Privacy Policy

Last Updated: 2026-04-27

1. Who We Are

StoryWarm ("we", "us", "our") is operated by StoryWarm Yayıncılık Ltd. Şti. (Türkiye). We act as the data controller for personal information processed via our website (storywarm.com) and related services.

Contact:

• General: hello@storywarm.com
• Privacy / Data Requests: privacy@storywarm.com
• DMCA / IP Notices: dmca@storywarm.com

2. Information We Collect

2.1 Information You Provide Directly

• Waitlist (current): Email address, optional marketing consent.
• Account information (post-launch): Email, display name, password hash.
• Story input (post-launch): Child's name, age, favorite things, special moments — provided by you on behalf of your family. We do not collect data directly from children under 13.
• Payment information: Processed entirely by Paddle; we never see your full card number.
• Optional reference photo (V1): Stored temporarily on Cloudflare R2 (EU region) and automatically deleted within 24 hours. We never train AI models on your photo.

2.2 Information Collected Automatically

• IP address, browser, OS, page views, timestamps (anonymized after 90 days)
• UTM tracking parameters (utm_source, utm_medium, utm_campaign)

2.3 What We Do NOT Collect

• ❌ Voice recordings
• ❌ Biometric face data (FLUX.1 Kontext stylizes; no face recognition)
• ❌ Children's personal information collected directly from children under 13
• ❌ Health information
• ❌ Financial information beyond Paddle-tokenized payment

3. How We Use Your Information

• Service delivery: Generate your personalized book (story via OpenAI; illustrations via Black Forest Labs FLUX.1 Kontext)
• Order fulfillment: Print and ship hardcover orders via Lulu Direct or Gelato
• Customer support & communication
• Service improvement: Aggregated, anonymized analytics
• Legal compliance: Tax records, fraud prevention, DMCA processing

We do NOT:

• Sell personal data to third parties
• Share your story content with anyone outside the order fulfillment chain
• Train any AI models on your input or output

4. Children's Privacy (COPPA + GDPR-K)

StoryWarm is intended for parents, grandparents, and adults (age 18+). We do not knowingly collect personal information from children under 13 (US) / 16 (EU).

When you provide your child's name, age, or other details to create a personalized book, you do so as a parent or legal guardian providing third-party information about your own family.

If you believe a child has provided us with personal information without parental consent, contact us immediately at privacy@storywarm.com — we will delete it.

5. International Data Transfers

6. Your Rights

EU/UK GDPR

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten") — Note: Physical books already printed and shipped cannot be unprinted
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with EU/UK supervisory authority

KVKK (Türkiye)

KVKK Madde 11 kapsamındaki tüm haklarınız mevcuttur. Başvuru: privacy@storywarm.com

CCPA/CPRA (California)

Right to know, delete, opt out of sale (we do not sell), non-discrimination.

To exercise any right: Email privacy@storywarm.com — we respond within 30 days.

7. Data Retention

8. AI Disclosure

• Stories: Generated by OpenAI GPT
• Illustrations: Generated by Black Forest Labs FLUX.1 Kontext
• Each image embeds C2PA Content Credentials per EU AI Act Article 50 (effective August 2026)

9. Security

• TLS 1.3 encryption
• D1/Postgres Row Level Security
• Paddle-tokenized payment processing
• Optional photos auto-deleted within 24 hours
• Annual security review

10. Changes

We will notify users of material changes 30 days before taking effect.

11. Contact

Privacy questions: privacy@storywarm.com

EU GDPR supervisory authority: your local DPA
UK ICO: ico.org.uk
Türkiye KVKK: kvkk.gov.tr