1. Introduction & Version
This Privacy Policy explains how Tellmestories, operating via WhatsApp, collects, uses, stores, and protects your personal data. It applies to all users in Europe and beyond. It is permanently available on our website and when subscribing to our services.
2. Data Collected and Methods
We collect the following data:
- Directly provided data: first name, age, interests, children’s preferences, WhatsApp contacts, voice notes, content of personalized stories.
- Technical data: phone number (for the WhatsApp interface), message metadata, logs (dates and times of request submission, permanently pseudonymized for performance and security), IP addresses on our backend servers.
- Payment data: via Stripe (details securely transferred, we never access CVV data).
This collection is strictly used to provide, personalize, and improve our services.
3. Legal Bases & Consent
In accordance with GDPR, processing is based on:
- Your explicit consent (upon subscription, checkboxes, oral note via WhatsApp)
- The performance of the service contract (story creation)
- Our legitimate interest in maintaining and improving the service (security, analytics, personalization)
You have the right to withdraw your consent at any time.
4. Use of Data
We use your data to:
- Generate personalized stories according to your instructions.
- Personalize context memory (Smart Learning Memory).
- Send PDFs, offer book printing, notifications via WhatsApp.
- Bill and manage your subscription via Stripe.
- Improve the tool (usage statistics, AI optimization).
5. Data Sharing and Transfers
Your data is never sold. It may be shared with:
- Stripe (payments)
- AI Providers (generative models), only with data minimization and under strict contracts.
- Cloud host (EU hosting, encryption in transit and at rest).
- Legal authorities in case of judicial obligation.
6. Security & Retention Period
Measures implemented for the protection of your data:
- SSL/TLS encryption in transit and AES-256 at rest.
- Strictly controlled access.
- Regular backups.
- Proactive monitoring and incident response plan.
Retention period:
- Until voluntary account deletion: 30 days of active retention + 30 months of automatic quarantine deletion.
- Anonymized or pseudonymized logs retained for analytics for up to 24 months.
7. Your Rights and Requests
Under GDPR (and other similar regulations), you can exercise:
- Right of access, rectification, erasure, data portability.
- Right to restrict or object to certain uses.
- Right to withdraw consent, to lodge a complaint with the CNIL or a competent authority.
Contact: hello@tellmestories.ai for any GDPR request or privacy-related question.
8. WhatsApp Specificity & GDPR Business API Compliance
We use the WhatsApp Business API, hosted via an EU-certified Business Solution Provider, ensuring GDPR compliance. Metadata is processed with your explicit consent.
9. Artificial Intelligence — Transparency & European Regulations
Tellmestories utilizes AI models (AI Act – applicable from February 2025), classified as “limited/minimal risk” (playful content generation). We guarantee:
- No automated decisions with consequences (especially educational) without human oversight.
- Transparency regarding the use of AI models.
- Compliance monitoring for GDPR, AI Act, and Data Act (portability, fair exchanges, transparency).
10. Policy Updates
We may update this Privacy Policy. We will notify you in advance via WhatsApp (for major changes), and will publish archived previous versions on our website.
11. Clear Design & Simplified Reading
At the top of your policy page:
- Clear summary in accessible language.
- “Quick read” boxes for busy parents.
- Full version accessible with one click.
