Privacy Policy

Last updated: 1/10/2026

1. Personal Data Collected

We collect various types of personal data to provide and improve our services:

1.1 Data you provide directly to us

  • Contact and Account Data: Your name, email address, password (encrypted) when you create an account.
  • Order Data: Address details (billing and shipping address) for shipping physical books.
  • Personalization Data: The name(s) to be included in the book, chosen story steps, and textual instructions (prompts) you enter. Note: do not enter sensitive medical or special category personal data in the free text fields.
  • Uploaded Images: Photos you upload for personalizing the illustrations. These are analyzed by our AI systems to generate an illustration resembling the character.
  • Communication Data: Data you provide when you contact us via email or other communication channels.
  • Payment Data: This is not stored directly by us but processed by our external payment provider (e.g., Stripe). We only receive a confirmation of the payment.

1.2 Data collected automatically

When you visit our Website, we may automatically collect certain data via cookies and similar tracking technologies (see also Article 6 ‘Cookies and Tracking Technologies’):

  • Technical Data: IP address, browser type and operating system, device data.
  • Usage Data: Pages visited, click behavior, duration of your visit, and interactions on the Website.

2. Purposes of Data Processing

We process your personal data exclusively for the following purposes:

  • Creating and managing your account.
  • Processing, producing, and handling your orders.
  • Generating personalized children's books (both eBooks and physical books) using AI technology.
  • Checking textual input for conflicts with our terms and conditions (e.g., detection of copyrighted terms or inappropriate content).
  • Shipping your ordered products (physical books) and making digital eBooks available for download.
  • Communicating with you about your order, answering your questions, or providing customer service.
  • Sending service-oriented emails (e.g., order confirmations, shipping notifications).
  • Improving our products, services, and the functionality of our Website.
  • Analyzing website usage to optimize user-friendliness (anonymized where possible).
  • Complying with legal obligations, such as tax retention duties.
  • Preventing fraud and misuse of our services.

3. Legal Grounds for Processing

We process your personal data based on the following legal grounds (GDPR):

  • Performance of the agreement (Art. 6(1)(b) GDPR): For processing your order, delivering the products, and managing your account.
  • Consent (Art. 6(1)(a) GDPR): For the use of the photos you upload and specific personalization data for creating the children's books. You give this consent when uploading and confirming your choices. You have the right to withdraw this consent at any time, although this does not affect the lawfulness of processing before the withdrawal.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with our administrative and fiscal obligations.
  • Legitimate interest (Art. 6(1)(f) GDPR): For fraud prevention, enforcing our terms and conditions (preventing intellectual property infringement), and improving our services.

4. Sharing Personal Data with Third Parties

We do not sell your personal data to third parties. We only share your data with third parties if necessary for the performance of our services. We conclude Data Processing Agreements (DPAs) with these parties.

This concerns the following categories:

  • Payment Providers (e.g., Stripe): For the secure processing of your payments.
  • Shipping Partners and Printing Facilities: For the production and delivery of physical products.
  • Hosting and IT Service Providers: For hosting the Website and data storage.
  • AI Technology Providers: Specialized parties for generating texts and illustrations via artificial intelligence. Your uploaded photos and textual input (prompts) are processed by these systems to create the final product.
  • Analytics Services (e.g., Google Analytics): For analyzing website usage (anonymized as much as possible).
  • Authorities: If required by law.

Transfer outside the EEA

Because we use advanced third-party AI technology, your data (including photos and prompts) may be processed on servers outside the European Economic Area (EEA), particularly in the United States. We ensure that we only work with parties that offer an appropriate level of protection in accordance with the GDPR.

5. Retention Periods

We do not retain your personal data longer than is strictly necessary to realize the purposes for which your data is collected, or as required by law. We apply the following retention periods:

  • Account Data: As long as your account is active, or until you request deletion.
  • Order and Invoice Data: At least 7 years, in accordance with the statutory retention obligation for tax authorities.
  • Data for Personalization (Photos and eBooks): The photos uploaded by you AND the digital eBooks generated from them are stored for a maximum of 10 weeks. After 10 weeks, these files are automatically and permanently deleted.
  • Communication Data: Up to 2 years after handling your question or complaint.

6. Cookies and Tracking Technologies

We make use of cookies and similar technologies to analyze the use of our Website, improve functionality, and, with your consent, for marketing purposes.

  • Functional (Necessary) Cookies: Essential for the correct functioning of the Website.
  • Analytical Cookies: Help us understand how visitors use the Website.
  • Marketing Cookies: Used to track browsing behavior and show relevant advertisements (only with consent).

7. Security of Personal Data

We take the protection of your personal data seriously and take appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. This includes encryption (SSL/TLS), secure servers, and access management.

8. Your Rights (Data Subject Rights)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to notification
  • Right to data portability
  • Right to object
  • Right not to be subject to automated individual decision-making

If you believe that our processing of your personal data infringes privacy legislation, you have the right to lodge a complaint with the competent Data Protection Authority.

9. AI Generation and Use of Images

When uploading images for the personalization of your children's book, you explicitly give us consent to process these images through our AI systems and those of our carefully selected technology partners. This processing takes place exclusively for generating the ordered product. Important: We and our partners do not use your photos and input data to train AI models. Your data remains your property.

10. Children's Data

Our products are aimed at children but are ordered by adults. We do not knowingly collect personal data directly from children without the consent of a parent or legal guardian. If you suspect that we have collected personal data from a child without the required consent, please contact us.

11. Changes to the Privacy Policy

We reserve the right to modify this privacy policy. Changes will be published on our Website. We advise you to consult this policy regularly.

12. Contact Details

If you have questions about this privacy policy, the processing of your personal data, or if you wish to exercise your rights, you can contact us via email at support@tinytales.studio.