It's Me Books
Sign in

Privacy & Legal

Everything you agree to when you create a book — our Privacy Policy, the explicit consent we ask for before processing your child’s photo, information for parents, and our Terms. These are the exact documents shown in the app.

Document version v2026.06.05.1

Privacy Policy

This Privacy Policy explains what personal data It's Me Books collects when you and your child use our service, why we collect it, who we share it with, how long we keep it, and the rights you and your child have under applicable data-protection law (in particular the EU General Data Protection Regulation, "GDPR").

We have written this document in plain language. If anything is unclear, write to us at the address in section 13 and we will answer in plain language too.

1. Who we are (data controller)

The data controller for the personal data described here is:

[PLACEHOLDER: legal entity name] [PLACEHOLDER: registered address] [PLACEHOLDER: company registration number] Email: [PLACEHOLDER: privacy contact email, e.g. privacy@itsmebooks.com]

References below to "we", "us", or "It's Me Books" mean this entity.

EU representative (GDPR Article 27)

For users in the EU, our designated representative under Article 27 GDPR is:

[PLACEHOLDER: EU representative entity name] [PLACEHOLDER: EU representative address] [PLACEHOLDER: EU representative contact email]

Data Protection Officer

[PLACEHOLDER: Either (a) the name and contact details of our DPO, or (b) a statement explaining that we have assessed Articles 37(1)(a)–(c) GDPR and concluded a DPO is not required, with a reference to the assessment in docs/compliance/dpo-assessment.md.]

2. What data we process and why

We deliberately collect the minimum data we need to create a personalised illustrated book for your child and to run the service around it.

2.1 Account data

  • What: your email address, a password hash, your display name (optional), preferred language, and — if you join or create a family group — the family identifier and your role inside it.
  • Why: to identify you as the account holder, to let you sign in, and to attribute books and payments to the right account.
  • Legal basis: performance of a contract (GDPR Art. 6(1)(b)) — we cannot provide the service without an account.

2.2 Your child's profile

  • What: the child's first name (or nickname you choose), age, gender (boy / girl / prefer not to say), language, and a short appearance descriptor that helps the illustration model render the child consistently across pages (for example: "light-brown hair side-parted, brown eyes, fair skin").
  • Why: the story and illustration prompts use this information so the child is recognisably the protagonist.
  • Legal basis: performance of a contract, with your parental consent for processing data about a minor (Art. 6(1)(b) and Art. 8 GDPR; see section 5).

2.3 Your child's photographs (biometric data)

  • What: the 3 to 5 photographs you upload of your child so we can train a per-child identity model (a "LoRA" — a small set of model weights that teaches our image generator what your specific child looks like).
  • Why: without these photos the illustrations cannot resemble your child. The LoRA we train from them is then used as the only reference for every page we generate.
  • Legal basis: your explicit consent (GDPR Art. 9(2)(a)) for the processing of biometric data, captured separately at upload time. You can withdraw this consent at any time (see section 7).
  • Important:
    • We do not use your child's photos to train any general-purpose AI model.
    • Photos are uploaded only to our own storage in the European Union and, briefly, to our image-training provider's file API.
    • Raw photos are deleted from our systems as soon as the identity model has been trained successfully. A safety-net background job also deletes any raw photos that, for any reason, are still present 24 hours after upload.
    • The trained identity model is private to your account and is never shared, sold, or used outside the books we generate for your child.

2.4 Generated content

  • What: the story text, the per-child identity model (LoRA weights), the per-page generated illustrations, character sheet previews, the finished PDF, and (if you choose to order them) the print and any trailer or narration we generate.
  • Why: this is the product. We need to store it so you can read, re-download, print, and re-open the book.
  • Legal basis: performance of a contract.
  • Retention:
    • Per-child identity model (LoRA weights): deleted after each book is finished, unless you have explicitly opted in to "retain my child's identity model for future books" — in which case we keep it for 90 days from the most recent use and delete it automatically after that, unless you re-use it.
    • Finished PDF of a book: kept for 7 days after generation and then deleted from our storage. The in-app reader version of the book remains available in your account. You may re-download or re-export at any time before deletion.
    • Per-page generated illustrations and story text: kept while your account is active, so the in-app reader and re-prints continue to work.
    • Print orders: kept for as long as required by tax and consumer-protection law (see section 4).

2.5 Payment data

  • What: payment-method tokens, billing address (where required for VAT), order amounts, currency, subscription status, and the Stripe customer/subscription identifiers. We never see or store your full card number.
  • Why: to take payment for books, prints, and subscriptions; to issue refunds; to comply with tax and accounting law.
  • Legal basis: performance of a contract and compliance with a legal obligation (Art. 6(1)(b) and 6(1)(c) GDPR).

2.6 Cardholder-based age verification

When you make a payment through Stripe, Stripe confirms to us that a card transaction succeeded under the name and billing details on file. We use that signal as a reasonable confirmation that the account is operated by an adult who is in a position to consent on behalf of the child whose profile is on the account. We do not receive your full card number for this purpose.

  • Legal basis: our legitimate interest in operating a service that is safe for children and that complies with the parental-consent requirements of GDPR Art. 8 (Art. 6(1)(f) GDPR).
  • You can object at any time — see section 7.

2.7 Support, security, and abuse-prevention logs

  • What: access logs (IP address, timestamp, the API request path), error reports, the support messages you send us, and an append-only consent audit trail (every time you grant, refuse, or withdraw a consent, we record what was shown to you, in which language, the version of the policy, and the timestamp).
  • Why: to keep the service secure, to investigate abuse, to answer support requests, and to be able to prove that we obtained the consents we relied on.
  • Legal basis: our legitimate interest in operating a secure service (Art. 6(1)(f)) and compliance with our legal obligation to demonstrate consent (Art. 7(1) GDPR).
  • Retention: access and error logs are kept for [PLACEHOLDER: number] days. Consent audit records are kept for as long as your account exists, plus the limitation period afterwards (see section 4).

2.8 Product analytics

  • What: aggregated, pseudonymised usage events (which screens were viewed, which themes were chosen, generation success/failure). We do not include your child's name, your child's photos, your child's identity model, or the raw text of a generated book in any analytics event.
  • Why: to understand which parts of the product work and which need improvement.
  • Legal basis: consent (where required) or legitimate interest, depending on your country. You can opt out in the app's privacy settings.

3. Sub-processors (who we share data with)

We rely on the following sub-processors to deliver the service. They each act on our instructions under a written data-processing agreement.

Sub-processor Country / region Purpose Data processed DPA status
Supabase (Postgres, Auth, Storage) EU (eu-west-1) Database, authentication, file storage Account data, child profile, photos (transiently), generated content [PLACEHOLDER: DPA status — signed / pending]
Replicate, Inc. United States LoRA training and image inference Child photographs (during training only), trained identity model (LoRA weights), inference prompts [PLACEHOLDER: DPA status — must be signed, incorporating SCCs and a no-training-on-our-data clause, before any child biometric data is processed]
Stripe EU / US (Stripe Payments Europe Ltd. in the EEA) Payment processing, subscription billing, cardholder verification Email, billing address, payment-method token, transaction history [PLACEHOLDER: DPA status — Stripe DPA accepted via dashboard / signed]
Resend [PLACEHOLDER: region] Transactional email (sign-in, order confirmation, deletion confirmation) Email address, message body [PLACEHOLDER: DPA status]
Sentry [PLACEHOLDER: region / EU data residency setting] Error monitoring Pseudonymised user ID, error stack traces, request metadata [PLACEHOLDER: DPA status]
PostHog [PLACEHOLDER: region — EU instance if used] Product analytics (see section 2.8) Pseudonymised event data [PLACEHOLDER: DPA status]
Better Stack / Axiom [PLACEHOLDER: which one is in use, and region] Log aggregation Access logs, error logs [PLACEHOLDER: DPA status]
Cloudflare Global (EU edge) CDN and caching for static assets and generated images Image bytes, IP address [PLACEHOLDER: DPA status]
Vercel [PLACEHOLDER: region for our deployment] Web hosting Web access logs [PLACEHOLDER: DPA status]
Gelato EU (printing facility) Print and ship physical books Recipient name and shipping address, the finished PDF [PLACEHOLDER: DPA status]
ElevenLabs / Cartesia [PLACEHOLDER: region] Optional narration audio Story text, generated audio file [PLACEHOLDER: DPA status — only when narration is enabled]
Kling / Veo [PLACEHOLDER: region] Optional trailer video Story prompt, generated video file [PLACEHOLDER: DPA status — only when trailer is enabled]

We will update this list whenever it changes. If you have an account, we will notify you in-app before a material new sub-processor starts processing your data.

4. How long we keep your data

The retention numbers below are taken from our internal architecture decision record ADR 0013 §4. They are the maximums — we will delete sooner if you ask us to (see section 7).

Category Retention
Raw photos you upload Deleted immediately on successful identity-model training; in any case deleted within 24 hours of upload by a scheduled safety-net job.
Per-child identity model (LoRA weights) Deleted after each book unless you opt in to retain — then 90 days from last use.
Finished PDF of a book 7 days from generation, then deleted from our storage. The in-app reader copy remains while the account is active.
Per-page illustrations, story text, character sheet While your account is active.
Account data (email, name, family membership) Until you delete the account.
Consent audit trail (ConsentRecord) Append-only. Retained while the account exists, plus the legal limitation period after deletion, as required by Art. 7 GDPR ("the controller shall be able to demonstrate that the data subject has consented").
Orders, invoices, tax records [PLACEHOLDER: number — typically 7 to 10 years per the tax law of our country of establishment].
Access and error logs [PLACEHOLDER: number] days.

When you exercise the right to erasure (section 7), we follow the procedure described in our internal ADR 0007: personally identifying fields are scrubbed in place, while a small set of audit and accounting rows is preserved as the law allows. The result is that the residual rows cannot be linked back to a real person.

5. Children and parental consent

It's Me Books is operated by a parent on behalf of a child. The account holder must be at least 18 years old.

Under GDPR Art. 8, where we offer information-society services directly to a child, processing is lawful only with the consent of the holder of parental responsibility if the child is under [PLACEHOLDER: digital-consent age — 16 across the EU per ADR 0013 §11, subject to per-Member-State variation between 13 and 16]. Because our account model places the parent as the contracting party, the parent grants the relevant consents on behalf of the child, including the explicit biometric-data consent in section 2.3.

We use the cardholder check described in section 2.6 as a reasonable confirmation that the account holder is an adult.

6. International transfers

Our database, authentication, and primary storage are hosted in the European Union (Supabase, eu-west-1, Ireland). Most personal data does not leave the EU.

The one exception is the most sensitive data we process: your child's photograph and the identity model trained from it. To train and run that model, this data is transferred to and processed in the United States by Replicate, Inc. The United States has no general EU adequacy decision covering this processing, so we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914), supplemented by additional measures intended to address the specific risks of a US transfer:

  • Data minimisation: the photograph is transferred only for the brief training step and is not retained by the provider beyond it; the model is created and run without re-sending the original photographs.
  • Pseudonymisation: the trained model is identified by an opaque code, never by your child's name.
  • Contractual restriction: the provider is contractually prohibited from using your child's data to train any of its own models.
  • Transfer Impact Assessment: we have assessed the risks of this transfer (including US surveillance law) and the supplementary measures above. [PLACEHOLDER: link to the Transfer Impact Assessment / summary, once counsel-approved.]

We recognise this is an international transfer of special-category (biometric) data and that the safeguards above reduce, but do not eliminate, the risks. If you would prefer your child's data not to be transferred to the United States, do not give the separate biometric-data consent (section 2.3); your account and the rest of the service are unaffected.

Other sub-processors that may process data outside the EU (for example Stripe for certain card-network operations) rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) supplemented by the safeguards described in each provider's Data Processing Agreement.

7. Your rights

Under GDPR you have the following rights. You can exercise them from inside the app (Settings → Privacy) or by writing to us at the address in section 13. We will respond within one month.

  • Right of access (Art. 15): ask us for a copy of the personal data we hold about you and your child.
  • Right to rectification (Art. 16): ask us to correct anything that is inaccurate.
  • Right to erasure / "right to be forgotten" (Art. 17): ask us to delete your account, your child's profile, photos, identity model, and generated content. In the app: Settings → Privacy → Delete account, or Settings → My children → (child) → Delete child. The deletion cascades to our storage and to sub-processors as set out in section 4 and our internal ADR 0007.
  • Right to restrict processing (Art. 18): ask us to pause processing while a dispute is resolved.
  • Right to data portability (Art. 20): ask for an export of your account data and your child's books in a portable format (JSON for structured data, PDF for books).
  • Right to object (Art. 21): object to processing based on our legitimate interest (sections 2.6 and 2.7).
  • Right to withdraw consent (Art. 7(3)): withdraw the biometric-data consent (section 2.3) or any other consent at any time. Withdrawal does not affect the lawfulness of the processing that took place before withdrawal, but we will stop the processing and delete the affected data as set out in section 4.
  • Right not to be subject to a fully automated decision (Art. 22): we do not make decisions that produce legal or similarly significant effects on you using fully automated processing.

How withdrawal of biometric consent works

Withdrawing biometric consent in the app immediately:

  1. Disables any further book generation that would use your child's identity model.
  2. Deletes the trained identity model (LoRA weights) from our systems and from the training/inference provider.
  3. Deletes any raw photos that, for any reason, are still on our systems.
  4. Leaves the previously generated books accessible in your account. (You can delete those separately if you also want them removed.)

8. Right to lodge a complaint

If you believe we have processed your or your child's personal data unlawfully, you can lodge a complaint with a data-protection supervisory authority. Our lead supervisory authority is:

[PLACEHOLDER: lead supervisory authority — the DPA of the EU Member State in which our EU representative is established, e.g. AEPD for Spain, CNIL for France, etc.]

You may also complain to the supervisory authority in your own EU Member State.

9. Security

We protect your data with industry-standard measures, including:

  • Encryption in transit (TLS 1.2+).
  • Encryption at rest for storage and database backups.
  • Additional application-layer encryption for the most sensitive identity pointers (per-child LoRA version id, trigger word, appearance descriptor), so that a database-only breach does not, on its own, allow an attacker to run inferences against a child's identity model.
  • Strict access control and audit logging on engineering access to production systems.
  • Penetration tests and dependency security scans on a regular schedule.

No system is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours, and notify you without undue delay where the breach is likely to result in a high risk (Arts. 33 and 34 GDPR).

10. Cookies and similar technologies

The mobile app stores authentication tokens in the device's secure storage so you do not have to log in on every launch. The web site uses a small number of strictly necessary cookies for authentication and for remembering your language. We do not use advertising cookies and we do not sell cookie data to advertising networks.

[PLACEHOLDER: Confirm or amend this section once the web cookie inventory is finalised.]

11. Changes to this policy

We will keep older versions of this Privacy Policy on file and accessible by version number. When we make a material change, we will:

  • show you the new policy in the app on next launch,
  • ask you to confirm you have read it before continuing,
  • and, where the change relates to a consent (in particular section 2.3), ask you to re-grant that consent specifically.

Each time you accept a policy version, we record that fact in the consent audit trail described in section 2.7.

12. AI vendors and training

We have a contractual prohibition with every AI vendor we use against using your child's photos, your child's identity model, or any other personal data from your account to train their general-purpose models. We list our current AI vendors in section 3.

13. Contact

For any question about this Privacy Policy or to exercise any of the rights in section 7:

Email: [PLACEHOLDER: privacy contact email] Post: [PLACEHOLDER: postal address for privacy correspondence]

Version: v2026.05.24.1 Effective: 2026-05-24

A short note for parents

This is not a contract. It is a friendly summary of what happens to your child's data when you use It's Me Books, what you are consenting to on the child's behalf, and how to change your mind. For the formal version, please see our Privacy Policy and our Biometric Consent.

If you remember three things from this page, let them be:

  1. Your child's photos are deleted as soon as we have what we need. We keep the trained identity model, not the photos.
  2. You can take it all back, any time. Tap Settings → Privacy → Withdraw biometric consent, or Settings → Privacy → Delete account, and we walk away with nothing reusable.
  3. We won't use your child's photos or identity to train anyone else's AI. Ever.

What we ask you to consent to, on the child's behalf

Because the child cannot give legally valid consent themselves under EU data-protection law, you are doing so on their behalf as the holder of parental responsibility. The two things that matter most:

  • Biometric processing of your child's photos so we can train a small per-child image model (a "LoRA") that lets the illustrator render the child consistently across the pages of a book. This is the single sensitive step in the whole product, and we ask you to consent to it separately and explicitly.
  • General processing of your child's profile — the name or nickname you choose, age, gender, language, appearance descriptor — so the story text and illustration prompts are about your child rather than a generic kid.

You are not asked to consent to any of these because we don't do them:

  • We do not sell your child's data.
  • We do not use your child's data or photos to train anyone else's AI model.
  • We do not show advertising to your child.
  • We do not share your child's identity model with another family or another account.

What your child's data is actually used for

Step What we use Result
You add a child Name, age, gender, language, appearance descriptor A child profile in your account
You upload photos 3–5 photographs you choose A per-child identity model (LoRA), trained once, reused for every book
The model is trained Your raw photos go to the trainer The trained identity model. The raw photos are then deleted from our systems — within minutes when training succeeds, and within 24 hours as a hard safety net.
You pick a theme and a story The identity model and the appearance descriptor The story text and 10–20 illustrated pages, with your child as the protagonist
You read, download, or print The finished book A PDF (kept for 7 days from generation, then deleted from our storage; the in-app reader copy stays as long as your account) and, optionally, a printed hardcover from our EU print partner

The full retention table is in section 4 of the Privacy Policy.

How to withdraw consent, see, export, or delete the data

Everything below is in Settings → Privacy inside the app.

Withdraw the biometric consent

Tap Withdraw biometric consent. We immediately:

  • stop any further book generation that needs the child's identity model;
  • delete the trained identity model from our systems and from the training/inference provider;
  • delete any raw photo that, for any reason, is still on our systems.

The books that have already been generated stay in your account. If you also want to delete them, you can do that separately from the same screen.

Delete the child's profile

Tap My children → (child) → Delete child. This deletes the child's profile, identity model, any remaining photos, and the books generated for that child. The deletion cascades to our storage and to our sub-processors as set out in the Privacy Policy.

Delete the whole account

Tap Delete account. We delete or scrub everything tied to your account, including every child's profile, identity model, photos, books, and any subscription on our side. Some accounting records are kept for the period the law requires; those records do not contain anything that can be linked back to you or to the child.

See or export the data

Tap Export my data. We email you a download link with:

  • a JSON file containing your account profile, each child's profile, and the metadata of every book ever generated;
  • a PDF of each finished book.

We do not export the trained identity model itself — it is not portable to another service, and exporting it would multiply the places where your child's biometric data lives, which is exactly what we are trying to avoid.

Ask us anything

Email [PLACEHOLDER: privacy contact email] and we will respond within one month, as required by GDPR.

Who decides on the rules and who you can complain to

The data controller — the entity legally responsible for how your child's data is handled — is [PLACEHOLDER: legal entity name]. Our EU representative is [PLACEHOLDER: EU representative entity].

If you are not satisfied with how we handle your or your child's data, you can complain to a data-protection supervisory authority. Our lead supervisory authority is [PLACEHOLDER: lead supervisory authority]. You can also complain to the supervisory authority in your own EU country.

What if you change your mind later

That's the entire point of the in-app controls above. Withdrawal does not affect the lawfulness of anything we did before you withdrew, but from the moment you withdraw, we stop, and the affected data is deleted along the timetable in section 4 of the Privacy Policy. You do not have to explain why.

Version: v2026.05.24.1 Effective: 2026-05-24

Terms of Service

These Terms of Service (the "Terms") govern your use of It's Me Books, a service that generates personalised illustrated children's books based on photographs and information you provide. By creating an account or using the service, you agree to these Terms. If you do not agree, do not use the service.

These Terms are written to be readable. Where we use a defined term in title case, you'll find it explained in plain language.

1. Who we are

It's Me Books is operated by:

[PLACEHOLDER: legal entity name] [PLACEHOLDER: registered address] [PLACEHOLDER: company registration number] Contact: [PLACEHOLDER: support contact email]

References to "we", "us", or "It's Me Books" mean this entity.

2. What the service does

We generate personalised illustrated books in which your child is the protagonist. The typical flow is:

  1. You create an account and add a child profile (name, age, gender, language, appearance descriptor).
  2. You upload a small set of photographs of the child (typically 3 to 5).
  3. We train a per-child identity model (a "LoRA") from those photographs.
  4. You choose a theme and review the story outline we propose.
  5. We generate the book — story text and 10 to 20 illustrated pages.
  6. You can read the book in the in-app reader, download a PDF, and optionally order a printed hardcover or generate a narrated trailer.

The service uses third-party AI models (large language model, image generation, optionally voice and video). The list of current vendors is in our Privacy Policy.

3. Eligibility and account holder

  • You must be at least 18 years old to create an account.
  • You may create the account only on behalf of yourself and the child or children you have parental responsibility for. You confirm that you have the legal right to upload each child's photographs and to grant the consents described in our Privacy Policy and Biometric Consent.
  • You are responsible for everything that happens under your account. Keep your sign-in credentials confidential.
  • If you join or create a family group, other adult members of the same family group may see and read books generated for any child in the group. Only the original creator of a child or book can delete it. See our Privacy Policy for how family groups affect access.

You may not create an account or use the service if you are barred from doing so under any applicable law.

4. Permitted use

You may use the service to generate, read, download, and print books featuring your own child or a child you have parental responsibility for. You may share the finished books with friends and family for personal, non-commercial enjoyment (for example, sending the PDF to grandparents, gifting a printed copy).

The licence we grant you for each finished book is:

  • scope: worldwide, non-exclusive, royalty-free, perpetual (for as long as our copyright in the book subsists),
  • use: personal, non-commercial reading, printing, gifting, and family sharing,
  • derivative works: not permitted (you may not modify the story or the illustrations except for printing in a different size or binding),
  • transfer: you may transfer a specific printed or downloaded copy as a gift; you may not sub-licence the underlying book to anyone else.

5. Prohibited use

You agree not to:

  • upload photographs of any person other than a child for whom you hold parental responsibility, including yourself, public figures, or any person who has not given their consent;
  • upload sexual, violent, or hateful imagery;
  • attempt to use the service to generate content depicting any child in a sexual, violent, or otherwise harmful context — we operate a zero-tolerance policy and will report any such attempt to the competent authorities;
  • attempt to identify any other user of the service, to access another user's data, or to interfere with the security of the service;
  • scrape, copy, or redistribute generated books on a commercial basis (for example, selling printed copies, listing them in a marketplace, or republishing them on a website);
  • reverse-engineer, decompile, or attempt to extract the per-child identity model trained for any child other than your own (and even for your own child, the identity model is not exportable);
  • use the service to train another AI model, build a competing service, or evade our rate limits and safety checks;
  • breach any law applicable to your use of the service.

We reserve the right to suspend or terminate any account that breaches this section, with or without notice, and to refuse refunds for accounts terminated for breach.

6. Content safety

Every generated illustration is run through automated safety checks before it is shown to you. Outputs that fail these checks are discarded and the page is regenerated. Theme prompts are curated by us; you can supply story beats but you cannot freely set art prompts. We may decline to generate a story that we judge unsuitable for a children's product.

7. Intellectual property

  • The books we generate are our intellectual property, subject to the personal-use licence in section 4. We hold the copyright in the story text we write and the illustrations we generate.
  • The photographs you upload remain yours. You grant us a limited licence to process them strictly for the purposes set out in our Privacy Policy (in particular, to train your child's identity model). That licence ends when the photographs are deleted, which happens automatically as described in the Privacy Policy.
  • Your child's identity model (LoRA) is private to your account. We do not sell it, share it, or use it for any account other than yours.
  • The It's Me Books name, logo, and theme art outside any individual book are our trade marks. You may not use them without our written permission.

8. Payments, subscriptions, and refunds

8.1 Pricing

Prices are shown at the point of purchase, in the currency selected. Where required, prices are shown inclusive of applicable VAT. We use Stripe for payment processing and Stripe Tax for tax determination.

8.2 One-off purchases

A one-off purchase (for example, a single printed book) is delivered against payment. If the book has not yet been printed and dispatched, you may cancel and request a refund. Once the book has been printed, the right of withdrawal does not apply under EU consumer law because the book is personalised goods made to your specifications (Directive 2011/83/EU, Art. 16(c)).

8.3 Subscriptions

A subscription gives you the right to generate a defined number of books per period as described at purchase. Subscriptions auto-renew at the end of each period unless cancelled. You may cancel at any time from the app's billing settings; cancellation takes effect at the end of the current period and you keep access until then. We do not refund the unused portion of the current period unless we are required to by law.

8.4 Free trials and promotional credits

If we offer a free trial or promotional credits, the specific terms are shown at the point of offer and may limit the use, transferability, or duration of the credit.

8.5 Failed payments

If a payment fails, we may retry it according to Stripe's standard schedule. If after a reasonable number of retries the payment cannot be collected, we may suspend access until the balance is settled.

8.6 Statutory consumer rights

These Terms do not limit any statutory consumer right that you have under the law of your country of residence and which cannot be waived by contract.

9. Warranties and disclaimers

The service is provided "as is" and "as available". To the maximum extent permitted by applicable law, we do not warrant that:

  • the service will be uninterrupted, error-free, or completely secure;
  • a generated book will meet your subjective expectation of resemblance, tone, or artistic quality;
  • the identity model trained from your photographs will always produce the most flattering depiction of your child in every scene (we operate quality gates and retries — see our Privacy Policy and our internal ADR 0002 — but image generation is probabilistic).

We do not exclude or limit any warranty that cannot lawfully be excluded or limited, including statutory warranties for digital content under EU consumer law.

10. Liability

To the extent permitted by applicable law, our total aggregate liability to you arising out of or in connection with these Terms or the service in any twelve-month period is limited to the greater of:

  • the amount you paid us in that twelve-month period; or
  • €100.

We are not liable for indirect, incidental, consequential, or special damages, lost profits, lost data, or loss of goodwill, even if we have been advised of the possibility of such damages.

We do not exclude or limit:

  • liability for death or personal injury caused by our negligence;
  • liability for fraud or fraudulent misrepresentation;
  • any liability that cannot lawfully be excluded or limited.

11. Indemnification

You agree to indemnify and hold us harmless against any third-party claim arising out of:

  • your upload of photographs that you did not have the right to upload;
  • your breach of section 5 (Prohibited use);
  • your distribution of a generated book in a manner not permitted by section 4.

12. Suspension and termination

You may terminate at any time by deleting your account in the app (Settings → Privacy → Delete account). Deletion has the effect described in our Privacy Policy.

We may suspend or terminate your account if:

  • you materially breach these Terms;
  • we are required to do so by law or by an order from a competent authority;
  • we reasonably suspect fraud, abuse, or activity that puts other users at risk;
  • we discontinue the service in your country (we will give reasonable notice and a way to export your books before doing so).

13. Changes to the Terms

We will keep older versions of these Terms accessible by version number. When we make a material change, we will notify you in-app on next launch and ask you to confirm before continuing. Your continued use of the service after a new version takes effect constitutes acceptance of that new version.

14. Governing law and jurisdiction

These Terms are governed by the laws of [PLACEHOLDER: governing-law jurisdiction]. Any dispute arising out of or in connection with these Terms is subject to the [PLACEHOLDER: forum / court] of [PLACEHOLDER: city, country].

If you are a consumer resident in the EU, this clause does not deprive you of the protection afforded by mandatory provisions of the law of your country of residence, and you may also bring proceedings in the courts of your country of residence (Brussels I bis Regulation, Art. 18).

15. Online dispute resolution

If you are a consumer in the EU, you may use the European Commission's online dispute-resolution platform at https://ec.europa.eu/consumers/odr to attempt an out-of-court settlement of any dispute relating to a contract concluded online. We are [PLACEHOLDER: willing / not willing] to use the platform.

16. Contact

For any question about these Terms:

Email: [PLACEHOLDER: support contact email] Post: [PLACEHOLDER: postal address]

Version: v2026.05.24.1 Effective: 2026-05-24