Privacy Policy

Last updated: March 2026

1. Introduction

Tellmora, Inc. (“Tellmora,” “we,” “us,” or “our”) operates the interactive storytelling platform known as “The Land of Tellmora,” accessible at tellmora.com, app.tellmora.com, and related subdomains (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our websites, create an account, use our interactive story experiences, upload photographs, or otherwise interact with the Service.

This Privacy Policy applies to all visitors, registered users, parents and guardians of child users, and any person who interacts with the Service in any capacity. It covers information collected through our marketing site (tellmora.com), the user application (app.tellmora.com), our content delivery network (cdn.tellmora.com), and any associated APIs, mobile interfaces, or third-party integrations.

Tellmora is a mixed-audience platform that serves users of all ages, including children under the age of 13. We take our obligations under the Children’s Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws extremely seriously. Where our practices differ for child users, those differences are noted in this policy and detailed further in our Children’s Privacy Policy.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service. If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us immediately at hello@tellmora.com.

2. Information We Collect

We collect information in several categories, depending on how you interact with the Service. We are committed to the principle of data minimization: we collect only what is necessary to provide, improve, and secure the Service.

2.1 Account Information

When you create a Tellmora account, we collect:

Name: Your first name (and last name for adult accounts). For child accounts, we collect first name only to minimize data collection consistent with COPPA requirements.
Email address: Used for account verification, essential communications, and password recovery. For child accounts, we collect only the parent or guardian’s email address.
Password: Stored exclusively as a one-way cryptographic hash (bcrypt with 12 salt rounds). We never store, access, or transmit your plaintext password.
Date of birth or age range: Used to determine age-appropriate content shelves and to trigger COPPA protections for users under 13. We store the age range category (e.g., 4–8, 9–12, 13–17, 18+) rather than exact date of birth where possible.
Social login data: If you sign in with Google, Facebook, or Apple, we receive your name, email address, and account identifier from the provider. We do not receive or store your social media password.

2.2 Profile and Character Data

To create personalized story experiences, we collect:

Photographs: If you choose to upload a photo for character illustration, that photo is temporarily processed by our AI pipeline and deleted within 24 hours of processing. See Section 4 (“AI Processing and Photo Handling”) for full details.
Character Creator selections: If you use our Character Creator (an alternative to photo upload), we store your aesthetic selections (hair style, hair color, eye color, skin tone, face shape, body type, archetype) to generate and regenerate your character illustration. These are categorical selections, not biometric data.
AI-generated illustrations: The illustrations produced by our AI models based on your photo or Character Creator selections. These are stylized artistic renderings, not photographic reproductions.
Profile metadata: Display name, selected pronouns, preferred content shelf, and family relationship data (e.g., linking a child profile to a parent account).

2.3 Story and Reading Data

As you use the Service, we collect:

Story session data: Which stories you have started, your current progress, the choices you make at branching points, and session timestamps. This is essential for saving your place and allowing you to resume or replay stories.
Library and bookshelf data: Stories you have purchased, bookmarked, or added to your library.
Audio narration preferences: Voice selection and playback settings.

2.4 Payment Information

All payment processing is handled by our third-party payment processor, Stripe, Inc. When you subscribe to a plan or make a purchase:

We do not store your full credit card number, CVV, or bank account details on our servers. This information is transmitted directly to and processed by Stripe in compliance with PCI DSS Level 1 standards.
We do store: Your Stripe customer ID, subscription status, plan tier, last four digits of your payment method (for display purposes), billing email, and transaction history (amounts, dates, invoice identifiers).
Parental consent verification: For child accounts, we may process a micro-charge of $0.01 (immediately refunded) to a parent’s credit card as a method of verifiable parental consent under COPPA. This transaction is processed through Stripe and subject to the same security standards.

2.5 Usage Data

We automatically collect certain technical information when you access the Service:

Device information: Device type, operating system, browser type and version, screen resolution, and language preferences.
Network information: IP address (which may be truncated or anonymized for analytics), referring URL, and Internet Service Provider.
Interaction data: Pages visited, features used, time spent on pages, click patterns, and error logs.

Important: We do not collect usage data, analytics, or tracking information for child accounts (users identified as under 13). Child sessions are tracked only to the extent necessary to save story progress and maintain the session. No behavioral analytics, advertising identifiers, or persistent cross-session tracking is applied to child accounts.

2.6 Cookies and Tracking Technologies

See Section 9 (“Cookies and Tracking Technologies”) below for a detailed breakdown of the cookies and similar technologies we use, their purposes, and your choices regarding them.

3. How We Use Your Information

We process your personal information for the following purposes, each paired with the legal basis under the GDPR that justifies the processing:

Purpose	Legal Basis
Providing and operating the Service, including account creation, authentication, story delivery, and character illustration generation	Performance of contract
Processing payments and managing subscriptions	Performance of contract
AI processing of photos to generate character illustrations	Consent (explicit, prior to upload)
Age verification and COPPA compliance (age gating, parental consent workflows)	Legal obligation
Sending transactional communications (account verification, password resets, purchase confirmations, subscription changes)	Performance of contract
Sending marketing communications (product updates, new stories, promotions) — adults only, never to children	Consent (opt-in)
Improving the Service through aggregated analytics and usage patterns	Legitimate interest
Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues	Legitimate interest
Complying with legal obligations, responding to lawful requests, and enforcing our Terms of Service	Legal obligation
Fulfilling print-on-demand book orders through our printing partner	Performance of contract

Where we rely on legitimate interest as the legal basis, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting us.

4. AI Processing and Photo Handling

A core feature of Tellmora is transforming you into an illustrated character within our stories. Given the sensitivity of photographic data, we want to be exceptionally transparent about how photos are handled throughout this process.

4.1 The Photo Upload Process

Upload: When you choose to upload a photo, it is transmitted over an encrypted connection (TLS 1.2+) and stored temporarily in our secure cloud storage (Amazon S3) with server-side encryption (AES-256).
Processing: Your photo is sent to AI image generation models hosted on Amazon Web Services (AWS Bedrock) and, for identity illustration features, Replicate’s PhotoMaker service. These models use your photo as a visual reference to generate stylized, artistic character illustrations. The AI models produce entirely new images — they do not store, index, or retain your original photo.
Deletion: Your original source photo is permanently deleted from our storage within 24 hours of processing. This deletion is automated and irreversible. We do not retain copies, backups, or thumbnails of source photos beyond this window.
Retention of illustrations only: After processing, only the AI-generated character illustrations are retained. These are stylized artistic renderings that cannot be reverse-engineered to reconstruct the original photograph.

4.2 What We Do NOT Do With Your Photos

No facial recognition: We do not perform facial recognition, facial geometry analysis, or create facial recognition templates or faceprints from your photos.
No biometric data: We do not extract, store, or process biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), the GDPR, or similar legislation. The AI models use your photo as a stylistic reference, not as a biometric template.
No training on your photos: Your photos are not used to train, fine-tune, or improve any AI or machine learning models. They are used solely for the purpose of generating your personal character illustrations in real time.
No sharing of photos: Your source photos are never shared with other users, advertisers, data brokers, or any third party beyond the AI processing services described above.
No persistent storage by AI providers: Our AI processing providers (AWS Bedrock and Replicate) process your photo in memory and do not retain the image data after the generation request is complete, in accordance with their respective data processing agreements.

4.3 The Character Creator Alternative

We provide a privacy-first alternative to photo upload called the Character Creator. This feature allows you to design your character by selecting aesthetic attributes (hair style, color, face shape, eye color, skin tone, archetype, and more) without uploading any photograph whatsoever. Character illustrations generated through the Character Creator are based entirely on your categorical selections and do not involve any photographic data. This is particularly recommended for users who prefer not to share photographs or for child accounts where parents wish to minimize data exposure.

5. Children’s Privacy

Tellmora serves audiences of all ages, including children under the age of 13. We are fully committed to compliance with the Children’s Online Privacy Protection Act (COPPA), the UK Age Appropriate Design Code, and related international protections for children’s data. This section provides a summary; for complete details, please see our Children’s Privacy Policy.

5.1 Age Gate

All users must pass an age verification step during registration. When a user indicates they are under 13, we immediately stop collecting personal information from the child and initiate the parental consent workflow. No child account is activated until verifiable parental consent has been obtained.

5.2 Verifiable Parental Consent

We obtain verifiable parental consent through one of the following FTC-approved methods before collecting any personal information from a child:

Credit card verification: A micro-charge of $0.01 (immediately refunded) to a parent’s credit card, providing a reasonable confirmation that the consenting individual is the parent or guardian.
Signed consent form: A downloadable consent form that the parent signs and uploads back to us for verification.

5.3 Data Minimization for Children

We collect only the child’s first name and age range. No last name, street address, phone number, or other unnecessary identifiers.
The parent’s email address is used for all communications — children do not provide their own email.
Child accounts are restricted to the Kids shelf only. They cannot access Young Adult, Romance, or Adult content.
No social features, public profiles, or user-to-user communication is available on child accounts.
No analytics, behavioral tracking, advertising, or persistent identifiers are applied to child sessions.
No marketing emails are ever sent to or about child accounts.

5.4 Parental Controls

Parents and guardians have the right to:

Review all personal information collected from their child
Download a copy of their child’s data in a portable format
Request deletion of their child’s personal information and account
Revoke consent for further collection of their child’s information at any time
Manage their child’s profile settings, content access, and character data

To exercise any of these rights, contact us at hello@tellmora.com or use the Family Management controls in your account settings.

6. How We Share Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We have never sold personal information and have no plans to do so. We share personal information only in the following limited circumstances:

6.1 Service Providers

We engage trusted third-party companies to perform functions on our behalf. Each service provider is bound by contractual obligations to process personal data only on our instructions and to maintain appropriate security measures. Our current service providers include:

Amazon Web Services (AWS) — United States: Cloud infrastructure, data storage (S3), content delivery (CloudFront), AI image generation (Bedrock), email delivery (SES), and serverless computing (Lambda). AWS processes data under their Data Processing Addendum with Standard Contractual Clauses.
Replicate — United States: AI image generation for identity illustration features (PhotoMaker). Photos are processed in memory and not retained after the generation request completes.
Stripe, Inc. — United States: Payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 certified and processes payment data under their own privacy policy.
Lulu Press, Inc. — United States: Print-on-demand fulfillment for physical book orders. When you place an order for a printed book, we share only the information necessary to fulfill that order: your shipping name, shipping address, and the book content to be printed. We do not share Lulu with any other data.
Brevo (formerly Sendinblue) — European Union/United States: Email marketing and waitlist management for adult users only. We never share child data with Brevo or any email marketing provider.
Vercel, Inc. — United States: Web hosting and serverless deployment for our applications. Vercel may process request metadata (IP addresses, request headers) as part of serving our applications.

6.2 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or legal process served on us; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of users of the Service or the public; or (d) protect against legal liability.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy. In any such event, we will require the acquiring entity to honor the commitments made in this Privacy Policy, particularly those concerning children’s data.

6.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example, we may share aggregate statistics about the number of stories read across the platform or general demographic trends. This data is never derived from child accounts and cannot be re-identified.

7. Data Retention

We retain different categories of data for different periods, based on the purpose of collection, legal requirements, and the principle of storage limitation:

Source photographs: Deleted within 24 hours of AI processing. No exceptions.
Account data: Retained for the duration of your active account. Upon account deletion, personal data is purged within 30 days, except where retention is required by law (e.g., financial transaction records).
AI-generated illustrations: Retained for the duration of your account. Deleted within 30 days of account deletion or upon specific request.
Story session and progress data: Retained for the duration of your account. Deleted upon account deletion.
Payment and transaction records: Retained for up to 7 years from the date of the transaction to comply with financial record-keeping, tax, and audit obligations.
Server logs and security data: Retained for up to 90 days for security monitoring and incident investigation, then automatically purged.
Email marketing data (adults only): Retained until you unsubscribe or request deletion. Unsubscribe requests are honored within 10 business days.
Child account data: Subject to the same retention periods above, with the additional right of parents to request immediate deletion at any time. Upon parental request or consent revocation, child data is deleted within 48 hours.

8. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal information. We honor these rights for all users regardless of location wherever reasonably practicable.

8.1 Rights Under the GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:

Right of access (Art. 15): You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your rights.
Right to rectification (Art. 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to erasure (Art. 17): You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing, or where processing is unlawful.
Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification.
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
Right to object (Art. 21): You have the right to object to processing based on legitimate interest or for direct marketing purposes. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Rights related to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Our AI illustration generation does not constitute automated decision-making that produces legal effects; it is a creative content generation tool initiated at your request.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe our processing of your personal data violates applicable law.

8.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
Right to delete: You have the right to request that we delete personal information we have collected from you, subject to certain legal exceptions.
Right to correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no sale or sharing from which to opt out. We will update this policy if our practices change.
Right to limit use of sensitive personal information: To the extent we process sensitive personal information (e.g., photographs used for AI illustration), we use it only for the purposes authorized by law and disclosed in this policy.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, you may:

Email us: Send a request to hello@tellmora.com with the subject line “Privacy Rights Request.”
Use in-app controls: Account settings include options to download your data, delete your account, manage family profiles, and update your information.
For child accounts: Parents and guardians may submit requests on behalf of their children using either method above. We will verify the requestor’s identity and parental relationship before processing.

We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA). If additional time is needed due to the complexity or volume of requests, we will notify you of the extension and the reason within the initial response period. Identity verification may be required to protect against unauthorized access to your data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate, secure, and improve the Service. A “cookie” is a small text file placed on your device by a web server. We categorize our cookies as follows:

9.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled. They include:

Session cookies: Maintain your authenticated session and story reading progress.
CSRF tokens: Protect against cross-site request forgery attacks.
Cookie consent preferences: Remember your cookie choices so we do not ask repeatedly.
Load balancing: Route your requests efficiently across our infrastructure.

Legal basis: These cookies are necessary for the performance of our contract with you and for our legitimate interest in securing the Service. They do not require consent.

9.2 Analytics Cookies

These cookies help us understand how adult visitors interact with the Service so we can improve it. They collect aggregated, anonymized data such as pages visited, time on site, and navigation paths.

Analytics cookies are never set for child accounts or users identified as under 13.
IP addresses are anonymized before any analytics processing.
You may opt out of analytics cookies through the cookie consent banner or your browser settings.

Legal basis: Consent. These cookies are only set after you affirmatively opt in via our cookie consent banner.

9.3 Marketing Cookies

These cookies may be used to deliver relevant content and measure the effectiveness of our marketing campaigns. They may track your browsing activity across sites to build a profile of your interests.

Marketing cookies are never set for child accounts or users identified as under 13.
You may opt out of marketing cookies at any time through the cookie consent banner, your browser settings, or by contacting us.
Opting out of marketing cookies will not affect your ability to use the Service.

Legal basis: Consent. These cookies are only set after you affirmatively opt in via our cookie consent banner.

9.4 Managing Cookies

You can manage your cookie preferences at any time by clicking the “Cookie Settings” link in the footer of any page, or by adjusting your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling strictly necessary cookies may impair the functionality of the Service.

10. Security Measures

We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This includes photo uploads, authentication credentials, and all API communications.
Encryption at rest: Data stored on our servers, including S3 objects, database records, and backups, is encrypted using AES-256 encryption.
Password security: User passwords are hashed using bcrypt with 12 salt rounds. We never store, log, or have access to plaintext passwords.
Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Administrative access to our systems requires multi-factor authentication and is logged in an immutable audit trail.
Rate limiting and brute-force protection: Authentication endpoints are protected by rate limiting (5 failed attempts trigger a 15-minute lockout) and automated anomaly detection.
Infrastructure security: Our infrastructure is hosted on AWS and Vercel, both of which maintain SOC 2 Type II, ISO 27001, and other industry-standard security certifications.
Regular security reviews: We conduct periodic security assessments, dependency audits, and code reviews to identify and address vulnerabilities.
Incident response: We maintain an incident response plan for security breaches. In the event of a breach affecting your personal data, we will notify affected users and relevant authorities in accordance with applicable law (within 72 hours under the GDPR).

While we take robust measures to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry best practices.

11. International Data Transfers

Tellmora is operated from the United States. If you access the Service from outside the United States, including from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data protection laws that differ from U.S. law, please be aware that your personal information will be transferred to, stored in, and processed in the United States.

For transfers of personal data from the EEA, UK, and Switzerland to the United States, we rely on the following lawful transfer mechanisms:

EU-U.S. Data Privacy Framework: Where applicable, we rely on adequacy decisions and the EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. Data Privacy Framework) as recognized by the European Commission and UK authorities.
Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we use the European Commission’s Standard Contractual Clauses (Module 2: Controller to Processor) to provide appropriate safeguards for international transfers. We supplement these SCCs with additional technical and organizational measures where necessary.
Data Processing Agreements: Our sub-processors (AWS, Stripe, Vercel, Replicate, and others) maintain their own lawful transfer mechanisms, including SCCs, Data Privacy Framework self-certifications, and Binding Corporate Rules where applicable.

You may request a copy of the safeguards we have in place for international data transfers by contacting us at hello@tellmora.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

We will update the “Last updated” date at the top of this policy.
For material changes (changes that significantly alter how we collect, use, or share personal information), we will provide prominent notice through one or more of the following methods: a banner notification on the Service, an email to the address associated with your account, or an in-app notification.
For material changes affecting children’s data, we will obtain fresh parental consent before applying the new practices to existing child accounts.
Prior versions of this Privacy Policy will be archived and available upon request.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and may request deletion of your account and data.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tellmora, Inc.

Attn: Privacy Team

[Address to be inserted upon incorporation]

Email: hello@tellmora.com

For GDPR inquiries, you may also contact our Data Protection Officer at hello@tellmora.com with the subject line “DPO Inquiry.”

If you are located in the EEA and are unsatisfied with our response to a privacy concern, you have the right to lodge a complaint with your local Data Protection Authority. A list of EEA Data Protection Authorities is available at edpb.europa.eu (opens in new tab).

Privacy Policy

Last updated: March 2026

1. Introduction

2. Information We Collect

2.1 Account Information

When you create a Tellmora account, we collect:

Name: Your first name (and last name for adult accounts). For child accounts, we collect first name only to minimize data collection consistent with COPPA requirements.
Email address: Used for account verification, essential communications, and password recovery. For child accounts, we collect only the parent or guardian’s email address.
Password: Stored exclusively as a one-way cryptographic hash (bcrypt with 12 salt rounds). We never store, access, or transmit your plaintext password.
Date of birth or age range: Used to determine age-appropriate content shelves and to trigger COPPA protections for users under 13. We store the age range category (e.g., 4–8, 9–12, 13–17, 18+) rather than exact date of birth where possible.
Social login data: If you sign in with Google, Facebook, or Apple, we receive your name, email address, and account identifier from the provider. We do not receive or store your social media password.

2.2 Profile and Character Data

To create personalized story experiences, we collect:

Photographs: If you choose to upload a photo for character illustration, that photo is temporarily processed by our AI pipeline and deleted within 24 hours of processing. See Section 4 (“AI Processing and Photo Handling”) for full details.
Character Creator selections: If you use our Character Creator (an alternative to photo upload), we store your aesthetic selections (hair style, hair color, eye color, skin tone, face shape, body type, archetype) to generate and regenerate your character illustration. These are categorical selections, not biometric data.
AI-generated illustrations: The illustrations produced by our AI models based on your photo or Character Creator selections. These are stylized artistic renderings, not photographic reproductions.
Profile metadata: Display name, selected pronouns, preferred content shelf, and family relationship data (e.g., linking a child profile to a parent account).

2.3 Story and Reading Data

As you use the Service, we collect:

Story session data: Which stories you have started, your current progress, the choices you make at branching points, and session timestamps. This is essential for saving your place and allowing you to resume or replay stories.
Library and bookshelf data: Stories you have purchased, bookmarked, or added to your library.
Audio narration preferences: Voice selection and playback settings.

2.4 Payment Information

All payment processing is handled by our third-party payment processor, Stripe, Inc. When you subscribe to a plan or make a purchase:

We do not store your full credit card number, CVV, or bank account details on our servers. This information is transmitted directly to and processed by Stripe in compliance with PCI DSS Level 1 standards.
We do store: Your Stripe customer ID, subscription status, plan tier, last four digits of your payment method (for display purposes), billing email, and transaction history (amounts, dates, invoice identifiers).
Parental consent verification: For child accounts, we may process a micro-charge of $0.01 (immediately refunded) to a parent’s credit card as a method of verifiable parental consent under COPPA. This transaction is processed through Stripe and subject to the same security standards.

2.5 Usage Data

We automatically collect certain technical information when you access the Service:

Device information: Device type, operating system, browser type and version, screen resolution, and language preferences.
Network information: IP address (which may be truncated or anonymized for analytics), referring URL, and Internet Service Provider.
Interaction data: Pages visited, features used, time spent on pages, click patterns, and error logs.

2.6 Cookies and Tracking Technologies

See Section 9 (“Cookies and Tracking Technologies”) below for a detailed breakdown of the cookies and similar technologies we use, their purposes, and your choices regarding them.

3. How We Use Your Information

We process your personal information for the following purposes, each paired with the legal basis under the GDPR that justifies the processing:

Purpose	Legal Basis
Providing and operating the Service, including account creation, authentication, story delivery, and character illustration generation	Performance of contract
Processing payments and managing subscriptions	Performance of contract
AI processing of photos to generate character illustrations	Consent (explicit, prior to upload)
Age verification and COPPA compliance (age gating, parental consent workflows)	Legal obligation
Sending transactional communications (account verification, password resets, purchase confirmations, subscription changes)	Performance of contract
Sending marketing communications (product updates, new stories, promotions) — adults only, never to children	Consent (opt-in)
Improving the Service through aggregated analytics and usage patterns	Legitimate interest
Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues	Legitimate interest
Complying with legal obligations, responding to lawful requests, and enforcing our Terms of Service	Legal obligation
Fulfilling print-on-demand book orders through our printing partner	Performance of contract

4. AI Processing and Photo Handling

4.1 The Photo Upload Process

Upload: When you choose to upload a photo, it is transmitted over an encrypted connection (TLS 1.2+) and stored temporarily in our secure cloud storage (Amazon S3) with server-side encryption (AES-256).
Processing: Your photo is sent to AI image generation models hosted on Amazon Web Services (AWS Bedrock) and, for identity illustration features, Replicate’s PhotoMaker service. These models use your photo as a visual reference to generate stylized, artistic character illustrations. The AI models produce entirely new images — they do not store, index, or retain your original photo.
Deletion: Your original source photo is permanently deleted from our storage within 24 hours of processing. This deletion is automated and irreversible. We do not retain copies, backups, or thumbnails of source photos beyond this window.
Retention of illustrations only: After processing, only the AI-generated character illustrations are retained. These are stylized artistic renderings that cannot be reverse-engineered to reconstruct the original photograph.

4.2 What We Do NOT Do With Your Photos

No facial recognition: We do not perform facial recognition, facial geometry analysis, or create facial recognition templates or faceprints from your photos.
No biometric data: We do not extract, store, or process biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), the GDPR, or similar legislation. The AI models use your photo as a stylistic reference, not as a biometric template.
No training on your photos: Your photos are not used to train, fine-tune, or improve any AI or machine learning models. They are used solely for the purpose of generating your personal character illustrations in real time.
No sharing of photos: Your source photos are never shared with other users, advertisers, data brokers, or any third party beyond the AI processing services described above.
No persistent storage by AI providers: Our AI processing providers (AWS Bedrock and Replicate) process your photo in memory and do not retain the image data after the generation request is complete, in accordance with their respective data processing agreements.

4.3 The Character Creator Alternative

5. Children’s Privacy

5.1 Age Gate

5.2 Verifiable Parental Consent

We obtain verifiable parental consent through one of the following FTC-approved methods before collecting any personal information from a child:

Credit card verification: A micro-charge of $0.01 (immediately refunded) to a parent’s credit card, providing a reasonable confirmation that the consenting individual is the parent or guardian.
Signed consent form: A downloadable consent form that the parent signs and uploads back to us for verification.

5.3 Data Minimization for Children

We collect only the child’s first name and age range. No last name, street address, phone number, or other unnecessary identifiers.
The parent’s email address is used for all communications — children do not provide their own email.
Child accounts are restricted to the Kids shelf only. They cannot access Young Adult, Romance, or Adult content.
No social features, public profiles, or user-to-user communication is available on child accounts.
No analytics, behavioral tracking, advertising, or persistent identifiers are applied to child sessions.
No marketing emails are ever sent to or about child accounts.

5.4 Parental Controls

Parents and guardians have the right to:

Review all personal information collected from their child
Download a copy of their child’s data in a portable format
Request deletion of their child’s personal information and account
Revoke consent for further collection of their child’s information at any time
Manage their child’s profile settings, content access, and character data

To exercise any of these rights, contact us at hello@tellmora.com or use the Family Management controls in your account settings.

6. How We Share Information

6.1 Service Providers

Amazon Web Services (AWS) — United States: Cloud infrastructure, data storage (S3), content delivery (CloudFront), AI image generation (Bedrock), email delivery (SES), and serverless computing (Lambda). AWS processes data under their Data Processing Addendum with Standard Contractual Clauses.
Replicate — United States: AI image generation for identity illustration features (PhotoMaker). Photos are processed in memory and not retained after the generation request completes.
Stripe, Inc. — United States: Payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 certified and processes payment data under their own privacy policy.
Lulu Press, Inc. — United States: Print-on-demand fulfillment for physical book orders. When you place an order for a printed book, we share only the information necessary to fulfill that order: your shipping name, shipping address, and the book content to be printed. We do not share Lulu with any other data.
Brevo (formerly Sendinblue) — European Union/United States: Email marketing and waitlist management for adult users only. We never share child data with Brevo or any email marketing provider.
Vercel, Inc. — United States: Web hosting and serverless deployment for our applications. Vercel may process request metadata (IP addresses, request headers) as part of serving our applications.

6.2 Legal Requirements

6.3 Business Transfers

6.4 Aggregated and De-Identified Data

7. Data Retention

We retain different categories of data for different periods, based on the purpose of collection, legal requirements, and the principle of storage limitation:

Source photographs: Deleted within 24 hours of AI processing. No exceptions.
Account data: Retained for the duration of your active account. Upon account deletion, personal data is purged within 30 days, except where retention is required by law (e.g., financial transaction records).
AI-generated illustrations: Retained for the duration of your account. Deleted within 30 days of account deletion or upon specific request.
Story session and progress data: Retained for the duration of your account. Deleted upon account deletion.
Payment and transaction records: Retained for up to 7 years from the date of the transaction to comply with financial record-keeping, tax, and audit obligations.
Server logs and security data: Retained for up to 90 days for security monitoring and incident investigation, then automatically purged.
Email marketing data (adults only): Retained until you unsubscribe or request deletion. Unsubscribe requests are honored within 10 business days.
Child account data: Subject to the same retention periods above, with the additional right of parents to request immediate deletion at any time. Upon parental request or consent revocation, child data is deleted within 48 hours.

8. Your Rights

8.1 Rights Under the GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:

Right of access (Art. 15): You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your rights.
Right to rectification (Art. 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to erasure (Art. 17): You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing, or where processing is unlawful.
Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing pending verification.
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
Right to object (Art. 21): You have the right to object to processing based on legitimate interest or for direct marketing purposes. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Rights related to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Our AI illustration generation does not constitute automated decision-making that produces legal effects; it is a creative content generation tool initiated at your request.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (Data Protection Authority) if you believe our processing of your personal data violates applicable law.

8.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
Right to delete: You have the right to request that we delete personal information we have collected from you, subject to certain legal exceptions.
Right to correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no sale or sharing from which to opt out. We will update this policy if our practices change.
Right to limit use of sensitive personal information: To the extent we process sensitive personal information (e.g., photographs used for AI illustration), we use it only for the purposes authorized by law and disclosed in this policy.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, you may:

Email us: Send a request to hello@tellmora.com with the subject line “Privacy Rights Request.”
Use in-app controls: Account settings include options to download your data, delete your account, manage family profiles, and update your information.
For child accounts: Parents and guardians may submit requests on behalf of their children using either method above. We will verify the requestor’s identity and parental relationship before processing.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate, secure, and improve the Service. A “cookie” is a small text file placed on your device by a web server. We categorize our cookies as follows:

9.1 Strictly Necessary Cookies

These cookies are essential for the Service to function and cannot be disabled. They include:

Session cookies: Maintain your authenticated session and story reading progress.
CSRF tokens: Protect against cross-site request forgery attacks.
Cookie consent preferences: Remember your cookie choices so we do not ask repeatedly.
Load balancing: Route your requests efficiently across our infrastructure.

Legal basis: These cookies are necessary for the performance of our contract with you and for our legitimate interest in securing the Service. They do not require consent.

9.2 Analytics Cookies

These cookies help us understand how adult visitors interact with the Service so we can improve it. They collect aggregated, anonymized data such as pages visited, time on site, and navigation paths.

Analytics cookies are never set for child accounts or users identified as under 13.
IP addresses are anonymized before any analytics processing.
You may opt out of analytics cookies through the cookie consent banner or your browser settings.

Legal basis: Consent. These cookies are only set after you affirmatively opt in via our cookie consent banner.

9.3 Marketing Cookies

Marketing cookies are never set for child accounts or users identified as under 13.
You may opt out of marketing cookies at any time through the cookie consent banner, your browser settings, or by contacting us.
Opting out of marketing cookies will not affect your ability to use the Service.

Legal basis: Consent. These cookies are only set after you affirmatively opt in via our cookie consent banner.

9.4 Managing Cookies

10. Security Measures

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This includes photo uploads, authentication credentials, and all API communications.
Encryption at rest: Data stored on our servers, including S3 objects, database records, and backups, is encrypted using AES-256 encryption.
Password security: User passwords are hashed using bcrypt with 12 salt rounds. We never store, log, or have access to plaintext passwords.
Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Administrative access to our systems requires multi-factor authentication and is logged in an immutable audit trail.
Rate limiting and brute-force protection: Authentication endpoints are protected by rate limiting (5 failed attempts trigger a 15-minute lockout) and automated anomaly detection.
Infrastructure security: Our infrastructure is hosted on AWS and Vercel, both of which maintain SOC 2 Type II, ISO 27001, and other industry-standard security certifications.
Regular security reviews: We conduct periodic security assessments, dependency audits, and code reviews to identify and address vulnerabilities.
Incident response: We maintain an incident response plan for security breaches. In the event of a breach affecting your personal data, we will notify affected users and relevant authorities in accordance with applicable law (within 72 hours under the GDPR).

11. International Data Transfers

For transfers of personal data from the EEA, UK, and Switzerland to the United States, we rely on the following lawful transfer mechanisms:

EU-U.S. Data Privacy Framework: Where applicable, we rely on adequacy decisions and the EU-U.S. Data Privacy Framework (and the UK Extension and Swiss-U.S. Data Privacy Framework) as recognized by the European Commission and UK authorities.
Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we use the European Commission’s Standard Contractual Clauses (Module 2: Controller to Processor) to provide appropriate safeguards for international transfers. We supplement these SCCs with additional technical and organizational measures where necessary.
Data Processing Agreements: Our sub-processors (AWS, Stripe, Vercel, Replicate, and others) maintain their own lawful transfer mechanisms, including SCCs, Data Privacy Framework self-certifications, and Binding Corporate Rules where applicable.

You may request a copy of the safeguards we have in place for international data transfers by contacting us at hello@tellmora.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

We will update the “Last updated” date at the top of this policy.
For material changes (changes that significantly alter how we collect, use, or share personal information), we will provide prominent notice through one or more of the following methods: a banner notification on the Service, an email to the address associated with your account, or an in-app notification.
For material changes affecting children’s data, we will obtain fresh parental consent before applying the new practices to existing child accounts.
Prior versions of this Privacy Policy will be archived and available upon request.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tellmora, Inc.

Attn: Privacy Team

[Address to be inserted upon incorporation]

Email: hello@tellmora.com

For GDPR inquiries, you may also contact our Data Protection Officer at hello@tellmora.com with the subject line “DPO Inquiry.”