Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect:

• Your email address (for login and important communications)
• Your name (to personalize your experience)
• A password (encrypted and never stored in plain text)
• Payment information (processed securely through Stripe; we never store card details)

Children's Information

To create personalised stories, we collect limited information about your children:

• First name only (never last name)
• Age
• Interests and hobbies
• Physical appearance details (for character generation)
• Optional hometown (city/region only, never full address)

We never knowingly collect information from children directly — only from parents and guardians who create child profiles on their behalf. Children's privacy is central to how we've built Sleepybook.

Generated Content

• Stories you generate
• AI-generated illustrations
• Character reference images

Usage Information

• Login timestamps and session data
• Stories created per month (for plan limits)
• Browser type and device information (for compatibility)
• Error logs (to fix bugs and improve the service)

2. How We Use Your Information

We use your information solely to:

• Provide the Service: Generate personalised stories and illustrations
• Manage Your Account: Handle authentication, billing, and subscription management
• Communicate: Send essential service updates, security alerts, and (with your permission) occasional feature announcements
• Improve Quality: Analyze usage patterns to fix bugs and enhance the experience
• Ensure Safety: Detect and prevent fraud, abuse, or security issues

3. How We Share Your Information

We share your information only in these limited circumstances:

Service Providers

We use trusted third-party services to operate Sleepybook:

• OpenAI: Generates story text (receives child's name, age, interests, and story theme)
• Google Gemini: Generates character illustrations (receives physical appearance details)
• Stripe: Processes payments securely (receives billing information)
• Resend: Sends transactional emails (receives your email address)

All service providers are contractually required to protect your data and use it only for providing their specific service to us.

Legal Requirements

We may disclose information if required by law, court order, or to protect our rights, property, or safety (or that of our users).

4. Data Storage and Security

We implement industry-standard security measures:

• Encryption: All data transmitted over HTTPS; passwords are hashed with bcrypt
• Access Control: Strict family account isolation—you can only access your own data
• Regular Backups: Data is backed up regularly to prevent loss
• Monitoring: We monitor for security threats and suspicious activity

While we take security seriously, no system is 100% secure. We encourage you to use a strong, unique password for your account.

5. Your Rights and Choices

You have the following rights:

Access and Export

You can view all your data through your account dashboard. Contact us to request a complete data export.

Update or Correct

You can update your profile and children's information anytime through the settings page.

Delete Your Data

You can delete child profiles or your entire account from the settings page. When you delete your account, we immediately and permanently remove all your personal data and generated content.

Opt-Out of Communications

You can unsubscribe from promotional emails using the link in any email. You'll still receive essential account-related communications.

6. Children's Privacy

We take children's privacy seriously. Sleepybook is designed for parents and guardians to use on behalf of their children. Children do not create accounts or interact with the service directly — only parents and guardians input information and generate content.

We collect only the minimum information needed to personalise stories: a first name, age, interests, and descriptive appearance details (for character illustrations). We never collect last names, addresses, photos of real children, or any contact information for children.

7. Cookies and Tracking

Essential Cookies

We use essential cookies to:

• Keep you logged in
• Remember your preferences
• Ensure security

These cookies are necessary for the service to function and cannot be disabled.

Analytics Cookies

With your consent, we use Google Analytics to understand how people use Sleepybook so we can improve the experience. Analytics cookies are only loaded after you accept them via the cookie banner. You can change your preference at any time by clearing your browser's local storage.

We do not use advertising cookies or sell any data collected through analytics.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we immediately and permanently delete all personal data, including child profiles, stories, and generated content, except where we're legally required to retain certain information (e.g., transaction records for tax purposes).

9. International Users

Sleepybook is operated from the United Kingdom. If you're accessing the service from outside the UK, your information will be transferred to and processed in the United Kingdom. By using Sleepybook, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes by email or through a prominent notice in the application. Continued use of Sleepybook after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: