OwTale Privacy Policy

1.1 Account Information

When you register or sign in via Google or email, we collect basic account details (name, email address, profile picture) to create and manage your account.

1.2 Children's Profile Information

You may voluntarily provide your child's name, age, gender, and photo to personalize AI-generated storybooks. As a parent or guardian, submitting this information constitutes your informed consent to process your child's personal data solely for book creation purposes.

1.3 Voice Data

You may optionally record a voice sample to enable our voice-cloning narration feature. Voice recordings are biometric data and are stored with the highest level of security, used exclusively to generate narration for your books.

1.4 Content You Create

Story themes, art style choices, and generated book content are stored to deliver the service and improve AI output quality.

1.5 Order and Shipping Information

For physical hardcover orders, we collect your shipping address. Payments are processed by PayPal and other third-party processors — we receive only the order status and never store your card details.

1.6 Device and Log Data

We automatically collect device type, OS, browser, IP address, and usage logs to diagnose issues and improve performance. This data is not linked to your identity for commercial profiling.

1.7 Cookies and Similar Technologies

We use cookies and local storage to maintain session state, remember preferences, and analyze site usage. See Section 8 for full cookie details and how to manage your preferences.

We process your personal data only for the following lawful purposes:

• Contract performance: Delivering the storybook creation, narration, and print services you request.

• Legitimate interests: Operating and improving the platform, preventing fraud, and ensuring security.

• Legal obligation: Complying with applicable laws and regulations.

• Consent: Analytics, marketing, and functional cookies (which you can withdraw at any time).

We never use your data for unrelated automated decision-making that produces legal or similarly significant effects.

3.1 Our service is family-oriented. Some features involve collecting personal data of children under 16 (or the applicable age in your jurisdiction).

3.2 We rely on parental/guardian consent for processing children's data. By submitting a child's information, you confirm you have the authority to do so.

3.3 Children's data is used only for personalizing the storybook and is never shared for advertising or behavioural profiling.

3.4 Parents and guardians may request access to, correction of, or deletion of a child's data at any time by contacting us.

3.5 If we discover we have collected a child's data without verifiable parental consent, we will delete it promptly.

4.1 Your data is stored on secure cloud infrastructure with encryption at rest and in transit (HTTPS/TLS).

4.2 Account data is retained until account deletion, after which it is purged within 30 days. Voice recordings are deleted within 30 days of you removing them. Children's profile data is deleted within 30 days of you deleting the profile.

4.3 Transaction records may be retained for up to 7 years as required by applicable financial regulations.

4.4 We may transfer and store your data outside your country of residence, including to countries where data protection laws may differ. When transferring data from the EEA/UK, we rely on Standard Contractual Clauses or other GDPR-compliant transfer mechanisms.

We do not sell your personal data. We may share it only in the following circumstances:

5.1 Service providers: Print fulfilment partners (shipping address only), AI model providers (anonymised generation prompts), cloud hosting providers — all under data processing agreements.

5.2 Identity providers: Google and other OAuth providers you choose to authenticate with, subject to their own privacy policies.

5.3 Legal requirements: When required by law, court order, or to protect the rights and safety of OwTale and its users.

5.4 Business transfers: In the event of a merger or acquisition, we will notify you before your data is transferred and becomes subject to a different privacy policy.

6.1 All data in transit is encrypted via TLS 1.2+. Sensitive data at rest (voice recordings, photos) is stored with AES-256 encryption.

6.2 Access to personal data is restricted to authorised personnel on a need-to-know basis.

6.3 We conduct regular security reviews and follow the principle of data minimisation.

6.4 In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

Under the GDPR and equivalent laws, you have the following rights:

• Right of access (Art. 15): Obtain a copy of the personal data we hold about you.

• Right to rectification (Art. 16): Correct inaccurate or incomplete data.

• Right to erasure (Art. 17): Request deletion of your data where there is no overriding legal basis for retention.

• Right to restrict processing (Art. 18): Limit how we process your data in certain circumstances.

• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.

• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.

• Right to withdraw consent: Revoke consent at any time without affecting prior processing.

• Right to lodge a complaint: File a complaint with your national data protection authority (e.g., ICO in the UK, CNIL in France).

To exercise any of these rights, email us at support@owtale.com. We will respond within 30 days.

8.1 Essential cookies — Always active. Required for login sessions, security tokens, and core site functionality. Cannot be disabled.

8.2 Analytics cookies — Help us understand how visitors use the site (e.g., page views, error tracking). Used only with your consent.

8.3 Marketing cookies — Used to show you relevant ads and measure campaign effectiveness. Used only with your consent.

8.4 Preference cookies — Remember your language, currency, and display settings. Used only with your consent.

You can review and change your cookie preferences at any time using the "Cookie Preferences" button at the bottom-left of any page. Withdrawing consent does not affect any processing that already occurred.

We use cookies for a maximum period of 12 months, after which consent is requested again.

Our site may contain links to third-party websites or integrate third-party tools (e.g., payment processors). We are not responsible for the privacy practices of those services. Please review their privacy policies separately.

10.1 We may update this policy periodically. Material changes — such as new data types collected or new sharing parties — will be communicated via email or an in-app notice at least 7 days before taking effect.

10.2 Your continued use of OwTale after the effective date constitutes acceptance of the updated policy.

OwTale is the data controller for personal data processed through this website.

Email: support@owtale.com

Business hours: Monday – Friday, 9:00 – 18:00 (excluding public holidays)

If you are unsatisfied with our response, you may lodge a complaint with the data protection authority in your country of residence.