stories told by you
Privacy Policy

How we handle your data

Last updated: April 2026

Overview

toldby.you (“we”, “our”, “the service”) takes your privacy seriously. This policy explains what data we collect, why, and how we protect it.

Responsible Person

Olivia Gut
Wartstrasse 4
8032 Zurich, Switzerland
Email: stories@toldby.you

Data We Collect

Account data: Your email address, used for authentication via magic link (no password stored).

Book content: The stories, character descriptions, and names you provide during book creation. This content is processed to generate your story and illustrations.

Order data: When you order a printed book, we collect your shipping address and payment information (processed by Stripe).

Usage data: We collect anonymous analytics data (page views, device type) via Vercel Analytics. We use Sentry for error monitoring and performance tracing. When an error occurs, Sentry receives technical context such as your IP address, browser type, and the page you were on. If you voluntarily submit a bug report via the “Report a bug” button, Sentry also receives the message you type and your email address. We do not record your screen, your inputs, or your session.

How We Use Your Data

  • To create and store your personalised children’s books
  • To generate stories and illustrations from your memories
  • To process and fulfil print orders
  • To send you authentication emails and order updates
  • To improve the service and fix errors

Legal Basis

We process your data on the following legal grounds:

  • Contract performance: Account creation, book generation, order processing, and email delivery are necessary to provide the service you requested.
  • Legitimate interest: Anonymous analytics and error monitoring help us maintain and improve the service.

Third-Party Services

We use the following services to operate toldby.you. Each processes only the data necessary for its function:

Supabase (Zurich, Switzerland) — database, authentication, and file storage. Privacy policy

Vercel (Frankfurt, Germany) — hosting, analytics, and edge delivery. Privacy policy

Anthropic (Claude) — text generation for stories. Your interview answers and book content are sent to generate the story. Privacy policy

Google (Gemini) — image generation for illustrations. Character descriptions and scene prompts are sent to generate images. If you upload a character photo, it is sent to Google Gemini to generate an illustrated version. Photos are not used to train models; Google may retain them for up to 55 days for safety monitoring. Only the generated illustration is used in your book. See our FAQ for more details. Privacy policy

OpenAI (Whisper) — optional voice transcription. If you use the microphone button to dictate an interview answer, the audio clip is sent to OpenAI Whisper to be transcribed into text. We do not store the audio; only the transcribed text is saved as your answer. Privacy policy

Stripe — payment processing. We never see or store your full card details. Privacy policy

Resend — transactional email delivery (authentication links, order updates). Privacy policy

Sentry — error monitoring, performance tracing, and voluntary bug reports. Receives technical error context (IP, browser, page URL) and any message you submit via “Report a bug”. Session recording and input capture are disabled. Privacy policy

Replicate — image upscaling for print-quality illustrations. Privacy policy

Prodigi — print fulfillment. Your shipping address and book PDF are shared to print and ship your order. Privacy policy

International Data Transfers

Some of our service providers (Anthropic, Stripe, Resend, Sentry, Replicate) operate in the United States. These transfers are protected by the Swiss–US Data Privacy Framework and, where applicable, Standard Contractual Clauses. Your database and file storage (Supabase) are hosted in Zurich, Switzerland. Your application (Vercel) is hosted in Frankfurt, Germany.

Cookies

We use only essential cookies for authentication, language preferences, and currency detection. We do not use advertising or tracking cookies.

Data Retention

Your account and book data are retained as long as your account is active. You can request deletion at any time. Order data is retained as required by Swiss commercial law.

Your Rights

Under Swiss data protection law (nDSG) and the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to processing of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us at stories@toldby.you.

Changes

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the website.