Skip to content
KidBook logoKidBook
Effective: 2026-04-17

Privacy Policy

KidBook ("we", "us") is operated as a sole proprietorship registered in the Republic of Azerbaijan. This Privacy Policy explains what personal data we collect when you use kidbook.online and the KidBook mobile app (the "Service"), how we use it, and what rights you have. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

To provide the Service we collect the following categories of personal data, provided directly by you:

  • Account data โ€” email address, password (hashed), optional name, preferred language, country (detected from IP or chosen by you).
  • Child profile data โ€” the child's first name, age, gender (optional), and interests you enter when creating a book.
  • Photos โ€” one to three photographs of the child, and optional photos of additional characters (siblings, friends, pets). Photos are processed by automated face-detection algorithms solely to generate illustrations that resemble the child.
  • Payment data โ€” orders, amounts, and currency. Card details are entered directly into our payment providers (Paddle, LemonSqueezy, Payriff) and never touch our servers.
  • Technical data โ€” IP address, browser or device type, pages visited, and basic analytics events.

2. How We Use Your Data

We use your data only to:

  • create, illustrate, and deliver your personalized storybook;
  • authenticate your account and secure the Service;
  • process payments and send receipts;
  • respond to support requests;
  • improve the Service (aggregated analytics, not used for advertising).

3. Legal Basis (GDPR)

For users in the European Economic Area and the United Kingdom, we process your data on the following legal bases: (a) performance of the contract under our Terms of Service (creating the book you requested); (b) your explicit consent for processing child data and photographs (including face detection, which constitutes special category / biometric-adjacent data under Article 9 GDPR); (c) our legitimate interests in securing and improving the Service; (d) legal obligations (tax, accounting).

You may withdraw consent at any time by deleting your account or emailing us. Withdrawal does not affect the lawfulness of processing before withdrawal.

4. Children's Privacy (COPPA)

The Service is intended for parents and legal guardians to create storybooks for their children. It is NOT intended for direct use by children under 13, and we do not knowingly collect personal data from a child.

  • All accounts must be created by a parent or legal guardian aged 18 or older.
  • Child data you submit (name, age, photos) is used only to generate the storybook you request and is not shared with third parties for marketing.
  • If you believe we have collected data directly from a child under 13 without proper parental consent, contact us immediately and we will delete it.

5. Photo & Biometric Processing

Photographs you upload are stored in encrypted object storage (Cloudflare R2) and processed by face-detection models to generate consistent illustrations. We do not use photos to train general AI models, do not sell them, and do not use them for any purpose beyond producing your storybook. Photos and face-detection outputs are deleted together with the associated book or when you delete your account.

6. Your Rights

Subject to applicable law (GDPR, UK GDPR, Azerbaijan Law on Personal Data, and others), you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your account and all associated data (right to erasure);
  • export a copy of your data (data portability);
  • object to or restrict certain processing, and lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@kidbook.online. We respond within 30 days.

7. Third-Party Processors

We share data with trusted subprocessors, each bound by their own data protection terms:

Paddle

global payment processing and invoicing.

LemonSqueezy

global merchant of record for digital goods โ€” handles checkout, taxes, and invoicing.

Kapital Bank

payment processing for Azerbaijan customers (AZN).

Google Gemini, FAL AI

AI text, illustration, and audio generation. Prompts and photos are sent only as required to generate your book.

Cloudflare R2

encrypted object storage for photos, illustrations, and PDFs.

Google Analytics

anonymous usage analytics. You can opt out via the cookie banner or browser settings.

8. Data Retention

We retain your account and books for as long as your account is active. When you delete your account, all personal data โ€” including books, uploaded photos, characters, and orders โ€” is permanently erased within 30 days, except where we are legally required to retain records (e.g. tax and accounting records, up to 5 years).

9. International Transfers

We are based in Azerbaijan. Some subprocessors (Paddle, LemonSqueezy, Google, Cloudflare) operate globally and may process your data outside your country of residence. We rely on standard contractual clauses and equivalent safeguards where required.

10. Security

We apply industry-standard technical and organizational measures: encryption in transit (TLS), password hashing (bcrypt), encrypted storage, least-privilege access controls, and regular security reviews. No system is perfectly secure; please use a strong unique password.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email or in-app notice at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

Questions?

Reach out any time โ€” we respond within 30 days.

support@kidbook.online
See our Terms of Service