Legal

Privacy Policy

Last updated: March 2026

Data Controller

Simone Degl'Innocenti, Im Brisgi 20, 5400 Baden, Switzerland. Contact: [email protected]

Data We Collect

  • Child’s first name and age
  • Story preferences (theme, tone, values, co-protagonist)
  • Payment data (processed by Stripe — we never see card details)
  • Technical data (IP address hash, session ID, browser type)

Purpose of Processing

  • To generate your personalized book
  • To process payment
  • To notify you when your book is ready (if you provide an email)

Legal Basis

Contract performance (Art. 6(1)(b) GDPR): processing is necessary to deliver the personalized book you ordered. For optional email notifications, we rely on your consent.

Sub-Processors

We use the following third-party services to generate your book:

  • OpenAI (USA) — text and image generation. Receives: story content and image prompts. Child names are replaced with placeholders before transmission.
  • Anthropic (USA) — text generation. Receives: story content. Child names are replaced with placeholders before transmission.
  • Google Gemini (USA/EU) — text generation (used as fallback if primary provider is unavailable)
  • Cloudflare Workers AI (global edge network) — image generation (used as fallback if primary provider is unavailable)
  • Stripe (USA) — payment processing

Before sending data to AI providers, your child’s name is replaced with a placeholder. Providers do not receive identifiable information about your child.

Data Retention

  • Books and generated content: 12 months
  • AI prompts and raw generation data: 6 months
  • Notification email: 90 days after book delivery
  • Payment records: retained as required by law (10 years in Switzerland)

Your Rights

Under GDPR, the Swiss Federal Act on Data Protection (nDSG/FADP), and the California Consumer Privacy Act (CCPA), you have the right to:

  • Access your personal data
  • Request deletion of your data
  • Correct inaccurate data
  • Receive your data in a portable format

Submit your request via our privacy request form or email [email protected]. We respond within 30 days.

Cookies

We use only essential technical cookies (session ID). We do not use advertising, analytics, or third-party tracking cookies.

Children’s Privacy

This service is designed for use by parents and guardians, not by children directly. We do not knowingly collect personal information from children under 13 (COPPA) or under 16 (GDPR). All data entry is performed by the adult user. If you believe a child has provided data directly, contact [email protected] for immediate deletion.

Contact

For privacy questions, contact [email protected].

Submit a privacy request
Privacy Policy | BimbiBook