Privacy Policy
Transparency is highly valued by us. Here you will find detailed information about how we protect and process your data and your children's profiles.
1. General Information & Responsibility
We take the protection of your personal data and your children's data very seriously. All personal data is treated confidentially and in accordance with legal regulations (specifically the EU General Data Protection Regulation GDPR) and this privacy policy.
Storyfanti
Proprietor: Adam Summak
Auf dem Backenberg 26
44801 Bochum
Germany
Email: info@admsu.com
*The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2. Hosting & Infrastructure
Our website and backend applications run on professional, state-of-the-art infrastructure providers. This ensures fast, secure data delivery and optimal scalability.
Hosting Provider: Vercel
We host our application on the Content Delivery Network (CDN) provided by Vercel Inc. (340 S Lemon Ave #4133 Walnut, CA 91789, USA). Vercel processes connection metadata and server logs (IP address, browser type, referrer URL, time) to serve our website and defend against potential cyberattacks. US data transfers are fully covered by EU Standard Contractual Clauses (SCC) and robust data security setups.
Database & Serverless-Backend: Supabase
For database and cloud asset storage (user details, secure session keys, child profiles, and generated story history), we use the backend framework of Supabase Inc. (USA). Data is safely hosted in PostgreSQL instances and isolated storage bucket systems, preventing unauthorized access by third parties.
3. Artificial Intelligence & Media Synthesis
To bring Storyfanti to life, we process your children's details, traits, and requested themes using state-of-the-art AI APIs. This data is exclusively processed to generate stories on-demand and is NEVER utilized to train public machine learning models.
Google Gemini (Gemini API)
We utilize APIs of Google LLC (Gemini API, USA) to generate the magical and soothing text of your child's bedtime stories, matching their age, gender, and selected interests.
OpenAI (GPT & OpenAI TTS)
Story text is processed via OpenAI Ireland Limited / OpenAI LLC (USA) to translate or optimize text and synthesize peaceful reading voices (e.g. "onyx") for a cozy audiobook feeling.
Fal.ai (Beautiful Watercolor Paintings)
Custom children's book illustrations are rendered on-demand by sending optimized prompts to image generation pipelines via Fal.ai (FAL Labs, USA), using the state-of-the-art `flux/schnell` model.
Google Cloud Run (Secure Video Processing)
Our custom movie renderer, transforming illustrated books and audios into sleeping-friendly mp4 videos, is hosted on our secure, isolated Google LLC Cloud Run container deployed in Frankfurt (Germany/Europe).
4. Payment Processing (Stripe)
Paid subscription tiers and single coin orders are handled through secure billing pathways. We never store credit card or bank details on our databases.
Stripe
All credit cards and payment requests are safely routed directly to Stripe Payments Europe, Ltd. (1 Grand Canal Street Lower, Dublin, Ireland) in a PCI-DSS compliant manner. Stripe returns simple notifications and invoice references to register purchases and activate coins.
5. Email Delivery (Mailjet & Mailtrap)
Crucial security notifications, password resets, and magic signup links are dispatched via verified SMTP gateways.
Mailjet
Operated by Sinch France SAS (Paris, France). Processes email address and user first name to execute rapid, GDPR-compliant mail delivery.
Mailtrap
Operated by Railsware Product Studio (USA). Used for local developer debugging and sandboxed email template styling.
6. Collected Data & Purpose
We minimize data collection, only keeping what is necessary to fulfill our service and tax duties.
| Data Type | Processing Purpose | Legal Ground |
|---|---|---|
| Email & First Name | Account authorization, system alerts, password updates, invoicing | Art. 6 (1)(b) GDPR (Contractual execution) |
| Child Profiles (Name, Age, Gender) | Customizing storylines and pacing content appropriately for kids | Art. 6 (1)(b) GDPR (Contractual execution) |
| Interests & Traits (e.g. dinosaurs, creative) | Embedding kid's hobbies and personality into the AI stories dynamically | Art. 6 (1)(b) GDPR (Contractual execution) |
| Payment metadata (via Stripe) | Activating purchased subscription coins and general legal accounting | Art. 6 (1)(b) & (f) GDPR (Contract & Tax Duty) |
7. Your GDPR Rights
As a registered user, you hold powerful rights under the European Union GDPR guidelines.
Right to Access (Art. 15 GDPR): You are entitled to receive details on what data is stored and who received copies of it.
Correction & Erasure (Art. 16 & 17 GDPR): You can demand corrections or erasure of your files. When you delete your account (which is executable inside your Profile dashboard), all children's profiles and generated audio/books are completely and permanently wiped.
Portability (Art. 20 GDPR): You can ask for dynamic, machine-readable copies of any information processed in contract fulfillment.
Lodge a Complaint: You have a legal right to submit complaints to your local data protection agency.