What is StorifyMe?
StorifyMe is a cloud-based content management platform. Our customers can be everything from an online publisher using StorifyMe to publish news as mobile native experiences, or a retailer creating experiences to communicate with their audience.
The structure of your experiences is completely flexible and can be created by a member of your team in accordance with the requirements of your project (e.g. news, landing pages, FAQs, product information, reviews, promotional in-app material and so on). Similarly, your development team is free to integrate content into any application, device type or platform. For example, content can be loaded into a website, mobile apps, or any other experience.
A non-technical overview of StorifyMe’s service is available at: www.storifyme.com/.
What kind of content is stored in StorifyMe?
Your team can use StorifyMe to create, personalize, distribute and analyze a variety of experiences - from Web Stories to engaging articles. As a rule, all this content is intended for the wider public and is freely accessible through your websites, mobile apps, digital kiosks, etc. The public nature of editorial content means it is not subject to confidentiality or privacy restrictions.
Since StorifyMe was built from the ground up to serve editorial content, that has certain legal and technical implications for the type of content you deliver through our platform. You should be fine storing typical editorial content which includes:
- News articles (e.g. politics, sports, fashion)
- Blog posts for your website
- Product information (e.g. product descriptions for an e-commerce store)
- Store locations and hours
- Photo galleries and short videos
- In-app notifications
We strongly discourage you from storing any sensitive, regulated, or ephemeral content on our platform, including:
- Any sensitive data such as user accounts, email
- addresses, payment details, private keys
- Any personal data (also known as personally identifiable information, or PII). Because our service is intended for public information that you wish to publish, we specifically do not allow personal data that is sensitive or so called special categories of personal data (as these are defined in applicable laws), or any regulated data (which may include data such as health, medical or financial data).
How does StorifyMe deal with data protection regulations?
StorifyMe has its main offices in Munich, Germany. We therefore follow the strict German and European data protection rules (General Data Protection Regulation, GDPR) as well as the California Consumer Privacy Act (CCPA). We apply the same strict policies and practices throughout our organization, be it Munich or our Nis office or a remote worker.
First off, it’s important to understand that StorifyMe provides infrastructure, platform and services for its customers to manage their content that they specifically wish to publish. As such, the content is typically non-sensitive editorial content that customers want to publish, and have the right to publish, and it doesn’t usually contain personal data.
So what kind of personal data does StorifyMe process?
Your content that you upload to and manage on the StorifyMe platform and services may contain personal data, such as images of people. We do not know because we do not monitor your content, nor do we access your content unless you ask us to, for example to provide technical customer support. Our services will process your content for you and serve the content via application programming interfaces (APIs) and Content Delivery Network (CDNs) to your web, mobile and other applications for your end users to enjoy.
Because you as the customer are deciding where you want to show this content, you are in control of the user experience (including privacy and data processing) in places where content is shared. We know nothing about the end users of that will consume your content. We merely receive request headers from the incoming content requests (server or API calls) to be able to deliver your content anywhere you have shared it.
If you are using the StorifyMe web app to manage your content, StorifyMe requires the user’s name, email address and web app password and logs the IP address of the web app user. These are necessary pieces of information that are required for StorifyMe to provide the service, authenticate users and protect the service and your content.
That’s it. We process very limited personal data, all for purposes of providing and securing the service and your content. We do not track or profile end users via our service. Nor do we monitor or access your content unless you ask us to, for example to provide technical customer support. We simply provide content platform to enable you to deliver and manage content anywhere.
Where is customer content and customer personal data stored?
We use certified and secure servers provided by Amazon Web Services (AWS) and a AWS Content Delivery Network (CDN).
How does StorifyMe secure adequate level of data protection outside of the European Union?
As between you, our customer, and StorifyMe we will enter into a data processing agreement to govern our processing of your personal data. If needed, this will include so called standard contractual clauses approved by the EU Commission for transfer of personal data from the EU to countries outside of the EU. If you are a StorifyMe customer and you require a data processing agreement, please raise a support ticket in your StorifyMe account.
As between StorifyMe and its vendors like AWS, StorifyMe enters into similar data processing agreements, including the standard contractual clauses or other legally approved data transfer mechanisms to ensure adequate level of data protection to the extent personal data is transferred outside of the EU.
What are you doing to ensure compliance with data protection laws?
Although the StorifyMe services are intended for managing non-sensitive, public, editorial content, StorifyMe takes privacy and security seriously. This includes complying with the GDPR and the CCPA. Here are some highlights of our initiatives with regards to privacy and security:
- We are continuously investing in and improving our security. For more information on our security approach please see here.
- We are running training and Q&A sessions with our employees to raise awareness of privacy and security generally and GDPR specifically. All employees get a security onboarding training and commit contractually to maintaining data secrecy.
- We conduct security reviews on our vendors to ensure they maintain appropriate level of privacy and security.
- We make sure that we have appropriate contracts with our vendors to protect privacy and security. This includes data processing and data transfer agreements that address international data transfers, for example by including so called EU standard contractual clauses or other legally approved data transfer mechanisms.
- When we process personal data under the GDPR for our customers we will enter into appropriate contracts with such customers and comply with requirements set out in the GDPR and such contracts. If you are a StorifyMe customer and you use our services to process personal data and you do not yet have an appropriate agreement in place with StorifyMe, please raise a support ticket in your StorifyMe account.
- If a data breach should happen we have dedicated engineering staff on call and defined data breach processes to act swiftly and in accordance with the GDPR and our customer contracts, including notifying our customers, authorities or affected individuals, as applicable.
- We continue to monitor legal and regulatory developments, for example with respect to GDPR and CCPA implementation and best practices, and will adjust our approach accordingly.
How does StorifyMe deliver its services?
StorifyMe is a cloud-based platform used to create engaging experiences. StorifyMe develops and operates its service as a multi-tenant environment.
This means that your organization does not need to run any software (besides the presentation layer in which engaging experiences are displayed) on your systems, but instead is granted access to the StorifyMe cloud-based backend.
Due to its cloud-based architecture, StorifyMe does not ship installable proprietary software. StorifyMe is solely used as a cloud service, all intellectual property rights of the StorifyMe platform stay with StorifyMe. This also means that StorifyMe does not provide customer-specific tailored services or software or other professional services unless agreed differently.
How reliable is StorifyMe?
StorifyMe hosts and delivers content for the world’s largest organizations during a routine day and during the high-traffic events like Black Friday or the Super Bowl. We make an effort to provide a reliable service.
- Our uptime history is available on https://www.status.storifyme.com/
- Our enterprise SLAs provide our customers with service levels for service availability and support.
- We take security seriously (https://www.storifyme.com/security/) and include our security standards in our enterprise contracts.
Can we pay by check, wire transfer or PayPal?
Our self-service tier is built for the highest degree of automation, which permits us to offer self-service plans at low prices.
Adding custom payment terms or payment methods would result in high running costs and make the current plan prices untenable.
For this reason, we only accept payments by credit card on the self-service tier. Get in touch with our sales team for the improved enterprise version of StorifyMe, where we also support purchase orders, wire transfers (ACH, SEPA) and checks.
Can we change or amend the terms of service?
Just as for payment methods, offering custom legal terms would incur a lot of additional costs making it unsustainable for us to offer self-service plans at the current price levels.
For this reason, we do not support any changes to our online terms nor signing of any additional agreements nor carrying out of custom security audits on our self-service tier.
If you require more flexibility, contact our sales team to find out about the enterprise version of StorifyMe, where we offer more room for custom agreements.