Winter Sale — 20% off!
Sign In
EN
← Books

Privacy Policy

Last updated: June 3, 2026

This Privacy Policy explains how Big Story (operated by [COMPANY], [ADDRESS]) collects, uses, and protects your personal data when you create and order a personalized children's book. We process your data in accordance with the EU General Data Protection Regulation (GDPR).

1. Who is responsible (Data Controller)

The data controller is [COMPANY], [ADDRESS], VAT [VAT]. For any privacy question, contact us at [PRIVACY_EMAIL].

2. What data we collect

  • Photos you upload — including photos of children, used solely to generate the personalized illustrations of your book.
  • Order details — child's name, gender, dedication text, book language and other personalization you provide.
  • Contact & delivery — name, email, shipping address, phone (if provided).
  • Payment data — handled by our payment provider; we do not store full card numbers.
  • Technical data — IP address, device/browser info, and cookies (see our Cookie Policy).

3. Children's data

Our service is purchased by adults. By uploading a photo of a child, you confirm that you are the parent or legal guardian, or have the guardian's explicit permission. Children's photos are treated as sensitive and are used only to render the book's artwork — never for advertising, profiling, or model training by us.

4. How and why we use your data (legal bases)

  • To fulfil your order (Art. 6(1)(b) — performance of a contract): generate illustrations, print, and ship the book.
  • To process photos through AI (consent / contract): see Section 5 on third parties.
  • To comply with law (Art. 6(1)(c)): tax and accounting obligations.
  • Legitimate interests (Art. 6(1)(f)): fraud prevention, service improvement, support.

5. Who we share data with (Processors)

To deliver the product we rely on carefully selected service providers:

  • Hosting & storage — DigitalOcean and Cloudflare R2 (EU region, Frankfurt) store your order and images.
  • AI image generation — Google (Gemini API) processes uploaded photos to create the illustrations. This may involve a transfer to servers outside the EU/EEA (e.g. the USA), protected by Standard Contractual Clauses.
  • Print & delivery — Cloudprinter and its print/shipping partners across Europe receive the finished files and your delivery address.
  • Payments[PAYMENT_PROVIDER].

6. International transfers

Where data leaves the EU/EEA (for example, AI processing), we ensure an adequate level of protection through EU Standard Contractual Clauses or equivalent safeguards.

7. How long we keep your data

  • Uploaded photos & generated artwork — kept while your order is active and for a limited period afterwards to support reprints and support requests, then deleted. [RETENTION_PERIOD]
  • Order & invoice records — retained for the legally required period (typically up to 10 years for tax).

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your data, and to withdraw consent at any time. To exercise any right, contact [PRIVACY_EMAIL]. You also have the right to lodge a complaint with your local data protection authority.

9. Security

We use encryption in transit, access controls, and EU-based storage to protect your data.

10. Changes

We may update this policy. The "last updated" date above reflects the latest version.