Privacy Policy
Effective [DATE] · Last updated [DATE]
Draft — replace the bracketed placeholders (legal entity, contact, jurisdiction, dates, retention) and have counsel review before relying on this.
Overview
Dreamie is a children's-storybook studio and marketplace operated by [LEGAL ENTITY]. This policy explains what we collect, how we use it, who we share it with, and the choices you have. Accounts are for adults (18+); children access stories through an adult's account.
Information we collect
- Account: name, email, and avatar from your sign-in provider (Google, and optionally Microsoft or an email magic link).
- Content you create: the story text you write, book metadata (title, author byline, categories), and the AI-generated illustrations.
- Purchases: order records (book, format, price). Card details are handled by Stripe — we never see or store them. For print orders we collect a shipping address to fulfill delivery.
- Usage: first-party analytics events (page views, reader interactions, catalog actions) stored in our own database. These carry only counts, ids, and enums — never story text, search queries, or any child's name or age. There is no per-child tracking and no third-party ad/analytics tracker.
- Session: an opaque sign-in cookie and a per-tab session id (not a device fingerprint); a local theme preference.
How we use it
To run the service (drafting, illustration, layout, export), process payments and fulfill orders, keep the marketplace safe, improve Dreamie in aggregate, and communicate about your account. We do not sell your personal information.
Service providers we share with
- Google (Gemini): generates story text and illustrations from the text and reference images you provide. See Google's Privacy Policy.
- Stripe: processes payments and creator payouts. See Stripe's Privacy Policy.
- Lulu: prints and ships physical books; receives the print-ready file and your shipping address. See Lulu's Privacy Policy.
- Cloudflare (R2): stores and serves generated illustration images. See Cloudflare's Privacy Policy.
- Sign-in providers (Google / Microsoft / email): authenticate you; we never receive your password.
Children's privacy
Dreamie does not create accounts for children or knowingly collect personal information from them. Children experience books through an adult's account; the adult controls what is created and shared. Our analytics never identify or profile a child. If you believe a child provided us personal information, contact [CONTACT EMAIL] and we will delete it.
Retention
We keep your account and books until you delete them. Analytics events are retained for [RETENTION PERIOD]. Payment and print records are kept as required for tax, accounting, and dispute resolution ([RETENTION PERIOD]).
Your rights
You can access, correct, export, or delete your data — manage your profile in Settings, or contact [CONTACT EMAIL]. Depending on where you live you may have rights under the GDPR (access, rectification, erasure, portability, objection) or the CCPA (know, delete, opt-out of sale — we do not sell personal information). We honor these regardless of your location.
Security
Data is encrypted in transit (HTTPS). Sign-in is delegated to your provider, so we store no passwords. Access to production data is limited. No system is perfectly secure, but we work to protect your information.
Changes & contact
We may update this policy; we'll revise the "Last updated" date and, for material changes, notify you. Questions: [CONTACT EMAIL], [LEGAL ENTITY], [MAILING ADDRESS].