Privacy Policy

StoryMart is operated by Mike Lenze as a sole proprietor based in Michigan, United States. For privacy questions, requests, or complaints, email mikelenze@hotmail.com. Mike Lenze is the data controller for the personal information described below.

We collect information in three ways:

a) Information you give us

• Account information: email address, password (stored as a hash), and the name you choose to display.
• Child profile information you create:the child's first name, age or birthdate, optional pronouns or gender, optional photo or likeness, and optional traits or interests you enter to personalize stories. You decide what to provide; only first name and age are typically required to generate a book.
• Story inputs: any prompts, custom themes, or preferences you enter when generating a book.
• Payment information: when you subscribe, your card details are collected directly by our payment processor, Stripe. We do not see or store full card numbers — Stripe shares only a token, billing email, and limited card metadata (such as last four digits and expiration) so we can show you your billing information.
• Communications: messages you send us by email or through support channels.

b) Information generated by your use of the Service

• Generated Books: the stories, illustrations, and PDFs the Service produces from your inputs.
• Usage data: pages and features used, book credits consumed, generation results, and similar product analytics.
• Device and log data: IP address, browser type, device identifiers, language, time zone, and access timestamps.
• Cookies and similar technologies: we use strictly-necessary cookies to keep you signed in and to secure the Service, and we use product analytics cookies (PostHog) to understand how the Service is used. Where required by law, we ask for consent before non-essential cookies are set.

c) Information from third parties

• Payment metadata from Stripe (subscription status, invoices, refund events).
• Authentication metadata from any single-sign-on provider you choose (such as a Google or similar login), limited to your email and basic profile identifiers.

We use the information we collect to:

• provide, personalize, and operate the Service — including generating Books from the inputs you provide;
• authenticate you, secure your account, and prevent fraud or abuse;
• process payments, manage subscriptions, and send transactional emails (receipts, renewal reminders, account notifications);
• run safety filtering and quality checks on generated content;
• measure usage, debug issues, and improve the Service;
• respond to your support requests and communicate with you about the Service;
• comply with legal obligations and enforce our Terms of Service.

We do not sell or rent your personal information. We do not use the content of your child profiles, uploaded photos, or Generated Books to train general-purpose AI models, and we do not allow our AI providers to use them for that purpose either.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:

• Performance of a contract — to provide the Service you signed up for, including generating books from your inputs and managing your subscription.
• Legitimate interests — to secure the Service, prevent abuse, measure and improve product usage, and communicate operational updates. We balance these interests against your rights and freedoms.
• Consent— for non-essential cookies, optional marketing communications, and the processing of children's personal data through your verifiable parental consent.
• Legal obligations — to comply with applicable tax, accounting, and law-enforcement requirements.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

We share personal information only with the categories of recipients described below, and only as needed for the purposes listed.

Service providers (sub-processors)

We use a small set of vendors to run the Service. They process data on our behalf under written contracts and are not permitted to use it for their own purposes.

Other sharing

• Legal and safety. We may disclose information where we reasonably believe it is required to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of StoryMart, our users, or the public.
• Business transfers. If StoryMart is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.
• With your consent. For any other purpose disclosed at the time we ask for your consent.

StoryMart is designed for adults — typically parents, grandparents, and caregivers — to create personalized books for children in their care. Children under 13 cannot create their own StoryMart account.A parent or legal guardian creates and controls the account, and child profiles live inside the parent's account.

What we collect about a child (only what you give us)

• first name (no last name required);
• age or birthdate;
• optional pronouns or gender;
• optional photo or likeness you upload to personalize illustrations;
• optional traits or interests you provide (favorite animal, hobby, etc.).

How we use it and what we don't do

We use this information solely to generate the personalized storybooks you request and to display the child's profile inside your account. We do not use children's information for advertising, we do not sell it, we do not let our AI providers use it to train general-purpose models, and we do not share it with third parties except the sub-processors listed in Section 5 that operate the Service.

Verifiable parental consent and your rights as a parent

By creating a child profile, you confirm that you are the parent or legal guardian of that child and consent to our collection, use, and storage of the information you provide. At any time you may:

• review the child profile data on file (Settings → Kids);
• edit or remove a child profile;
• request that we delete all information associated with a child by emailing mikelenze@hotmail.com;
• refuse to let us collect any further information about a child by deleting their profile or your account.

This section is intended to support compliance with the U.S. Children's Online Privacy Protection Act (COPPA) and the equivalent children's privacy provisions of the GDPR and UK GDPR. If you believe a child has provided information directly to us without parental consent, please contact mikelenze@hotmail.com and we will promptly delete it.

StoryMart and its sub-processors are based in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws different from those in your jurisdiction.

For transfers from the EEA, United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable) with our sub-processors.

We keep personal information for as long as your account is active, plus a reasonable period afterward to:

• provide continuity if you reactivate your account;
• comply with legal, tax, and accounting obligations (typically up to seven years for billing records);
• resolve disputes and enforce our agreements.

When you delete your account, we delete or de-identify your personal information within a reasonable period, except where we are legally required or permitted to retain it. Generated Books you have already downloaded remain in your possession.

Depending on where you live, you may have the following rights over your personal information:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete your personal information.
• Portability — receive certain information in a portable, machine-readable format.
• Objection and restriction — object to certain processing or ask us to restrict it.
• Withdraw consent — withdraw any consent you previously gave.
• Opt out of sale or sharing — although we do not sell or share personal information for cross-context behavioral advertising, California and similar U.S.-state residents may exercise this right at any time.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.
• Lodge a complaint — EEA, UK, and Swiss residents have the right to lodge a complaint with their local data protection authority.

To exercise any of these rights, email mikelenze@hotmail.com from the address on your account or use the in-product controls in Settings. We will respond within the timeframe required by applicable law (typically 30–45 days). We may need to verify your identity before fulfilling certain requests.

We use technical and organizational measures designed to protect your information — including encrypted connections, hashed passwords, access controls on our infrastructure, and limited employee access. No system is perfectly secure, however, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at mikelenze@hotmail.com.

Because we do not sell or share personal information for cross-context behavioral advertising, we treat browser-level opt-out signals such as Global Privacy Control as an additional confirmation that you do not consent to that kind of processing — which we would not engage in in any case.

We may update this Privacy Policy from time to time. If we make material changes we will give reasonable notice — for example, by email or by a prominent notice in the Service — before the changes take effect, and we will update the “Last updated” date at the top of this page.

Questions, requests, or complaints about this Policy or our handling of your information? Email mikelenze@hotmail.com.