Privacy Policy

Last updated: 2026-05-23

This policy explains what data PicBook("we", picbook.app) collects, why, and how parents can review or delete it. We aim for the minimum data needed to deliver a personalized storybook.

1. What we collect

From you (the parent / account holder):

  • Email address (required to deliver the personalized PDF and to log in)
  • Sign-in identifier from Apple, Google, or magic-link email — whichever you choose
  • Payment details: handled directly by Stripe; we receive only a customer/subscription ID, never your card number
  • IP address and user-agent on signup (used to detect abuse and prevent spam attacks)
  • Anonymous usage events (page views, clicks): which pages you visit, which books you open, share clicks. No keystrokes, no audio, no microphone, no precise location

About your child:only their first name (so they appear as the story's hero). We do not ask for date of birth, photos, voice, or any other child identifier. The name is stored with the order so the personalized PDF can be re-generated if needed. You can delete it any time via Account → Delete Account.

2. How we use it

  • Generate and deliver your personalized storybook
  • Authenticate you when you log back in
  • Send transactional emails (download link, receipt, account-related notifications)
  • Track subscription status for entitlement
  • Diagnose product issues and prevent abuse (the IP block list is built from this data)

We do not sell or rent your data, do not run third-party advertising inside the app, do not embed third-party tracking pixels for ad networks, and do not email you marketing without explicit opt-in.

3. Service providers we share with

  • Stripe — payment processing (when you subscribe). Stripe's privacy: stripe.com/privacy
  • Resend — sending transactional emails (login links, download links). Their policy: resend.com/legal/privacy-policy
  • Apple — Sign in with Apple, App Store purchases on iOS
  • Google — Sign in with Google (web)
  • Our hosting provider — runs the servers

4. Children's data (COPPA / GDPR-K)

PicBook is a service used by parents to make books for their children. Children do not create accounts and do not interact with the service directly. The only child-related data we hold is the first name the parent enters; we treat it as parent-provided information and use it solely for personalization.

We do not collect children's contact information, photos, voice, location, or behavioral data. We do not knowingly allow under-13 users to register. If you believe a child has registered, email hello@picbook.appand we'll remove the account.

5. Your choices

  • Access: email us and we'll send what we have on you
  • Correct: edit your child's default name in Account / Settings
  • Delete: Settings → Delete Account removes your user record, child name, orders, and analytics events. Billing records may be retained for tax/legal reasons in an anonymized form
  • Stop magic-link emails: simply don't request new ones; existing links expire in 15 minutes

6. Retention

We retain account data while your account is active. After deletion, personal data is removed within 30 days. Anonymized billing records may be retained up to 7 years to meet tax/audit obligations.

7. Security

All traffic is HTTPS. Magic-link tokens are short-lived (15 min) and single-use. Sessions are signed and rotated. Payment details never touch our servers.

8. Changes

We'll post any material changes here and update the "Last updated" date. Continued use after a change means you accept it.

9. Contact

Questions, requests, or complaints — email hello@picbook.app.