Effective date: June 1, 2026 · Last updated: June 1, 2026
Contents
1. About Storyline CMS
Storyline CMS ("we," "us," or "our") is a web-based tool for creating and sharing interactive personal and family history timelines. The service is operated by David Johnson and is currently in public beta.
This Privacy Policy applies to the website at storylinecms.com and all associated subdomains and services. By using Storyline CMS, you agree to the practices described here.
2. What We Collect
Information you provide directly
- Account information — email address and password when you create an account. Your password is never stored by us; it is managed exclusively by Firebase Authentication.
- Timeline content — events, milestones, dates, descriptions, and any text you write while building your timeline. This is stored in our database and is yours.
- Uploaded files — images, PDFs, audio recordings, and video files you upload to attach to your timeline events. These are stored in Firebase Storage.
- Suggestions — if a visitor uses the "Suggest Edit" feature on a shared timeline, we collect their message and an optional name or alias they provide.
Information collected automatically
- Usage data — pages visited, features used, and timestamps of activity, collected through Firebase's standard server logs.
- Device information — browser type, operating system, and screen size, used to ensure the app displays correctly on your device.
- IP address — collected in server logs for security and abuse prevention purposes. Not linked to your account for tracking.
What we do NOT collect
We do not run advertising. We do not collect payment information (there is no paid tier during beta). We do not use tracking pixels, third-party ad networks, or behavioral profiling tools. We have explicitly opted out of Firebase Analytics.
3. How We Use Information
We use the information we collect only to provide and improve the service:
- To create and authenticate your account
- To store and display your timeline content
- To deliver uploaded files when your timeline is viewed
- To send account-related emails (email verification, password reset)
- To investigate and prevent abuse or unauthorized access
- To improve the product based on how features are used
We do not sell your information. We do not use your content to train AI models. We do not use your email address for marketing without explicit opt-in.
4. Data Storage & Security
Storyline CMS is built on Google Firebase, a platform operated by Google LLC. Your data is stored in the following Firebase services:
- Firebase Authentication — manages account credentials. Passwords are hashed using industry-standard algorithms. We never see your password in plain text.
- Cloud Firestore — stores your timeline content (text, dates, settings). Data is encrypted at rest and in transit.
- Firebase Storage — stores uploaded files (images, PDFs, audio, video). Files are accessible via secure URLs.
Firebase servers are located in the United States. By using Storyline CMS, you consent to your data being stored and processed in the United States.
Google Firebase's own privacy practices are governed by the Google Privacy Policy.
We take reasonable technical and organizational measures to protect your data, including access controls, encrypted connections (HTTPS), and Firebase Security Rules that prevent unauthorized access to your projects.
6. Children's Privacy (COPPA)
Important — Users Under 13
Storyline CMS is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 without verified parental consent as required by the Children's Online Privacy Protection Act (COPPA).
If you are a parent or guardian and believe your child under 13 has created an account without your consent, please contact us immediately at djindepth@gmail.com and we will delete the account and all associated data.
Educational and supervised beta testing programs
When Storyline CMS is used as part of a supervised educational program — including beta testing programs — the following additional protections apply:
- Participation by users under 13 requires signed parental or guardian consent before any account is created or data is collected.
- Schools or program coordinators acting as intermediaries may provide consent on behalf of students in accordance with FERPA, provided they have obtained appropriate parental permission.
- Student data collected during educational programs is used solely to provide the service during the program. It is not used for advertising, profiling, or any commercial purpose.
- All data from minor participants in a beta or educational program will be deleted within 30 days of the program's conclusion unless retention is specifically requested by the school or guardian.
- We recommend that participants in supervised programs use a school-issued email address or an alias rather than a personal email address.
Users aged 13–17
Users between the ages of 13 and 17 may use Storyline CMS with parental awareness. We encourage parents to review this policy with their teen before account creation. The same data minimization and no-advertising commitments apply.
7. Data Retention & Deletion
We retain your account information and timeline content for as long as your account is active.
Account deletion
You may request deletion of your account and all associated data at any time by emailing djindepth@gmail.com with the subject line "Delete my account." We will complete the deletion within 14 days and confirm by email.
Deletion removes: your account credentials, all timeline projects you own, all uploaded files in Firebase Storage, and all visitor suggestions on your timelines.
Beta program data
During the current beta period, we may retain anonymized, non-personally-identifiable usage patterns to improve the product after account deletion. No content, email addresses, or identifiers are retained.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate information
- Deletion — request that we delete your account and data (see Section 7)
- Portability — request your timeline data in a portable format (we can provide JSON exports)
- Withdrawal of consent — where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us at djindepth@gmail.com. We will respond within 30 days.
California residents may have additional rights under the California Consumer Privacy Act (CCPA). EU/EEA residents may have rights under the General Data Protection Regulation (GDPR). Please contact us to discuss your specific situation.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email.
Continued use of Storyline CMS after changes are posted constitutes acceptance of the updated policy. If you do not agree with a change, you may delete your account before the effective date of the revised policy.
10. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your personal data — including requests to delete data for a minor participant — please contact us:
- Email: djindepth@gmail.com
- Service: Storyline CMS, storylinecms.com
- Response time: We aim to respond to all privacy inquiries within 5 business days.
This privacy policy was prepared in good faith as a starting point for compliance. It does not constitute legal advice. Operators using this software with minors are encouraged to have this policy reviewed by a qualified attorney familiar with COPPA, FERPA, and applicable state student privacy laws before deployment.