Privacy

BabyStories generates personalized hardcover storybooks featuring your child. To do that, we ask you to upload a small number of photos and tell us a bit about your kid. We treat that information with the seriousness it deserves. This page describes, in plain language, what we do with that data.

Photos of children

Kid photos are used for one purpose: generating illustrations for the book you create. They are never shared with other users, never used to train third-party models, and never used for advertising.

• Default 90-day retention. By default, every uploaded photo is automatically deleted 90 days after upload. A background job (purgePhotos) removes both the database row and the underlying image file.
• Opt-in to keep photos. If you'd like us to keep your photos so you can reuse them in future books, you can opt in from your account settings. Opt-in is off by default; you can revoke it at any time.
• Private storage. Photos live in a private Cloudflare R2 bucket with no public-read access. The only way to retrieve a photo is through a signed URL that we scope to your account.
• No logging of image bytes. Our server-side logs capture metadata (file size, mime type, storage key, your account id) but never the image contents.

Story and prompt data

The brainstorm chat history and the page outline you lock in are stored alongside your book so you can resume editing later. We run every user-submitted prompt through content moderation before passing it to any AI provider. Generated story text is also moderation-checked before we render an illustration for it.

Your data, your call

• Data export. You can download your full account record — kids, books, orders, and photo metadata — through /api/trpc/me.export.
• Data deletion. Hitting /api/trpc/me.delete hard-deletes your account: every kid, photo, book, character description, and reference to your photos in our storage backend. There is no soft-delete on personal data.
• Email us. If you'd rather have a human handle export or deletion, write to hello@babystories.ai.

Third parties we rely on

We use Clerk for authentication, Stripe for payments, Lulu Direct for print fulfillment, Cloudflare R2 for storage, and several AI providers (OpenAI, Anthropic, Google) for moderation, story generation, and illustration. Each provider sees only the data it needs to do its job. AI providers never receive your child's photo embeddings in a way that links back to your account.

Children under 13 (COPPA)

BabyStories is designed to be used by parents and guardians, not by children directly. The photos and information about your child that you upload are treated as your data, under your control. If you believe a child has used our service without parental consent, please email hello@babystories.ai and we'll delete the account.

Changes to this notice

If we materially change how we handle data, we'll update this page and note the change at the top. The version above always reflects current practice.