Privacy

This page explains what we collect, why we collect it, how long we keep it, and how to ask us to remove it. We have written it in plain English. If anything is unclear, write to privacy@storyspun.eu and we will explain.

Who we are

StorySpun is a small press based in Rotterdam, Netherlands, selling personalised children's story PDFs. The legal entity behind StorySpun is the data controller for the personal information described below.

What we collect

• Story details: the child's first name, age, theme, an optional friend or pet name, and an optional small detail you give us. We use these to write the story.
• Your email address: we use it to send you the PDF and to reply if you contact support.
• Order details: if you pay through our checkout partner, we receive an order id and the country your card was issued in for tax compliance. We do not store your card number.
• Anonymous usage data: aggregated, non-identifying analytics about which pages are visited, used to improve the site. No tracking pixels are set without your consent.

What we do not collect

• Postal addresses, phone numbers, dates of birth, photos of your child, or anything we do not need.
• Information about other people the child knows beyond an optional friend or pet first name.
• Any data after the optional small detail you supply. We never expand on personal information you did not give us.

What we never do

• We do not sell your details.
• We do not share your details with advertisers, data brokers, or marketing platforms.
• We do not use your child's name in any campaign, A/B test, or content shown to other customers.
• We do not run cross-site tracking pixels without explicit opt-in consent.

How long we keep things

• The story PDF: 30 days on our servers, then automatically removed. You can ask us to remove it sooner.
• The story details and your email: 24 months, so you can re-download if needed and so we can answer support questions about a past order. You can ask us to delete sooner.
• Order and tax records: we keep order records for 7 years, as Dutch and EU tax law requires. These records do not include the child's name.

Where we store data

Story details and PDF files are stored on EU-based servers operated by Cloudflare and Supabase. Email is sent via Resend (servers in the EU and the US). Card payments are handled by Gumroad or Stripe, neither of whom share full card numbers with us. All data is encrypted in transit and at rest.

Your rights under GDPR and UK GDPR

You can ask us to:

• Show you the personal data we hold about you and the child.
• Correct any data that is wrong.
• Delete some or all of it.
• Export your data so you can take it elsewhere.
• Stop processing your data while a complaint is being looked at.

Write to privacy@storyspun.eu. We respond within 30 days, usually faster. If you live in the EU you can complain to your local data protection authority. In the Netherlands that is the Autoriteit Persoonsgegevens.

Children's data

The story is for the child. The customer making the purchase is the adult buying the gift. We assume that adult has the right to share the child's first name and age for the purpose of writing this story. If you believe a story was made about your child without your permission, write to us and we will delete the story immediately and permanently.

Cookies

We use a small number of strictly necessary cookies for the site to function (for example, to remember whether you accepted our cookie banner). We do not set advertising or tracking cookies without your explicit consent. The consent banner lets you change your mind at any time.

Changes to this policy

If we make material changes we will email everyone on our list and update the date at the top of this page. Old versions are kept on request.

Contact

privacy@storyspun.eu for privacy questions.
hello@storyspun.eu for everything else.