Privacy Policy

1. Introduction

Welcome to TinyStoked ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and personalized book generation service.

This service uses artificial intelligence (AI) to generate personalized stories and illustrations. By using our service, you acknowledge that your data will be processed by AI providers as described in this policy.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Email address for authentication
• Child Information: Child's name, age, physical appearance details (hair color, eye color, skin tone), and activity preferences
• Story Customization Data: Personalization choices for book generation
• Payment Information: Processed securely through third-party payment processors (we do not store credit card details)

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on site
• Device Information: Browser type, operating system, IP address
• Cookies: Essential cookies for authentication and session management

2.3 AI-Generated Content

The personalized stories and illustrations created for your books are generated using artificial intelligence technology provided by OpenAI (including GPT-4 for text and DALL-E 3 for images). Your input data is sent to these AI services to generate customized content.

3. How We Use Your Information

We use the information we collect to:

• Create and deliver personalized adventure books featuring your child
• Process your orders and payments
• Communicate with you about your orders and our services
• Generate AI-powered stories and illustrations through OpenAI's APIs
• Improve our service and user experience
• Comply with legal obligations
• Send marketing communications (only with your consent)

4. AI Provider Data Sharing

4.1 OpenAI Data Processing

• What data is shared: Child's name, age, physical descriptions, activity preferences, and story themes
• Purpose: To generate personalized stories and character illustrations
• OpenAI's commitment: As of our last update, OpenAI states that data submitted via their API is not used to train their models unless you explicitly opt in
• Data retention: OpenAI may retain API data for up to 30 days for abuse monitoring, then deletes it (per their policy)

For more information, please review OpenAI's Privacy Policy and their API Data Usage Policies.

5. Third-Party Service Providers

We work with trusted third-party service providers who help us operate our business:

• OpenAI: AI-powered story and image generation
• Supabase: User authentication and database services
• Cloudflare R2: Secure image storage
• Loop.so/Mailgun: Email delivery services
• Payment Processors: Secure payment processing (e.g., Stripe)

These service providers have access only to the information necessary to perform their functions and are obligated to protect your information.

6. Data Sharing and Sale

We will only share your information:

• With your explicit consent
• With service providers necessary to deliver our service (as described above)
• To comply with legal obligations or court orders
• To protect our rights, privacy, safety, or property
• In connection with a business transfer, merger, or acquisition (you will be notified)

7. Your Privacy Rights

7.1 California Privacy Rights (CPRA)

If you are a California resident, you have the following rights:

• Right to Know: Request information about what personal data we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of your personal information
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

7.2 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to our processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@tinystoked.com. We will respond to your request within 30 days (or as required by applicable law).

8. Children's Privacy

Our service is designed for parents and guardians to create books for their children. We do not knowingly collect personal information directly from children under 13 without verifiable parental consent.

Parents/guardians provide their child's information to personalize books. We treat all child information with heightened privacy protections and use it solely for creating personalized books.

9. Cookie Policy

We use cookies for:

• Essential Cookies: Required for authentication and site functionality
• Analytics Cookies: To understand how visitors use our site (only with consent)
• CAPTCHA: Cloudflare Turnstile to prevent spam and abuse

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect site functionality.

10. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Secure authentication via magic link (passwordless)
• Regular security audits and updates
• Limited employee access to personal data
• CAPTCHA protection against automated abuse

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our services
• Comply with legal obligations
• Resolve disputes and enforce agreements

When you request deletion of your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law.

12. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address

We encourage you to review this Privacy Policy periodically. Your continued use of our service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: