← Back to Home
🔒

Privacy Policy

Last updated: March 1, 2026

👶 We take children's privacy seriously

MiaStorybook is fully compliant with COPPA (Children's Online Privacy Protection Act) and GDPR. We do not display ads, sell data, or collect personal information from children.

1. Who We Are

MiaStorybook ("we", "us", "our") operates the children's digital library at MiaStorybook.com. This policy explains what information we collect, how we use it, and your rights regarding that data.

Data controller contact: privacy@MiaStorybook.com

2. Information We Collect

From account holders (adults):

  • Name and email address (for account creation)
  • Payment information (processed by Stripe — we do not store card details)
  • Login activity and session data
  • Terms acceptance date and version

From child profiles:

  • First name or nickname only (no email, no last name, no birthdate)
  • Age group (e.g., "3–5 years") — not exact age
  • Avatar selection
  • Reading progress (which books read, pages viewed, time spent)
  • Badges and reading streaks earned

Automatically collected:

  • IP address (for security and fraud prevention, not linked to children)
  • Browser type and device type
  • Pages visited and time on site (aggregate analytics only)

3. How We Use Information

  • Provide and improve the MiaStorybook service
  • Process subscription payments and gifts
  • Send transactional emails (receipts, password resets, gift codes)
  • Track reading progress and award badges within the platform
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

We do not use data for advertising, profiling, or sell it to third parties.

4. Children's Privacy (COPPA)

  • Accounts are created strictly by adults (18+). Children cannot sign up.
  • We collect only the minimum data necessary from child profiles.
  • Child reading data is never shared with third parties.
  • The leaderboard shows only first name + last initial (e.g., "Emma T.") — never full names.
  • Parents can request deletion of their child's data at any time.

5. Data Sharing

We share data only with:

  • Stripe — payment processing (PCI-DSS compliant)
  • Cloud database hosting provider (data stored securely with encryption at rest)
  • Cloud media storage provider — for story illustrations and audio files
  • Transactional email provider — for receipts, password resets, and notifications
  • AI text-to-speech provider — for story audio narration

All processors are under Data Processing Agreements. We do not share data with advertisers.

6. Data Retention

  • Account data is retained while your subscription is active and for 90 days after deletion.
  • Child profile data is deleted when the parent deletes the profile or account.
  • Payment records are retained for 7 years per tax law requirements.

7. Your Rights (GDPR)

If you are in the EEA, UK, or Thailand, you have the right to:

  • Access — receive a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — request deletion ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain processing

Submit requests to: privacy@MiaStorybook.com. We respond within 30 days.

8. Security

We protect your data using industry-standard measures including HTTPS encryption, database access controls, and regular security audits. No method is 100% secure — if you believe your account has been compromised, contact us immediately.

9. Cookies

We use cookies for authentication sessions and basic analytics. See our Cookie Policy for details.

10. Changes to This Policy

We'll notify you by email of material changes at least 14 days before they take effect. The updated policy will always be available at this URL.

11. Contact

Questions about privacy? Email us at privacy@MiaStorybook.com

Terms of ServiceCookie Policy