HSKStory

Privacy Policy

Last updated: March 9, 2026

The short version

We collect your email and reading activity to run the service. We don't sell your data — never have, never will. Payments go through Paddle — we never see your card details. You have full GDPR rights.

1. Who We Are

HSKStory is an online Chinese graded reading platform. Questions about this policy? Email anthony@hskstory.com.

2. What We Collect

Information you provide

  • Account: Email address and optional display name (we use passwordless magic link auth — no password is ever stored)

Collected automatically

  • Reading activity: Stories read, chapter progress, vocabulary saved, and flashcard reviews
  • Infrastructure logs: Our hosting provider (Cloudflare) and web server log IP addresses and request metadata as part of normal operations. We do not store this data in our application.

3. How We Use It

  • Run the service: Deliver stories, audio, and manage your account
  • Explorer limits: Track your story count
  • Process payments: Via Paddle (our payment processor)
  • Support: Respond to questions and resolve issues
  • Improve: Analyze usage patterns to improve content and features

We do not sell your personal data to third parties.

4. Third-Party Services

Paddle — Payments

Paddle acts as merchant of record. They process all payments, handle global tax compliance, and issue receipts. We never store or see your card details. Paddle Privacy Policy

Resend — Email

We use Resend to send sign-in links and transactional emails. They receive your email address for delivery purposes only.

Cloudflare — Hosting & Audio

Cloudflare proxies our web traffic and serves audio files. They process request data (IP address, headers) as part of normal CDN operations.

Sentry — Error Monitoring

When an error occurs, we send diagnostic data to Sentry to fix bugs. For signed-in users, this may include your user ID and email to help us identify and resolve the issue.

5. Data Storage & Security

Your data is stored on secure servers. We use passwordless authentication — no password is ever stored or transmitted. We retain your data while your account is active, plus 90 days after deletion.

6. Your Rights (GDPR)

You have the right to access, correct, delete, or export your data, and to opt out of marketing. Email anthony@hskstory.com to exercise any of these rights.

7. Cookies

We don't use advertising or tracking cookies. We use essential cookies for login and reader preferences (text size, font, voice). That's it.

8. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal data from children under 13.

9. Data Breaches

In the event of a data breach affecting your personal data, we will notify you within 72 hours.

10. Policy Changes

We will notify you of material changes to this policy via email before they take effect.