Privacy Policy

1. Data We Collect

• Account data: email, display name, profile photo (if you sign in with a provider such as Google), and password (if you use email sign-up).
• Usage and product data: book titles, themes, settings, and generated images and metadata created in the Service; subscription and payment history (via our payment processor).
• Technical data: IP address, browser type, device information, and log data (e.g., access times, errors) to operate and secure the Service.
• Cookies and similar tech: we use cookies and similar technologies for session management, preferences, and analytics as described in our cookie notice.

2. How We Use Your Data

We use your data to:

• Provide, maintain, and improve the Service (e.g., generating content, storing your projects, processing payments).
• Authenticate you and communicate with you (e.g., account emails, password reset, product notifications).
• Comply with legal obligations, enforce our Terms of Service, and protect our rights and security.
• Analyze usage in an aggregated or anonymized way to improve the product and user experience.

We do not sell your personal information to third parties. We may share data with service providers (e.g., hosting, payment, email) who process it on our behalf under strict agreements.

3. Legal Basis (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data on the following bases: (a) contract — to perform our agreement with you (e.g., providing the Service and support); (b) legitimate interests — to operate, secure, and improve the Service and to communicate with you; (c) consent — where we ask for your consent (e.g., optional marketing); (d) legal obligation — where required by law. You may withdraw consent where applicable without affecting the lawfulness of processing before withdrawal.

4. Your Rights (GDPR & CCPA)

Depending on your location, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data (e.g., in Account & Settings).
• Erasure / Deletion — request deletion of your personal data, subject to legal exceptions.
• Portability — receive your data in a structured, machine-readable format (e.g., data export).
• Restriction / Object — in certain cases, restrict or object to processing (e.g., for direct marketing).
• Opt-out of sale / sharing (CCPA) — we do not sell personal information; you may opt out of “sharing” for cross-context behavioral advertising if we engage in it in the future.
• Non-discrimination (CCPA) — we will not discriminate against you for exercising your privacy rights.

To exercise these rights, use the Account & Settings → Security & Privacy options (e.g., "Export my data," "Request account deletion") or contact us as indicated below. We will respond within the timeframes required by applicable law (e.g., 30 days under CCPA; one month under GDPR, extendable where permitted). You may also have the right to lodge a complaint with a supervisory authority (e.g., in your EEA country).

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service, comply with legal obligations (e.g., tax, disputes), resolve disputes, and enforce our agreements. After account deletion, we may retain anonymized or aggregated data and data we are legally required to keep.

6. International Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) where required by law for transfers outside the EEA/UK.

7. Security

We implement technical and organizational measures to protect your data (e.g., encryption, access controls, secure infrastructure). No system is completely secure; we encourage you to use a strong password and protect your account.

8. Children

The Service is not directed at individuals under 16 (or higher age where required). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. For material changes, we may notify you by email or through the Service. Your continued use after the effective date constitutes acceptance of the updated policy.

10. Contact & Data Protection

For privacy-related requests, to exercise your rights, or for questions about this policy or our practices, contact us via the support or feedback option in the app or at the contact details on our website. If you are in the EEA/UK, you may contact our data protection representative if we have designated one (see website or app for current details).