Privacy Policy
Last updated: 26 March 2026
1. Who We Are
MyStoryChild (mystorychild.se) is a Swedish service that creates personalised AI-generated storybooks for children. We are the data controller for personal data processed through this website.
Contact: hello@mystorychild.se
2. Data We Collect
Account data
Your email address and name, obtained from Google when you sign in with Google OAuth.
Book content
The names, ages, and appearance descriptions of child characters you provide when creating a book. Generated story text and AI-created illustrations are stored in your account.
Payment data
Subscription status and purchase history. We never store raw card numbers — all payment processing is handled by Stripe. We store only a Stripe Customer ID to manage your subscription.
Usage data
Logs of AI generation requests (model used, token count, cost) for billing accuracy and abuse prevention. These logs are not linked to specific book content.
Session cookies
We use one strictly-necessary cookie to keep you logged in. No advertising or analytics cookies are set.
3. Legal Basis for Processing
- Contract performance — processing necessary to provide the storybook service you signed up for.
- Legitimate interest — abuse prevention, fraud detection, and service security.
- Legal obligation — retaining financial records for 7 years as required by Swedish bookkeeping law (Bokföringslagen).
4. Sub-processors
We share data with the following third-party providers to operate the service. All US-based providers are used under Standard Contractual Clauses (SCCs) approved by the European Commission.
| Provider | Purpose | HQ | Safeguard |
|---|---|---|---|
| EU Cloud Provider | VPS hosting, image storage | 🇪🇺 EU | EU-based, GDPR native |
| Stripe | Payment processing | 🇺🇸 USA | GDPR DPA + SCCs |
| OAuth login, Gemini image AI | 🇺🇸 USA | SCCs | |
| OpenAI | Story text generation | 🇺🇸 USA | SCCs, Zero Data Retention API |
5. Data Retention
- Account & book data — retained while your account is active, deleted within 30 days of account deletion.
- Financial records (orders, purchases) — retained for 7 years as required by Swedish law, anonymised upon account deletion.
- AI usage logs — retained for 12 months for billing reconciliation, then deleted.
- Session cookies — expire when you log out or after 7 days of inactivity.
6. Your Rights
Under the GDPR you have the following rights, exercisable at any time:
- Right of access (Art. 15) — download a complete copy of all data we hold about you from your account settings.
- Right to erasure (Art. 17) — permanently delete your account and all personal data from your account settings. Financial records are anonymised rather than deleted to comply with bookkeeping law.
- Right to rectification (Art. 16) — update your name and profile via account settings.
- Right to data portability (Art. 20) — your data export is provided as machine-readable JSON.
- Right to object (Art. 21) — contact us at hello@mystorychild.se.
You may also lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
7. Children's Data
Our service creates books about children but is used by adults (parents/guardians). We do not knowingly create accounts for children under 16. Character names and descriptions entered during book creation are treated as content data under your account.
8. Changes to This Policy
We will notify registered users by email of any material changes at least 30 days before they take effect. Continued use of the service after that date constitutes acceptance.
9. Contact
For any privacy questions or to exercise your rights: hello@mystorychild.se