Privacy Policy

Effective Date: 8th April 2026

This Privacy Policy explains how Younify Tech Limited ("we", "us", or "our") collects, uses, and protects your information when you use the Tiny Stories web app and website at tinystories.ai (the "Platform"). We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

1. Who we are

Younify Tech Limited is the data controller responsible for your personal data. Our registered office is in the United Kingdom (company number 15449518). You can contact us at: hello@tinystories.ai.

2. What data we collect

We may collect and process the following types of personal data:

Account Information: email address, name (where provided via social login), profile picture, authentication provider, and password (stored in hashed format only for email/password accounts).
Character & Story Data: character names, descriptions, visual attributes, age-group preferences, story topics, and AI-generated story content (text and images).
Image Data: original photos you upload and AI-styled images generated from them. These images may depict children and are processed solely for the purpose of creating personalised stories and products.
Payment Information: processed securely by Stripe. We do not store your full card details. Stripe collects your email, name, phone number, billing address, and shipping address on our behalf during checkout.
Order & Shipping Data: shipping name, email, phone number, and full delivery address when you order physical products (books, mugs, posters, fridge magnets).
Usage & Analytics Data: we operate a first-party analytics system (no third-party trackers). We collect: device type, browser, operating system, screen dimensions, approximate location (country and city derived from network headers), pages visited, session duration, and referrer information.
Shopping Preferences: your selected country and currency, and items in your shopping cart (persisted to your account).
Support Communications: inquiries, complaints, or feedback you send us.
Error & Diagnostic Data: client-side errors including page context and browser information, used solely to fix bugs and improve the Platform.

3. How we use your data

We use your data to:

Create and manage your account
Generate personalised stories and AI-styled character images
Generate product mockups (mugs, posters, fridge magnets) featuring your characters
Process payments and manage purchases via Stripe
Fulfil and deliver physical product orders through our printing partners
Send transactional emails (welcome, story ready, order confirmation, shipping updates)
Analyse Platform usage to improve our services (using first-party analytics only)
Diagnose and fix technical issues
Detect and prevent fraud or misuse
Comply with legal and tax obligations

4. Legal basis for processing

We process your personal data under the following legal bases:

Contract: to provide the services you have signed up for, including story generation, product creation, payment processing, and order fulfilment.
Legitimate Interests: to improve our Platform, analyse usage patterns, diagnose errors, and maintain security. We balance our interests against your rights and only process data where the impact on you is minimal.
Legal Obligation: to comply with tax, accounting, and other legal requirements.
Consent: where required for optional features. You can withdraw consent at any time by contacting us.

6. International data transfers

Your data may be transferred outside the United Kingdom for processing. Specifically:

AI providers (OpenAI and Google) may process story prompts and images in the United States.
Stripe processes payment data in the United States and other jurisdictions.
Fulfilment partners operate manufacturing facilities in multiple countries to produce and ship your orders.

Where data is transferred outside the UK, we rely on appropriate safeguards including standard contractual clauses, adequacy decisions, or equivalent protections recognised under UK GDPR.

7. Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

Account, character, and story data: retained while your account is active. You can delete individual characters and stories at any time. Deleting your account removes all associated data.
Images (uploaded and generated): stored until you delete them or close your account. AI-styled images and product mockups are deleted alongside the associated character or story.
Payment and order records: retained for up to 7 years after the transaction to comply with tax and legal requirements.
Analytics data: session and event data is retained for up to 12 months and then automatically purged.
Error and diagnostic logs: retained for up to 90 days.
Support communications: retained for up to 3 years after resolution.

You may request deletion of your account and all associated data at any time through the Platform's account settings or by contacting us. When you delete your account, we permanently remove your profile, stories, characters, and images. Order records are anonymised (your user ID is removed) but retained for legal compliance. Learn more about data deletion.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of your data (subject to legal retention requirements).
Restriction: request that we limit how we process your data in certain circumstances.
Objection: object to processing based on legitimate interests.
Portability: request your data in a structured, machine-readable format.
Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at: hello@tinystories.ai. We will respond within one month.

9. Children's data

Tiny Stories is designed for adults — parents, guardians, and teachers — to create personalised stories and products for children. The Platform is not intended for use by children directly.

Data about children: When you create a story, you may provide character names, descriptions, and photos that relate to a child. This information is treated as personal data under UK GDPR. We process it solely for the purpose of generating your personalised story and products, and it is stored within your account under your control.

Character names and descriptions are sent to our AI providers (OpenAI, Google Gemini) to generate illustrations. Uploaded photos are used to create AI-styled character images. We do not use children's data for marketing, profiling, or any purpose beyond creating the content you requested.

You can delete any character (and all associated images) at any time through the Platform. Deleting your account permanently removes all character data.

We do not knowingly collect personal data directly from children under the age of 13. If we become aware that a child has provided us with personal data without parental consent, we will take steps to delete that data promptly.

10. Cookies and tracking

We use a minimal set of cookies and browser storage, all first-party:

Authentication cookie (token): a secure, HTTP-only cookie containing your session token. Expires after 30 days. Essential for keeping you logged in.
Shopping context cookie (shop_ctx): stores your selected country and currency. Expires after 30 days. Essential for displaying correct pricing.
Visitor identifier (localStorage): a randomly generated ID used for anonymous usage analytics. Contains no personal information.
Session identifier (sessionStorage): a temporary ID for grouping analytics events within a single browser session. Cleared when you close the tab.

We do not use third-party tracking cookies. We do not use Google Analytics, Meta Pixel, or similar third-party analytics services. All usage data is collected and stored in our own first-party analytics system.

Geolocation: We determine your approximate country and city from network headers provided by our hosting infrastructure. This is used to display appropriate pricing and shipping options. We do not use GPS or precise location data.

You can manage cookies through your browser settings. Disabling essential cookies (authentication, shopping context) may prevent the Platform from functioning correctly.

11. Data security

We implement appropriate technical and organisational measures to protect your data, including:

Passwords stored using bcrypt hashing (we cannot read your password)
HTTPS encryption for all data in transit
Secure, HTTP-only cookies for authentication
Database hosted on managed infrastructure with encryption at rest
Access controls limiting who can access production systems
Stripe PCI-DSS compliance for all payment processing (card details never touch our servers)

Some user-generated images are stored with URLs that may be accessible if the link is known. Avoid sharing image links if you wish to keep content private.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or a notice on the Platform. We encourage you to review this page periodically.

13. Complaints

If you have concerns about how we handle your data, please contact us first at hello@tinystories.ai. We take all complaints seriously and will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk.

Contact us

Email: hello@tinystories.ai

Younify Tech Limited

Company number 15449518

United Kingdom

↑Back to top

Privacy Policy

Effective Date: 8th April 2026

1. Who we are

Younify Tech Limited is the data controller responsible for your personal data. Our registered office is in the United Kingdom (company number 15449518). You can contact us at: hello@tinystories.ai.

2. What data we collect

We may collect and process the following types of personal data:

Account Information: email address, name (where provided via social login), profile picture, authentication provider, and password (stored in hashed format only for email/password accounts).
Character & Story Data: character names, descriptions, visual attributes, age-group preferences, story topics, and AI-generated story content (text and images).
Image Data: original photos you upload and AI-styled images generated from them. These images may depict children and are processed solely for the purpose of creating personalised stories and products.
Payment Information: processed securely by Stripe. We do not store your full card details. Stripe collects your email, name, phone number, billing address, and shipping address on our behalf during checkout.
Order & Shipping Data: shipping name, email, phone number, and full delivery address when you order physical products (books, mugs, posters, fridge magnets).
Usage & Analytics Data: we operate a first-party analytics system (no third-party trackers). We collect: device type, browser, operating system, screen dimensions, approximate location (country and city derived from network headers), pages visited, session duration, and referrer information.
Shopping Preferences: your selected country and currency, and items in your shopping cart (persisted to your account).
Support Communications: inquiries, complaints, or feedback you send us.
Error & Diagnostic Data: client-side errors including page context and browser information, used solely to fix bugs and improve the Platform.

3. How we use your data

We use your data to:

Create and manage your account
Generate personalised stories and AI-styled character images
Generate product mockups (mugs, posters, fridge magnets) featuring your characters
Process payments and manage purchases via Stripe
Fulfil and deliver physical product orders through our printing partners
Send transactional emails (welcome, story ready, order confirmation, shipping updates)
Analyse Platform usage to improve our services (using first-party analytics only)
Diagnose and fix technical issues
Detect and prevent fraud or misuse
Comply with legal and tax obligations

4. Legal basis for processing

We process your personal data under the following legal bases:

Contract: to provide the services you have signed up for, including story generation, product creation, payment processing, and order fulfilment.
Legitimate Interests: to improve our Platform, analyse usage patterns, diagnose errors, and maintain security. We balance our interests against your rights and only process data where the impact on you is minimal.
Legal Obligation: to comply with tax, accounting, and other legal requirements.
Consent: where required for optional features. You can withdraw consent at any time by contacting us.

6. International data transfers

Your data may be transferred outside the United Kingdom for processing. Specifically:

AI providers (OpenAI and Google) may process story prompts and images in the United States.
Stripe processes payment data in the United States and other jurisdictions.
Fulfilment partners operate manufacturing facilities in multiple countries to produce and ship your orders.

Where data is transferred outside the UK, we rely on appropriate safeguards including standard contractual clauses, adequacy decisions, or equivalent protections recognised under UK GDPR.

7. Data retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

Account, character, and story data: retained while your account is active. You can delete individual characters and stories at any time. Deleting your account removes all associated data.
Images (uploaded and generated): stored until you delete them or close your account. AI-styled images and product mockups are deleted alongside the associated character or story.
Payment and order records: retained for up to 7 years after the transaction to comply with tax and legal requirements.
Analytics data: session and event data is retained for up to 12 months and then automatically purged.
Error and diagnostic logs: retained for up to 90 days.
Support communications: retained for up to 3 years after resolution.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of your data (subject to legal retention requirements).
Restriction: request that we limit how we process your data in certain circumstances.
Objection: object to processing based on legitimate interests.
Portability: request your data in a structured, machine-readable format.
Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at: hello@tinystories.ai. We will respond within one month.

9. Children's data

Tiny Stories is designed for adults — parents, guardians, and teachers — to create personalised stories and products for children. The Platform is not intended for use by children directly.

You can delete any character (and all associated images) at any time through the Platform. Deleting your account permanently removes all character data.

10. Cookies and tracking

We use a minimal set of cookies and browser storage, all first-party:

Authentication cookie (token): a secure, HTTP-only cookie containing your session token. Expires after 30 days. Essential for keeping you logged in.
Shopping context cookie (shop_ctx): stores your selected country and currency. Expires after 30 days. Essential for displaying correct pricing.
Visitor identifier (localStorage): a randomly generated ID used for anonymous usage analytics. Contains no personal information.
Session identifier (sessionStorage): a temporary ID for grouping analytics events within a single browser session. Cleared when you close the tab.

You can manage cookies through your browser settings. Disabling essential cookies (authentication, shopping context) may prevent the Platform from functioning correctly.

11. Data security

We implement appropriate technical and organisational measures to protect your data, including:

Passwords stored using bcrypt hashing (we cannot read your password)
HTTPS encryption for all data in transit
Secure, HTTP-only cookies for authentication
Database hosted on managed infrastructure with encryption at rest
Access controls limiting who can access production systems
Stripe PCI-DSS compliance for all payment processing (card details never touch our servers)

Some user-generated images are stored with URLs that may be accessible if the link is known. Avoid sharing image links if you wish to keep content private.

12. Changes to this policy

13. Complaints

If you have concerns about how we handle your data, please contact us first at hello@tinystories.ai. We take all complaints seriously and will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk.

Contact us

Email: hello@tinystories.ai

Younify Tech Limited

Company number 15449518

United Kingdom

↑Back to top

1. Who we are

2. What data we collect

3. How we use your data

4. Legal basis for processing

5. Data sharing and third-party services

Payment Processing

AI Content Generation

Print Fulfilment

Authentication

Email Communications

Cloud Infrastructure

Legal Authorities

6. International data transfers

7. Data retention

8. Your rights under UK GDPR

9. Children's data

10. Cookies and tracking

11. Data security

12. Changes to this policy

13. Complaints

Contact us

1. Who we are

2. What data we collect

3. How we use your data

4. Legal basis for processing

5. Data sharing and third-party services

Payment Processing

AI Content Generation

Print Fulfilment

Authentication

Email Communications

Cloud Infrastructure

Legal Authorities

6. International data transfers

7. Data retention

8. Your rights under UK GDPR

9. Children's data

10. Cookies and tracking

11. Data security

12. Changes to this policy

13. Complaints

Contact us