see your full payment details. In-app purchases are processed by your device's app store, and a subscription-management partner records your subscription state on our behalf. We receive a customer identifier, the product you bought, and its status (active, cancelled, expired, trial).

Friends and sharing data. If you use the Sharing with Friends feature, we collect and store:

Shared content access logs. When a friend plays an audiobook you have shared with them, we log the authorisation event for audit purposes. Aggregate access counts may be shown to the audiobook's owner; individual play events are not surfaced to the owner.

Device and usage data. IP address, device model, operating system and version, app version, locale, timezone, and diagnostic logs. We use this to detect abuse, debug issues, and measure feature usage.

2. How We Use Your Information

We use your information to:

We do not sell your personal information or Your Content. We do not use Your Content to train generative models for anyone other than you.

3. Legal Basis for Processing (GDPR)

We process your personal information on the following legal bases:

You can reach us at [email protected] at any time to exercise these rights or to ask a question about how we process your data.

4. Who We Share With

We share information with third parties only as needed to operate the Service, and only to the minimum extent required for each purpose:

All of these processors operate inside the European Economic Area, and each is bound by a data-processing agreement that restricts them to using information only for the purposes we specify. The specific vendors change over time; we do not list them here because that list is commercially sensitive, but we will disclose it when a data subject has a legitimate request under GDPR.

We do not share your data with other Bindlestory users beyond what the features themselves require. Specifically, when you accept a friend request or receive a shared audiobook, the counter-party sees your display name, avatar, and — for shares — the metadata of the audiobook being shared with you (title, duration, cover). Your email address is never exposed to another user through the friends feature; email is only used to deliver an invite and is stored on the invite row until it is accepted or expires.

5. International Transfers

Bindlestory is operated inside the European Economic Area. When information would be transferred outside the European Economic Area, we rely on approved transfer mechanisms such as the Standard Contractual Clauses.

6. Data Retention

7. Your Rights

Depending on where you live, you may have rights under GDPR, CCPA, or similar laws to:

You can export your data and request account deletion from the app's Settings screen. For other requests, email [email protected].

8. Children

Bindlestory is intended for adults (16+). Users under 16 are not permitted to sign up for Bindlestory, record a voice sample, or otherwise use the Service on their own behalf. Adults may add children as listener-only sub-profiles under their family account. We do not knowingly collect data from children beyond the minimum needed to operate playback (a display name; no email, no standalone account, no voice recording, no friends activity, no sharing).

Child sub-profiles may not use the Sharing with Friends feature in any form: they cannot send or receive friend requests, cannot hold a friend code, cannot appear in another user's friend list, and cannot be the recipient of a shared audiobook. This is enforced both in the app and at the server level.

The adult account holder who adds a child sub-profile is the legal guardian of that profile on the platform, is responsible for the child's use of the Service, and is responsible for compliance with our Terms of Service and community rules on that child's behalf. Parents and guardians should review both the Privacy Policy and the Terms of Service before adding a child, and should supervise the child's listening sessions to stay informed about what's playing back.

Because under-16s cannot hold a Bindlestory account, a child sub-profile doesn't have its own privacy settings; the parent profile's settings apply, and any data-subject request (access, deletion, export) is initiated by the parent on behalf of the child profile. If you believe we have collected information from a child outside this flow, contact [email protected] and we will delete it.

9. DMCA, Abuse Reports, and Rights-Holder Correspondence

If a rights-holder submits a DMCA takedown notice targeting content you have uploaded or shared, we will:

When we correspond with the complaining rights-holder, we disclose only the information necessary to process the notice. We do not disclose the identity of the complaining party to you beyond what is required by law or required to enable a valid counter-notification under 17 U.S.C. § 512(g)(3).

Non-copyright abuse reports — including unauthorised voice cloning, deepfake misuse, impersonation, non-consensual intimate audio, and harassment — are handled under Section 11 of the Terms of Service and are routed to [email protected]. When we correspond with the reporter, with authorities, or with a data protection authority about an abuse report, we disclose only the information necessary to process it. Where AI-generated audio is the subject of a report, we may use the inaudible perceptual watermark described in Section 11 of this Policy to confirm that the audio originated from our Service.

Our designated agent for DMCA notices is:

10. Security

We use industry-standard safeguards including encryption in transit and at rest, hashed passwords, scoped access tokens with rotation, and access logging. No system is perfectly secure, so we encourage you to use a strong, unique password and to enable biometric unlock if your device supports it.

For the Sharing with Friends feature, we apply additional technical protections:

These measures raise the effort required to extract or redistribute shared audiobook audio. They do not guarantee technical impossibility on rooted or jailbroken devices, and the limited licence granted to recipients under the Terms of Service prohibits any attempt to circumvent them.

When you add a child sub-profile, the platform requires you to set a 6-digit PIN on your parent profile. This PIN is what stops the child from switching back to your creator context — keep it private from the child as part of the supervision responsibility described in Section 8.

11. AI Transparency

Audiobook audio generated by the Service carries an inaudible perceptual watermark that identifies it as AI-generated and lets Bindlestory, rights-holders, platforms, and law enforcement verify that a given audio file originated from our pipeline. The watermark carries no personal information about you — it identifies the Service, not the user. We generate the watermark as part of the text-to-speech pipeline described in Section 2; no additional personal data is collected to produce it. See Terms of Service Section 5 for the related use terms, and Section 9 of this Policy for how the watermark is used when we action an abuse report.

12. Changes to This Policy

When we make material changes to this policy we will notify you in-app and require you to re-accept before continuing to use the Service. Minor clarifications that do not change your rights will be noted with a revised "Last updated" date above.

13. Contact

Our data controller is Bindlestory, reachable at [email protected]. DMCA notices and counter-notifications should be sent to [email protected] per Section 9. Non-copyright abuse reports should be sent to [email protected] per Section 9. We aim to respond to GDPR requests within 7 days; in cases where the request requires significant review or involves a large volume of data, our response may take up to 30 days, as permitted under GDPR.