Privacy Policy

Last updated: December 12, 2025

1. Introduction

Your Storybook ("Your Storybook", "we", "us", or "our") is committed to protecting your privacy and handling personal data transparently, securely, and in compliance with applicable data protection laws, including the UK GDPR, EU GDPR, the UK Data Protection Act 2018, and other relevant global privacy legislation.

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use https://yourstorybook.ai, our applications, and related services (collectively, the "Services").

2. Data Controller

Data Controller:
Your Storybook

Contact: [email protected]

3. Who Our Services Are For

Our Services are intended for parents or legal guardians who create personalised storybooks for their children.

We do not knowingly collect personal data directly from children. Any information about a child is provided by a parent or guardian, who confirms they have the authority to do so.

4. Personal Data We Collect

4.1 Information You Provide

Account & Contact Information

  • Name
  • Email address
  • Login credentials
  • Profile information

Payment & Transaction Data

  • Billing address
  • Payment status and transaction identifiers

(Payment card details are processed securely by third-party payment providers and are not stored by us.)

User-Generated Content

  • Story prompts and descriptions
  • Child-related descriptive information (e.g. age, hair colour, eye colour, skin tone)
  • Messages or support requests

Note: Descriptive child information is used solely to generate personalised content and is not used for profiling, advertising, or identity verification.

4.2 Information Collected Automatically

  • IP address
  • Device and browser information
  • Usage data
  • Cookies and similar technologies
  • Analytics data

4.3 Special Category Data

We do not intentionally collect special category data such as health, biometric, religious, or political data.

We may collect limited physical descriptors (e.g. skin tone) only to ensure visual consistency in generated illustrations. This information:

  • Is optional
  • Is not used for identification
  • Is not shared for advertising or profiling purposes

5. How We Use Personal Data

We use personal data to:

  • Provide and operate the Services
  • Create and deliver personalised storybooks
  • Manage user accounts
  • Process payments and fulfil orders
  • Communicate with users (transactional and marketing)
  • Provide customer support
  • Improve and secure the Services
  • Comply with legal and safeguarding obligations

6. Legal Bases for Processing (UK/EU GDPR)

We rely on the following legal bases:

  • Contract: to provide the Services you request
  • Consent: for marketing communications, cookies, and optional features
  • Legal obligation: where required by law
  • Legitimate interests: to operate, improve, and secure our Services (balanced against user rights)

7. Marketing Communications

We may send:

  • Transactional emails related to your account or purchases
  • Marketing emails where you have consented

You may unsubscribe from marketing emails at any time using the link in the email or by contacting [email protected].

8. Cookies & Tracking Technologies

We use cookies for:

  • Essential site functionality
  • Analytics
  • Advertising and marketing

Where required by law, we obtain your consent via a cookie banner. You can manage cookie preferences through the banner or your browser settings.

9. Sharing & Third-Party Processors

We share personal data only with trusted service providers, including:

  • Payments: Stripe
  • AI & content generation: OpenAI, Anthropic, Google (Gemini)
  • Email communications: SendGrid
  • Security & performance: Cloudflare
  • Analytics & advertising platforms: Google, Meta, TikTok, Snapchat

All processors are contractually required to protect personal data and use it only for authorised purposes.

10. International Data Transfers

Some of our service providers process data outside the UK or EU, including in the United States.

Where required, we rely on:

  • UK Addendum to EU Standard Contractual Clauses (SCCs)
  • EU SCCs
  • Other legally approved safeguards

11. Data Retention

We retain personal data only as long as necessary:

  • Account data: while your account is active and for up to 24 months after closure
  • Transaction records: as required by tax and accounting laws
  • User-generated content: until deleted by you or your account is closed
  • Marketing data: until you withdraw consent

We may retain anonymised or aggregated data indefinitely.

12. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Withdraw consent
  • Receive a copy of your data (portability)
  • Lodge a complaint with a data protection authority

Requests can be made to [email protected].

13. US Privacy Rights (CCPA / CPRA)

If you are a California resident, you may have rights to:

  • Know what personal data we collect
  • Request deletion
  • Opt out of certain data sharing

We do not sell personal data. Requests can be made via [email protected].

14. Security

We use appropriate technical and organisational measures to protect personal data, including encryption, access controls, and secure infrastructure.

No system is 100% secure, but we work to minimise risk.

15. Children's Privacy

We do not knowingly collect data directly from children. Parents and guardians are responsible for the information they provide about their children.

If you believe we have collected data improperly, contact us immediately.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

17. Contact Us

For privacy questions or requests:

[email protected]