SparkleReads logo

SparkleReads

Privacy Policy

Your family's privacy and safety are our utmost priority. This policy explains how we protect and use your personal information while you enjoy our personalised story magic.

Last updated: 28 June 2025

1. Who We Are

SparkleReads is a UK-based digital service that creates personalised, AI-generated bedtime stories for children. We are committed to protecting your privacy and complying with UK GDPR, the Children's Code (Age Appropriate Design Code), and all applicable data protection laws.

Data Controller: SparkleReads
Website: https://sparklereads.com
Contact: For privacy enquiries, please contact us through our website

2. Information We Collect

2.1 Child Information (For Story Creation)

  • Child's first name (for personalisation)
  • Child's age (to ensure age-appropriate content)
  • Child's gender (optional, for story personalisation)
  • Child's ethnicity (optional, for inclusive representation)

2.2 Account Holder Information

  • Email address (for account access and communication)
  • Display name (how you'd like to be addressed)
  • Account preferences and settings

2.3 Payment Information

  • Billing information (processed securely by Stripe)
  • Payment history and subscription status
  • VAT information (if applicable)

2.4 Technical Information

  • IP address and location data (for service delivery)
  • Device information and browser type
  • Usage analytics and story generation logs
  • Cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Information

3.1 Story Generation and Personalisation

We use child information to:

  • Create personalised, age-appropriate stories
  • Ensure inclusive representation in our stories
  • Tailor content to your child's interests and developmental stage

3.2 Service Provision

  • Manage your account and subscription
  • Process payments securely
  • Provide customer support
  • Send service-related communications

3.3 Legal Compliance and Safety

  • Comply with legal obligations
  • Protect against fraud and abuse
  • Ensure child safety and age-appropriate content

4. Legal Basis for Processing

Under UK GDPR, we process your information based on:

  • Contract: To provide our story generation service
  • Legitimate Interests: To improve our service and ensure child safety
  • Legal Obligation: To comply with applicable laws
  • Consent: For marketing communications (where applicable)

Children's Protection: As required by the Children's Code, we apply enhanced protections for users under 18, including privacy-by-default settings and restrictions on data use.

5. Data Sharing and Third Parties

5.1 Our Service Providers

  • Supabase: Secure database hosting (EU/UK data centres)
  • Stripe: Payment processing (PCI DSS compliant)
  • OpenAI/Google: AI story generation (data processed securely)
  • Vercel: Website hosting and performance

5.2 Data Protection Agreements

All third-party processors are bound by comprehensive Data Processing Agreements (DPAs) that ensure UK GDPR compliance and appropriate safeguards for your data.


5.3 We Never Share For:

  • Marketing or advertising to children
  • Creating profiles for commercial purposes
  • Selling or renting personal information
  • Any purpose not directly related to our service

6. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Restrict Processing: Limit how we use your data
  • Object: Object to processing based on legitimate interests

Children's Rights: Parents/guardians can exercise these rights on behalf of children under 18. We may verify parental responsibility before processing requests involving children's data.

7. Data Security and Retention

7.1 Security Measures

  • End-to-end encryption for all personal data
  • Secure, UK/EU-based data centres
  • Regular security audits and monitoring
  • Strict access controls and staff training

7.2 Data Retention

  • Active Accounts: Data retained whilst your account is active
  • Inactive Accounts: Data deleted after 2 years of inactivity
  • Payment Data: Retained for 7 years for tax/legal requirements
  • Marketing Data: Deleted immediately upon unsubscribe

8. International Transfers

We primarily store data within the UK/EEA. When international transfers are necessary (e.g., for AI processing), we ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Additional safeguards for enhanced protection

9. Cookies and Analytics

We use essential cookies for service functionality and may use analytics cookies with your consent. Please see our separate Cookie Policy for full details.

Children's Protection: We do not use tracking cookies or behavioural advertising for users under 18, in compliance with the Children's Code.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The date of the last update is shown at the top of this policy.

11. Contact Us

If you have any questions about this privacy policy or wish to exercise your rights, please contact us through our website. For urgent privacy matters, we aim to respond within 72 hours.

Complaints: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached. Visit ico.org.uk for more information.