Children's Data

What We Collect

To create your child's storybook we collect:

• One or two photos of your child (provided by you, deleted after generation — see below) • Your child's first name and approximate age (used only to personalise the story text) • An adventure theme you choose

We do not collect your child's surname, date of birth, school, address, or any other identifying information. We do not collect data directly from children — everything goes through you, the parent or guardian.

How Photos Are Processed

Your photos are sent from your device to our secure UK/EU servers over an encrypted HTTPS connection. Before processing, we automatically strip all EXIF metadata from the image (including any GPS location data your phone may have embedded).

The photo is then sent to fal.ai — an AI image service operating under EU Standard Contractual Clauses — to train a personalised character model. fal.ai processes the image in a secure, isolated environment and does not use it for any other purpose.

How Long Photos Are Kept

Your photos are automatically deleted from all systems — including fal.ai's infrastructure — within approximately 30 minutes of your storybook generation completing. We do not retain any copy of your child's photo after this point.

The personalised character model (which is a mathematical representation, not a recoverable photo) is deleted at the same time. It is not used for any subsequent generation.

Who Has Access

Your child's photo is seen only by:

• Our automated processing pipeline (no human ever views individual photos) • fal.ai's secure infrastructure (subject to their Data Processing Agreement)

We do not share photos or story data with advertisers, data brokers, analytics services, or any other third party. Stripe (our payment processor) never receives photo or story data — they handle only payment information.

Photos Are Never Used to Train AI Models

Your child's photos are never used to train, fine-tune, or improve any AI model — ours or anyone else's. The personalised model created during generation is used only for your book and is deleted immediately after. We have confirmed this policy with fal.ai contractually.

AI Provider Data Retention

• fal.ai (image generation): input images and outputs are deleted within 30 minutes of generation. fal.ai does not retain data for model training. Full policy: fal.ai/privacy • Anthropic Claude (story text): story prompts are processed in real time and are not stored by Anthropic for training per their API data usage policy (no-training opt-out applies to all API customers by default). Full policy: anthropic.com/privacy • Stripe (payments): card and payment data is handled entirely by Stripe and never touches our servers. Full policy: stripe.com/privacy

Your GDPR Rights

As a parent or guardian, you have the following rights under UK GDPR:

• Right of access — request a copy of any data we hold about you or your child • Right to erasure — ask us to delete all data associated with your account or order • Right to rectification — ask us to correct inaccurate data • Right to restrict processing — ask us to pause processing while a dispute is resolved • Right to object — object to processing based on legitimate interests • Right to portability — receive your data in a machine-readable format

To exercise any of these rights, email hello@mytinytales.studio with the subject line: Data Request. We will respond within 30 days.

Contact & Complaints

Data controller: My Tiny Tales Ltd · hello@mytinytales.studio

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by phone on 0303 123 1113.

Last updated: April 2026.