Privacy Policy

Last Updated: 24th November 2025

Storybook Genie is a trading name of GRAICEFUL LTD, registered in England & Wales (Company No. 15205742), with its registered office at:

236 Ombersley Road, Worcester, WR3 7HA, Worcestershire, United Kingdom.

This Privacy Policy explains how Storybook Genie ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our mobile app, website, and related services (the "Service").

We are committed to complying with the UK GDPR, EU GDPR, US state privacy laws, COPPA, Canadian PIPEDA, and other applicable global privacy standards.

By using the Service, you agree to this Privacy Policy.

1. Who We Are (Data Controller)

GRAICEFUL LTD

Email: privacy@storybookgenie.com

We act as the Data Controller for all personal information processed by the Service.

2. Information We Collect

We collect personal information when you use the Service.

2.1 Information You Provide

Account Information

  • Email address
  • Password (encrypted; we never store plain text)

Child Profile Information

Parents may optionally enter:

  • First name or pseudonym
  • Age

Parents must not enter identifying or sensitive information about children.

All child data must be entered and managed by an adult.

Story Inputs (Prompts)

We collect:

  • Free text prompts
  • Template choices
  • Other story generation settings

User-Generated Stories

We store:

  • AI-generated stories
  • AI-generated images
  • Story metadata
  • Saved and shared stories

Stories may be stored indefinitely unless deleted by you.

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

Device & Technical Data

  • IP address
  • Device type/model
  • Operating system
  • Browser type
  • App version
  • Time zone

Usage Data

  • Page views and app screens
  • Buttons clicked and features used
  • Story generation activity
  • Session duration
  • Crash logs and error reports (via Firebase)

Cookies & Web Tracking

Our website may use:

  • Essential cookies
  • Functional cookies
  • Analytics cookies (Firebase or future providers)
  • Security cookies

Where required, we ask for cookie consent.

2.3 Information From Third Parties

We receive some data from service providers:

  • Kinde — authentication status, account details
  • Firebase — analytics and crash reporting
  • RevenueCat — subscription and purchase status
  • Apple & Google — purchase verification
  • OneSignal — push notification tokens
  • OpenAI — AI-generated outputs (we do not receive user-identifiable data from OpenAI)

3. How We Use Your Information

We use your information to provide and improve the Service.

3.1 Providing the Service

  • Creating and managing user accounts
  • Generating stories and illustrations
  • Storing your story library
  • Managing subscriptions and credits
  • Providing customer support
  • Sending essential notifications (account changes, receipts)

3.2 Improving the Service

  • Monitoring usage
  • Enhancing story quality and app performance
  • Fixing bugs and technical issues
  • Developing new features

3.3 Safety & Moderation

  • Detecting inappropriate inputs
  • Preventing misuse
  • Removing harmful publicly shared content

3.4 Communications

  • Service notifications
  • Password resets
  • Purchase confirmations
  • Push notifications (only if you enable them)

We do not send marketing communications without consent.

4. AI Processing (OpenAI)

To generate stories and images, we securely send your prompts to:

OpenAI, L.L.C.

What we send

  • Text prompts
  • Template choices
  • Required metadata

How we handle outputs

  • Generated content is stored by us indefinitely unless deleted
  • OpenAI does not use your inputs or outputs to train their models
  • We do not send child profile data to OpenAI unless absolutely necessary for story generation (e.g., age), and only if entered by a parent.

5. Legal Bases for Processing

Under UK/EU GDPR, we rely on:

  • Performance of a contract — to operate the Service
  • Legitimate interests — analytics, safety, fraud prevention
  • Consent — cookies, child profile data
  • Legal obligation — financial record-keeping

6. How We Share Your Information

We do not sell or rent your personal information.

We share data only with trusted service partners:

PurposeProvider
Login & authenticationKinde
Story generationOpenAI
PaymentsApple, Google, RevenueCat
Analytics & errorsFirebase
Push notificationsOneSignal
Hosting & storageAWS, MongoDB Atlas (UK)

All processors act under strict data protection contracts.

7. International Data Transfers

We store all core data in the United Kingdom.

When data is transferred internationally (e.g., to OpenAI or Firebase), we use:

  • Standard Contractual Clauses (SCCs)
  • UK IDTA addendums
  • Additional safeguards and encryption

8. Data Retention

We retain data only as long as necessary:

Data TypeRetention Period
StoriesIndefinitely, unless you delete them
PromptsSame as associated story
Child profilesUntil deleted or account removal
Account dataUntil you delete your account
Logs & diagnostics90 days
Purchase metadataAs required by Apple/Google

Upon account deletion:

  • Stories, prompts, and child profiles are deleted
  • Some anonymised analytics may be retained
  • Financial records may be retained for legal compliance

9. Children's Privacy (COPPA, GDPR, PIPEDA)

The Service is designed for adults.

We do not knowingly collect personal information directly from children under 13 (US COPPA) or under 18 (EU/UK GDPR definition of minors).

Parents or guardians may optionally enter:

  • A child's first name or pseudonym
  • Age

Parents are responsible for:

  • Reviewing child data
  • Ensuring no identifying information is entered
  • Monitoring children's use of the app

If we discover that a child has provided information directly, we will delete it.

To request deletion: 📧 privacy@storybookgenie.com

10. Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access your personal data
  • Delete your data
  • Correct inaccurate information
  • Object to certain processing
  • Restrict processing
  • Withdraw consent
  • File a complaint with a regulator

10.1 UK/EU Users

Rights under GDPR apply.

10.2 US Users (CCPA/CPRA & Other State Laws)

California and certain US states grant:

  • Right to know what data is collected
  • Right to delete personal data
  • Right to correct inaccurate data
  • Right to opt out of "sale or sharing" of data
  • Right to non-discrimination

We do not sell or share personal information for advertising or marketing.

10.3 Canadian Users (PIPEDA)

You may request:

  • Access to your personal information
  • Correction of inaccurate data
  • Information about how your data is processed internationally

To exercise any rights, contact:

📧 privacy@storybookgenie.com

We do not currently offer full data export/download functionality.

11. Security

We use industry-standard security measures, including:

  • Encryption in transit and at rest
  • Firewalls and access controls
  • Secure cloud infrastructure
  • Periodic audits
  • Limited employee access
  • Monitoring and intrusion detection

No system is completely secure, but we take reasonable steps to protect your information.

12. Third-Party Links

Our website or app may link to third-party websites.

We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are significant, we will notify you:

  • In the app
  • On our website
  • Or by email (if appropriate)

Continued use of the Service constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions or requests relating to your personal data, contact:

📧 privacy@storybookgenie.com

We will respond within the timeframes required by applicable laws.