Privacy Policy

Last updated: March 2026

1. Introduction

StarInMyStory ("we", "us", "our"), is committed to protecting the privacy of our users and especially the children whose profiles are created on our platform. This Privacy Policy describes how we collect, use, store, and protect personal information when you use our AI-powered personalized children's storybook service.

2. Information We Collect

Account Information

  • Name, email address, and password (for email registration)
  • OAuth profile data (for Google or Apple Sign-In)
  • Payment information (processed securely by Stripe — we never store card numbers)

Child Profile Information

  • Child's first name, age, and optional birthday
  • Interests, favorite animals, themes, colors, and personality traits
  • Pronouns and character style preference
  • Portrait photograph (with explicit parental consent)

Usage Information

  • Books created, pages generated, art styles selected
  • Device type, browser, and IP address (for security and analytics)
  • Consent records (timestamp, IP, user agent)

3. How We Use Child Photos

Child portrait photos are our most sensitive data. We handle them with the highest level of care:

  • Purpose: Used exclusively to generate personalized storybook illustrations where the child appears as the hero character
  • Processing: Photos are analyzed by our AI to extract visual characteristics (skin tone, hair color, facial features) which are used to generate illustrated versions of the child
  • Storage: Encrypted at rest in secure cloud storage, accessible only through authenticated API endpoints
  • No public access: Child photos are never displayed publicly, shared with third parties, or included in any public gallery
  • No AI training: We do not use uploaded child photos to train or fine-tune any AI models
  • Deletion: Parents can delete child profiles and all associated photos at any time through their dashboard

4. Data Storage & Security

  • All data is stored in secure, encrypted cloud infrastructure
  • File storage uses S3-compatible encryption at rest
  • Authentication uses JWT tokens with short-lived access tokens and secure refresh tokens
  • Passwords are hashed using bcrypt (never stored in plain text)
  • API endpoints are protected with rate limiting to prevent abuse
  • All consent actions are logged with IP address and timestamp for audit compliance

5. Third-Party Services

We use the following third-party services:

  • OpenAI: For story generation and illustration creation. Text prompts and character descriptions (not raw photos) are sent to generate illustrations. Subject to OpenAI's Privacy Policy.
  • Stripe: For payment processing. We never see or store your full card number. Subject to Stripe's Privacy Policy.
  • Google/Apple: For optional social login only. We receive your name and email.

6. Parental Consent

We require explicit parental consent before collecting any child information. During child profile creation, parents must confirm:

  • They are the parent or legal guardian of the child
  • They consent to the uploaded photo being used for storybook personalization only
  • They understand they can delete the child's profile and all data at any time

All consent actions are recorded with timestamp, IP address, and user agent for compliance.

7. Your Rights

  • Access: View all your data through your dashboard
  • Correction: Edit child profiles and account information at any time
  • Deletion: Delete child profiles, photos, books, or your entire account
  • Portability: Download your books as PDF files
  • Withdrawal of consent: Revoke photo usage consent at any time

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data, child profiles, photos, and generated books will be permanently deleted within 30 days. Payment records may be retained longer for legal and accounting purposes.

9. Children's Privacy (COPPA Compliance)

StarInMyStory is designed for parents to create content for their children. We do not knowingly collect personal information directly from children under 13. All information is collected from and controlled by the parent/guardian account holder.

10. Contact Us

For privacy questions, data requests, or concerns, contact us at:

Email: privacy@starinmystory.com
Company: StarInMyStory