Duckling,
Privacy Policy

Last updated: 16 June 2026

Before the fine print

We built Duckling as a place to slow down and pay attention, not as a machine for harvesting you. So our approach to your data is simple: we collect the least we can, we use it only to run the things you've asked us to run, we never sell it, and we don't profile you or feed you an algorithm.

This policy explains, in plain terms, what we hold, why, and the rights you have over it. If anything is unclear, write to us at contact@duckling.co. We'd rather answer a real question than hide behind a clause.

1. Who is responsible for your data

The data controller is Duckling Media ApS (CVR 43764810), Overgaden oven Vandet 98, DK-1415 Copenhagen, Denmark. You can reach us about anything in this policy at contact@duckling.co.

2. What we collect

We only collect what we need to give you Duckling:

  • Your account. Your name, email address, phone number (used to send you a verification code when you log in), and a securely stored (hashed) password.

  • Your profile. Anything you choose to add about yourself, such as a short bio.

  • Your membership and payments. If you become a paid member, your subscription tier and billing status. Card payments are handled by our payment provider; we never see or store your full card number.

  • The stories you make. The documentary stories you create and publish, including the photos, video, text, and audio in them.

  • Basic technical data. Limited logs such as device and browser type and IP address, which we use to keep the service secure and working.

  • Messages to us. What you write when you contact us or sign up for our newsletter.

3. Why we use it, and on what legal basis

We use your data for clear purposes, each with a lawful basis under the GDPR:

  • To run your membership and the platform, including your account, your stories, and the community. (Legal basis: performing our contract with you.)

  • To process payments and keep proper accounts, including invoices and tax records. (Legal basis: performing our contract, and our legal obligations under Danish bookkeeping and tax law.)

  • To keep Duckling safe and working, such as preventing abuse and fixing problems. (Legal basis: our legitimate interest in a secure, reliable service.)

  • To send you our newsletter, if you've asked for it. (Legal basis: your consent, which you can withdraw at any time.)

4. What we don't do

We think this matters as much as what we do, so we'll say it plainly:

  • We don't sell your personal data, ever.

  • We don't profile you or rank your feed by tracking your behaviour.

  • We don't run behavioural or targeted advertising.

  • We don't use your data to make automated decisions about you.

5. Who we share it with

We keep your circle of data small. We use a few trusted providers to run Duckling, and they may only process your data on our instructions, under a data processing agreement. As things stand, these include:

  • Stripe for payments and billing.

  • Google Cloud for hosting Duckling and storing your stories.

  • Twilio for sending a verification code to your phone when you log in.

  • Squarespace for sending you our newsletter.

We share data with public authorities only where the law requires it. We do not otherwise pass your data to anyone else.

6. Where your data lives

Your data is stored within Europe. A few of the providers above are based outside the EU and may handle limited data elsewhere, for example when processing a payment or sending a verification text. Where that happens, we rely on the safeguards the GDPR requires, such as the European Commission's Standard Contractual Clauses, so your data keeps its protection wherever it travels.

7. How long we keep it

We keep your data only as long as we need it:

  • Account and profile data, for as long as you're a member. When you delete your account, we delete this data immediately.

  • Payment and accounting records, for as long as Danish bookkeeping law requires (currently five years from the end of the relevant financial year).

  • Your stories, until you unpublish or delete them, subject to the note on shared copies in our Terms.

  • Newsletter data, until you unsubscribe.

When a period ends, we delete or anonymise the data.

8. Your rights

The GDPR gives you strong rights over your data, and we'll always help you use them. You can ask us to:

  • see the data we hold about you;

  • correct anything that's wrong;

  • delete your data (the "right to be forgotten");

  • limit or object to how we use it;

  • receive a copy of your data in a portable format; and

  • withdraw consent at any time, where we relied on it.

To exercise any of these, just write to contact@duckling.co. We'll respond within the time the law allows (normally one month).

If you feel we've handled your data wrongly, you can complain to the Danish Data Protection Agency, Datatilsynet (Carl Jacobsens Vej 35, 2500 Valby; datatilsynet.dk). We'd appreciate the chance to put it right first, but it's your call.

9. Cookies

We use only the cookies we need to keep you logged in and the service running. We don't use cookies to track you across the web or for advertising, and we don't use any web analytics tools.

10. Children

You need to be at least 13 to use Duckling. We don't knowingly collect data from anyone younger. If you believe a child has given us their data, write to us and we'll remove it.

11. The people in your stories

Documentary storytelling involves real people. If you publish a story, you're responsible for having the rights and consents needed for anyone identifiable in it, as set out in our Terms of Membership. If you appear in a story and want to raise a concern, contact us and we'll help.

12. Changes to this policy

We may update this policy as Duckling evolves. If a change meaningfully affects you, we'll let you know in good time rather than quietly editing the page.

13. Getting in touch

Duckling Media ApS · Overgaden oven Vandet 98, DK-1415 Copenhagen, Denmark · contact@duckling.co

Free your story.