Privacy Policy

This Privacy Policy explains how Younify Tech Limited ("we", "us", or "our") collects, uses, and protects your information when you use the Tiny Stories web app and website (the "Platform"). We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

1. Who we are

Younify Tech Limited is the controller of your personal data. Our registered office is in the United Kingdom. You can contact us at: hello@tinystories.ai.

2. What data we collect

We may collect and process the following types of personal data:

• Account Information: name, email address, password (stored in hashed format only)
• Payment Information: via third-party providers (e.g., Stripe); we do not store your full payment details
• Usage Data: IP address, device type, browser, and activity on the Platform
• Story Data: AI-generated content, saved projects, story preferences
• Support Communications: inquiries, complaints, or feedback
• Image Data: original photos and generated images used to create AI-styled characters
• Print Fulfilment Data: shipping name, address, and story content when users order printed books

We do not knowingly collect personal data directly from children under the age of 13.

3. How we use your data

We use your data to:

• Create and manage your account
• Provide access to features and story-generation services
• Process payments and manage subscriptions
• Facilitate the printing and delivery of ordered storybooks
• Communicate service updates or important notices
• Ensure Platform security and detect misuse
• Comply with legal obligations

4. Legal basis for processing

We process your personal data under the following legal bases:

• Consent: where required for optional features
• Contract: to provide services you have signed up for, including digital and printed products
• Legal Obligation: to comply with applicable laws
• Legitimate Interests: to improve services and maintain platform security

5. Data sharing and third-party services

We may share your data with:

• Service Providers: such as Stripe (payment processing), analytics tools, cloud hosting, and customer support systems
• Microsoft Clarity: used for behavioural analytics. It collects device data, session activity (e.g., scrolling, clicks), anonymised IP address, screen recordings, and page performance data. No personally identifiable information is stored or shared.
• OpenAI API: We transmit user-uploaded images to OpenAI's API services to generate styled characters. Processing is governed by OpenAI’s Privacy Policy.
• Third-Party Print Providers: When users place a print order, we securely share the necessary data (including name, delivery address, and story content) with our printing partners solely for the purpose of fulfilling the order
• Legal Authorities: if required to comply with the law or legal process

All third parties are contractually obligated to protect your data and process it in accordance with UK GDPR.

6. International data transfers

If your data is transferred outside the UK (e.g., for cloud hosting or AI processing), we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions.

7. Data retention

We retain personal data only for as long as necessary:

• Account and usage data: as long as the account is active
• Payment records: up to 7 years for tax/legal purposes
• Support communications: up to 3 years after resolution
• Original and generated images: stored indefinitely in Google Cloud until a user initiates deletion via account closure
• Print fulfilment data: retained only as long as needed to complete the order and meet delivery obligations

You may request deletion of your account and all associated data through the Platform's account closure feature.

8. Your rights under UK GDPR

You have the right to:

• Access your personal data
• Request correction or deletion
• Object to or restrict processing
• Withdraw consent (where applicable)
• Port your data to another provider

To exercise these rights, contact us at: hello@tinystories.ai.

9. Children's data

Our Platform is designed for adults (e.g., parents, teachers) to use in creating stories for children. We do not knowingly collect or store personal data from children under 13. Any data entered by adults about children (e.g., names for custom stories) is processed solely for the intended use and not stored long-term.

10. Cookies and tracking

We use cookies and similar technologies to:

• Maintain user sessions
• Analyse site usage
• Improve performance

You can manage cookie preferences through your browser settings.

11. Data security

We implement appropriate technical and organisational measures to protect your data, including encryption, access controls, and secure hosting. User credentials are stored in hashed format, and all data is stored securely in cloud environments.

12. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be notified via email or posted on the Platform.

13. Complaints

If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.

Contact us