Privacy Policy

Last Updated: 13 February 2026

This privacy policy explains how ChildHeroStoryBooks.com collects, uses, stores, and protects your personal data when you use our website https://ChildHeroStoryBooks.com ("the Website"), place an order, or contact us. By using our Website, you agree to the terms of this Privacy Policy.

1. Collected Personal Data

1.1 Data you provide directly to us

  • Contact and Account Details: Name, email address, and encrypted password when creating an account.
  • Order Details: Billing and shipping addresses for physical book delivery.
  • Personalisation Data: Names, storyline choices, prompts, and instructions entered by you. Please do not enter sensitive medical or special category data in free text fields.
  • Uploaded Images: Photos uploaded for illustration purposes, processed by AI systems to create personalised characters.
  • Communication Data: Information provided when contacting us.
  • Payment Details: Processed securely by external payment providers. We receive payment confirmation only.

1.2 Data collected automatically

  • Technical Data: IP address, browser type, operating system, device information.
  • Usage Data: Pages visited, time spent, clicks, and interaction data.

2. Purposes of Data Processing

We process personal data for the following purposes:

  • Creating and managing user accounts.
  • Processing and delivering orders.
  • Generating personalised children's books (digital and physical).
  • Checking text input for compliance with terms and intellectual property rules.
  • Customer service communication.
  • Sending order confirmations and service notifications.
  • Improving website functionality and user experience.
  • Fraud prevention and legal compliance.

3. Legal Bases for Processing (UK GDPR)

  • Performance of a contract (Art. 6(1)(b)).
  • Consent (Art. 6(1)(a)) for uploaded images and personalisation data.
  • Legal obligation (Art. 6(1)(c)) for tax and regulatory duties.
  • Legitimate interests (Art. 6(1)(f)) for fraud prevention and service improvement.

4. Sharing Personal Data

We do not sell personal data. Data is shared only where necessary with:

  • Payment providers.
  • Printing and shipping partners.
  • Hosting and IT providers.
  • AI technology providers for content generation.
  • Analytics services (data anonymised where possible).
  • Authorities where legally required.

International transfers may occur outside the UK or EEA. We ensure appropriate safeguards such as UK-approved contractual clauses or recognised data protection frameworks.

5. Retention Periods

  • Account data: Retained while account remains active.
  • Order and invoice data: Minimum 7 years for tax compliance.
  • Personalisation files (photos and generated eBooks): Stored for up to 10 weeks then permanently deleted.
  • Communication data: Up to 2 years after resolution.

6. Cookies and Tracking Technologies

We use functional, analytical, and (with consent) marketing cookies. Users are informed via a cookie banner on first visit. Consent can be withdrawn at any time via website or browser settings. Disabling cookies may affect website functionality.

7. Security Measures

We implement appropriate technical and organisational measures including:

  • SSL/TLS encryption.
  • Secure hosting environments.
  • Access controls.
  • Regular system updates.

No internet transmission is completely secure. In case of a data breach with risk to your rights, we will notify you in accordance with UK GDPR requirements.

8. Your Rights Under UK GDPR

You have the right to:

  • Access your data (Art. 15).
  • Rectify incorrect data (Art. 16).
  • Request erasure (Art. 17).
  • Restrict processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing (Art. 21).
  • Not be subject to solely automated decisions (Art. 22).

Requests will be responded to within one month. You may lodge a complaint with the Information Commissioner's Office (ICO).

9. AI Processing of Images

By uploading images, you consent to processing by AI systems solely for creating your personalised book. Images and prompts are not used to train AI models. Your data remains your property.

10. Children's Data

Our products are ordered by adults. We do not knowingly collect data directly from children without parental consent. Children's personal data is processed only for product personalisation.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be published on the Website.

12. Contact Details

For questions or to exercise your rights, contact:

Email: [email protected]
Website: https://ChildHeroStoryBooks.com