GDPR Compliance

Our Commitment to GDPR

Sparktale AI is committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR). This page explains how we handle your data in accordance with GDPR requirements.

Data Controller

Sparktale AI is the data controller responsible for your personal data. We determine the purposes and means of processing your personal information. For any questions about how we handle your data, contact us at [email protected].

Legal Basis for Processing

We process your data based on the following legal grounds: Performance of Contract (to process your orders and deliver your books), Legitimate Interest (to improve our services, prevent fraud, and ensure security), Consent (for marketing communications and non-essential cookies), and Legal Obligation (to maintain tax records and comply with legal requirements).

Your Rights Under GDPR

Under GDPR, you have the following rights: Right of Access - request a copy of your personal data; Right to Rectification - correct inaccurate data; Right to Erasure ('Right to be Forgotten') - request deletion of your data; Right to Restriction - limit how we process your data; Right to Data Portability - receive your data in a machine-readable format; Right to Object - object to processing for marketing or based on legitimate interest; Right to Withdraw Consent - withdraw consent at any time; Right to Lodge Complaint - file a complaint with a supervisory authority.

How to Exercise Your Rights

To exercise any of these rights, email [email protected]. We will respond within 30 days (which may be extended to 3 months for complex requests). We may need to verify your identity before processing your request.

Photo Data - Special Handling

We understand the sensitivity of children's photos. Photos are deleted immediately after your book is fully created. For incomplete books, you will receive a reminder after 5 days; photos are automatically deleted after 7 days. Photos are never used to train AI models and are never shared with third parties for any other purpose.

Data Retention

We retain your data only as long as necessary: Photos are deleted immediately after full book creation (for incomplete books, you receive a reminder after 5 days and photos are deleted after 7 days); Book illustrations are kept until you delete them; Account data is kept while your account is active plus a reasonable period after closure; Order and invoice data is kept for 7 years (legal requirement); Marketing data is kept until you withdraw consent.

Third-Party Processors

We work with trusted service providers: Stripe for payment processing, Google Gemini for AI illustration generation (photos are processed but not stored), Lulu for professional book printing (receives only final print files), and Mixpanel for product analytics (anonymized usage data, EU data residency available). These partners are contractually bound to protect your data.

International Transfers

Some of our service providers may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR.

Children's Data

Our service is intended for adults (parents/guardians) to create books for children. You must be at least 16 years old to create an account. We collect children's names and photos only when provided by their parents/guardians for the purpose of creating personalized books.

Contact Us

For any GDPR-related questions or to exercise your rights, contact us at [email protected].

Imprint

Company Name

Sparktale AI

Legal Form

Self-employed

Contact

[email protected]

Address

1040, Vienna, Austria