1. Information We Collect

We collect information in several ways when you use our Service:

1.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name, email address, and authentication credentials (managed through our authentication provider, Clerk)
• Profile Information: Optional profile details such as display name, avatar, or preferences
• Story Content: Text prompts, character descriptions, story preferences, and other creative inputs you provide
• Communications: Messages you send to us for support, feedback, or other inquiries
• Payment Information: If you subscribe to paid features, payment details are processed by our payment provider (we do not store full payment card numbers)

1.2 Information Generated Through Use

• AI-Generated Content: Stories, illustrations, and audio narrations created through your use of the Service
• Usage Data: Information about how you interact with the Service, including features used, stories created, and time spent
• Device Information: Browser type, operating system, device identifiers, and screen resolution
• Log Data: IP addresses, access times, pages viewed, and referring URLs

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party service (Google, Apple, etc.), we receive basic profile information they provide
• Analytics Services: We use Vercel Analytics to understand how users interact with our Service

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving the Service

• Generate AI-powered stories, illustrations, and narrations based on your inputs
• Store and manage your created content and characters
• Enable sharing features and collaboration
• Personalize your experience and recommendations
• Analyze usage patterns to improve our Service
• Develop new features and functionality

2.2 Communication

• Send service-related announcements and updates
• Respond to your inquiries and support requests
• Send promotional communications (with your consent)
• Notify you of changes to our Terms or Privacy Policy

2.3 Safety and Compliance

• Detect, prevent, and address technical issues
• Monitor for and prevent fraud, abuse, and violations of our Terms
• Comply with legal obligations and respond to lawful requests
• Enforce our Terms of Service and other policies

2.4 AI Provider Data Practices

ImagiBooks does not train its own AI models. We utilize third-party AI services (including Google Gemini, OpenAI, Anthropic, and others via OpenRouter) through their respective APIs to generate content on your behalf. When you use the Service, your prompts and inputs are sent to these AI providers for content generation.

Each AI provider has its own data handling and retention policies. While we access these services through API-level integrations that generally exclude customer data from model training, we cannot guarantee how each provider processes data on their end. We encourage you to review the privacy policies of our AI providers listed in Section 8 for more details.

We may use anonymized and aggregated usage analytics (such as feature usage patterns and error rates) to improve the ImagiBooks platform itself. This data is stripped of personally identifiable information before use.

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Clerk: Authentication and user management
• AI Providers (Google Gemini, OpenAI, Anthropic, and others via OpenRouter): AI content generation including stories, illustrations, and narration. Your prompts and creative inputs are sent to these providers to generate content.
• Convex: Real-time database services for storing and syncing your stories, characters, and other content
• Vercel: Hosting, analytics, and performance monitoring
• Stripe: Secure payment processing for subscriptions and purchases
• Amazon Web Services (AWS): Cloud infrastructure, including S3 and CloudFront for asset storage and delivery (images, audio, and other media)

3.2 With Your Consent

• When you choose to share stories publicly or with specific individuals
• When you authorize third-party integrations
• With your explicit consent for other purposes

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government requests in accordance with applicable law
• Protection of our rights, property, or safety
• Prevention of fraud, abuse, or illegal activities

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy:

• Account Information: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
• Story Content: Retained until you delete it or your account is terminated
• Usage Data: Typically retained for 24 months for analytics purposes
• Log Data: Typically retained for 90 days for security and debugging
• Payment Records: Retained as required by tax and accounting regulations

When data is no longer needed, we securely delete or anonymize it. Some information may be retained in anonymized form for analytical purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest where applicable
• Access Controls: Strict access controls limit who can access personal information
• Authentication: Secure authentication through Clerk with support for multi-factor authentication
• Monitoring: Regular security monitoring and vulnerability assessments
• Incident Response: Procedures for detecting and responding to security incidents

6. Children's Privacy

6.1 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 years of age.

6.2 Age Restrictions

• Users must be at least 13 years old to create an account
• Users between 13 and 18 must have the consent and supervision of a parent or legal guardian who agrees to be bound by our Terms of Service
• Parents, guardians, or other authorized adults may create content on behalf of children without creating accounts for them

6.3 Parental and Guardian Responsibility

If you permit a minor to use the Service under your supervision, you accept full responsibility for that minor's use of the Service, including all content generated, any financial charges incurred, and compliance with these Terms. If you are a parent or guardian and believe your child under 13 has provided personal information:

• Contact us immediately at privacy@imagibooks.com
• We will promptly delete such information from our records
• You may review, correct, or request deletion of your child's information

6.4 Creative Content and Character Names

Our platform allows users to create fictional stories and characters. Character names, story prompts, and other creative inputs are treated as creative content rather than personal information of any real individuals depicted. Users are responsible for ensuring that their creative inputs do not violate the privacy or rights of real individuals.

6.5 Content Review Recommendation

While our platform can create stories suitable for children, we recommend that adults review all AI-generated content before sharing with minors. AI-generated content may occasionally contain unexpected or inappropriate elements.

7. Cookies and Tracking Technologies

7.1 What We Use

We use the following technologies to collect information:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how users interact with the Service (Vercel Analytics)
• Local Storage: Store non-sensitive preferences on your device (for example, UI state). Stories and characters are stored in our backend.

We do not use third-party advertising or marketing cookies. We do not have partnerships with advertising networks and do not serve targeted advertisements.

7.2 Managing Cookies

You can control cookies through your browser settings:

• Block or delete cookies through your browser preferences
• Set your browser to notify you when cookies are being set
• Use browser privacy modes that limit tracking

Note that disabling certain cookies may affect the functionality of the Service.

7.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals. However, you can use the cookie management options described above to limit tracking.

8. Third-Party Services

Our Service integrates with and relies on various third-party services. Each has its own privacy practices:

We encourage you to review the privacy policies of these third-party services. We are not responsible for their privacy practices. We access AI services through API-level integrations, which generally provide stronger data protections than consumer-facing products, but we cannot control how each provider handles data on their systems.

9. Your Rights and Choices

You have the following rights regarding your personal information:

9.1 Access and Portability

• Request a copy of your personal information
• Export your stories and content in a portable format
• Receive information about how your data is processed

9.2 Correction and Deletion

• Update or correct inaccurate personal information
• Request deletion of your account and associated data by emailing support@imagibooks.com. Account deletion requests are processed within 30 days. We are actively developing self-service account deletion within the platform.
• Request deletion of specific content you've created

9.3 Communication Preferences

• Opt out of promotional emails by clicking "unsubscribe"
• Manage notification preferences in your account settings
• Note: You cannot opt out of essential service communications

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@imagibooks.com. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

10. International Data Transfers

ImagiBooks is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have different data protection laws than your country of residence. By using the Service, you consent to the transfer of your information to these countries.

We take steps to ensure that your information receives adequate protection in accordance with this Privacy Policy, including:

• Using service providers that maintain appropriate security measures
• Implementing contractual protections for data transfers
• Complying with applicable data transfer requirements

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Sources from which we collect information
• Business purposes for collecting or selling information
• Categories of third parties with whom we share information
• Specific pieces of personal information we have collected about you

11.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

11.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny you services, charge different prices, or provide different quality of service.

11.4 No Sale of Personal Information

We do not sell personal information as defined under the CCPA. We do not have actual knowledge that we sell personal information of minors under 16 years of age.

11.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification that you authorized the agent to act on your behalf.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your personal data based on the following legal bases:

• Contract Performance: Processing necessary to provide the Service
• Legitimate Interests: Processing for our legitimate business interests (analytics, security, fraud prevention)
• Consent: Where you have given explicit consent (marketing communications)
• Legal Obligation: Processing required by applicable law

12.2 Your GDPR Rights

• Access: Request access to your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

12.3 Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

12.4 Data Protection Officer

For GDPR-related inquiries, please contact us at privacy@imagibooks.com.

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users via email and/or in-app notification as soon as reasonably practicable
• Notify relevant supervisory authorities within 72 hours where required by GDPR
• Comply with all applicable breach notification requirements, including those under CCPA and other state and federal laws
• Provide information about the nature of the breach, the types of data affected, and the steps we are taking to address the situation
• Offer guidance on steps you can take to protect yourself

We maintain incident response procedures to detect, contain, and remediate security incidents promptly. Our goal is to be transparent and proactive in communicating any incidents that may affect your data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

• We will update the "Effective Date" at the top of this Policy
• For material changes, we will provide prominent notice (email or in-app notification)
• We will give you the opportunity to review changes before they take effect

Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy. If you do not agree with changes, you should stop using the Service.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: