Privacy Policy

1. What We Collect

When you use My Tiny Tales, we collect:

• Photos you upload (see Section 3 for deletion timescales) • Your child's first name, approximate age, and chosen adventure theme • Standard usage data (browser type, page views) via Google Analytics — only if you have given explicit cookie consent • Payment details are handled entirely by Stripe; we never receive or store card numbers.

2. How We Use Your Data

Your photo is used solely to create a personalised AI character for your storybook. The child's name and age are used to customise the story text. We do not use this information for advertising, profiling, or any secondary purpose.

3. Photo Deletion

Uploaded photos are automatically stripped of all metadata (including GPS location) before processing. They are sent securely to fal.ai for AI character generation and permanently deleted from all systems — including fal.ai's infrastructure — within approximately 30 minutes of your book being generated. We do not store, view, or share your photos. See our Children's Data page for full details.

4. Children's Privacy

My Tiny Tales is designed to be used by parents and guardians on behalf of children. We do not knowingly collect personal data directly from children under 13, and we do not require children to interact with our service. If you believe a child has submitted data without parental consent, please contact us and we will delete it immediately.

5. AI Provider Data Retention

We use the following AI services:

• fal.ai (image generation) — images are processed in isolated pipelines, not used for model training, and deleted within 30 minutes of generation completing. • Anthropic Claude (story text) — story prompts are processed in real time. Anthropic does not store API inputs for training by default for API customers.

Neither provider uses your data to train models.

6. Data Sharing

We use the following sub-processors:

• Stripe — payment processing (PCI-DSS compliant; never sees photo or story data) • fal.ai — AI image generation (EU Standard Contractual Clauses apply) • Anthropic — story text generation (US; EU SCCs apply) • Vercel — hosting and edge delivery • Google Analytics — aggregate usage analytics (only with your consent)

We do not sell, rent, or share your personal data with any other third parties.

7. Cookies

We use cookies in the following categories:

• Necessary — session cookies required to keep the creation flow working. Cannot be disabled. • Analytics — Google Analytics (GA4) to understand how visitors use the site. Only set after you give explicit consent. • Marketing — not currently used.

You can change your cookie preferences at any time via the Cookie Settings link in the footer.

8. Cookie Consent Expiry

We store your cookie preference for 6 months, after which we will ask again. This is in line with UK ICO guidance on PECR.

9. Your Rights

Under UK GDPR you have the right to access, rectify, erase, restrict, or port your data, and to object to processing. To exercise any of these rights, email hello@mytinytales.studio with 'Data Request' in the subject line. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Contact

Data controller: My Tiny Tales Ltd · hello@mytinytales.studio

This policy was last updated April 2026.