1. Introduction
Magical Story ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our AI-powered personalized storybook service.
We comply with the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act, and other applicable privacy laws.
2. Data Controller
Magical Story
Zurich, Switzerland
Email: privacy@magicalstory.ch
For GDPR purposes, we are the data controller for the personal data we process.
3. Data We Collect
We collect and process the following types of data:
Account Information:
• Email address
• Password (encrypted)
• Account preferences
Photos and Character Data:
• Photos you upload for character creation
• Character names and descriptions
• Age, gender, and personality traits you provide
Generated Content:
• AI-generated avatar images
• Story text and illustrations
• Scene descriptions
Usage Data:
• IP address
• Browser type and device information
• Pages visited and features used
• Story generation history
Payment Information:
• Processed securely through our payment provider (Stripe)
• We do not store full credit card numbers
4. How We Use Your Photos
This is important: Your photos are processed as follows:
1. Upload & Processing: When you upload a photo, it is sent to our AI image processing system to create an illustrated avatar that resembles the person in the photo.
2. Temporary Storage: Original photos are stored temporarily during the story creation process.
3. Avatar Generation: The AI analyzes facial features, clothing, and other visual elements to create a cartoon/illustrated version.
4. Data Retention:
• Original photos: Deleted within 30 days after story completion
• Generated avatars: Retained as part of your story until you delete your account
• You can request immediate deletion at any time
5. No Third-Party Sharing: Your photos are never shared with third parties for marketing or other purposes. They are only processed by our AI systems and cloud infrastructure providers (under strict data processing agreements).
5. Legal Basis for Processing (GDPR)
We process your personal data based on:
• Consent: For processing photos and creating personalized stories (you provide explicit consent during upload)
• Contract: To provide the services you have purchased
• Legitimate Interest: For improving our services and preventing fraud
• Legal Obligation: For tax records and legal compliance
6. Children's Privacy
Our service may be used to create stories featuring children. We take special care with this data:
• Only parents or legal guardians may upload photos of children
• We require explicit consent confirmation before processing photos of minors
• Photos of children are subject to the same security measures and retention policies
• We comply with COPPA (US), GDPR-K (EU), and other child privacy regulations
• We do not knowingly collect data directly from children under 16
7. Data Security
We implement robust security measures:
• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Control: Strict access controls limit who can access personal data
• Infrastructure: We use enterprise-grade cloud infrastructure with security certifications
• Monitoring: Continuous security monitoring and regular audits
• Incident Response: Documented procedures for handling any data breaches
8. Data Sharing
We share data only with:
Service Providers (under Data Processing Agreements):
• Cloud hosting (Railway, AWS)
• AI processing (Google Cloud, OpenAI)
• Payment processing (Stripe)
• Email services
We never sell your personal data to third parties.
Legal Requirements:
We may disclose data if required by law, court order, or to protect our legal rights.
9. International Data Transfers
Your data may be processed in:
• Switzerland (primary)
• European Union
• United States (for certain AI processing)
For transfers outside the EU/EEA, we rely on:
• EU Standard Contractual Clauses
• Adequacy decisions where applicable
• Appropriate safeguards as required by GDPR
10. Your Rights
Under GDPR and applicable laws, you have the right to:
• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at privacy@magicalstory.ch or use the account settings in our app.
11. Data Retention
We retain data for the following periods:
• Account data: Until you delete your account
• Original photos: Maximum 30 days after story completion
• Generated stories and avatars: Until you delete them or your account
• Payment records: 7 years (legal requirement)
• Server logs: 90 days
You can delete your account and all associated data at any time through account settings.
12. Cookies and Tracking
We use:
Essential Cookies:
• Authentication and session management
• Security features
Google Analytics 4:
• We use Google Analytics 4 to understand how visitors use our website (pages visited, features used, where visitors leave)
• Google Analytics sets cookies to recognize returning visitors; full IP addresses are not logged or stored by Google Analytics 4
• The data is used in aggregated form to improve our website and service
Google Ads:
• We use Google Ads conversion tracking to measure whether our advertising works (e.g. whether an ad click leads to a trial story)
• Google Ads sets cookies to attribute website visits to ad clicks
You can opt out at any time: block cookies in your browser settings, use a browser extension such as uBlock Origin, or install the Google Analytics opt-out add-on (tools.google.com/dlpage/gaoptout).
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via:
• Email notification
• Prominent notice on our website
• In-app notification
Continued use after changes constitutes acceptance of the updated policy.
14. Contact & Complaints
For privacy questions or to exercise your rights:
Email: privacy@magicalstory.ch
If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority:
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
• EU: Your national Data Protection Authority