Privacy Policy

1. Introduction

Welcome to PageWeaver ("we," "us," or "our"). PageWeaver is operated by PageWeaver and is available at pageweaver.ai. We provide an AI-powered platform that allows parents and guardians to create personalized children's storybooks featuring their children, family members, and friends.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information and the information of any children featured in your storybooks. We are committed to protecting the privacy of families and children who use our platform.

By using PageWeaver, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our service.

2. Information We Collect

2.1 Account Information

When you create a PageWeaver account, we collect:

• Email address
• Display name
• Password (stored as a one-way bcrypt hash; we never store your plaintext password)
• Account type (personal, educator, or corporate)
• Age confirmation (a timestamp recording that you confirmed you are 18 or older, retained for COPPA compliance)

2.2 Children's Photos

To create personalized storybooks, parents or legal guardians upload photos of their children and other individuals (family members, friends). These photos are used solely for the purpose of generating illustrated style conversions and story illustrations. We require that only parents or legal guardians upload photos of minors and that they have the authority and consent to do so.

2.3 Payment Information

Payment processing is handled entirely by Stripe. When you purchase a subscription, page pack, gift pass, or print order, your payment card details are collected and processed directly by Stripe. We do not receive, store, or have access to your full credit card numbers. We retain only a record of the transaction (amount, date, subscription status, and the last four digits of your card) for billing and support purposes.

2.4 Usage Data and Analytics

We collect aggregated, anonymous usage data to understand how our service is used and to improve it. This includes:

• Pages visited and features used
• Story creation and viewing activity (aggregated)
• Error logs and performance metrics

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. We also maintain lightweight first-party analytics for service improvement, which track anonymous page views and events without identifying individual users.

2.5 Device and Browser Information

When you access PageWeaver, our servers automatically collect standard log information such as your IP address, browser type and version, operating system, referring URL, and access timestamps. This information is used for security monitoring, abuse prevention, and service reliability. IP addresses are not linked to your account or personal profile for analytics purposes.

2.6 Content You Create

We store the stories, books, character profiles, custom locations, and other content you create on our platform. This includes AI-generated story text, illustrations, and any audio narrations generated for your stories.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide our service: Generating personalized storybooks, converting photos into illustrated art styles, creating story text and illustrations, and producing audio narrations.
• To process payments: Managing subscriptions, page pack purchases, gift passes, and print orders through Stripe.
• To communicate with you: Sending transactional emails (account verification, password resets, order confirmations, story completion notifications) via our email provider, Resend. We do not send unsolicited marketing emails without your explicit consent.
• To improve our service: Analyzing aggregated, anonymous usage patterns to improve features, fix bugs, and optimize performance.
• To ensure safety and security: Moderating uploaded content for appropriateness, preventing abuse, and maintaining the security of our platform.
• To fulfill print orders: Transmitting print-ready files and shipping addresses to our print fulfillment partner to produce and deliver physical books.

4. Children's Privacy (COPPA Compliance)

PageWeaver is designed for use by parents, guardians, and educators — not by children directly. We take the privacy of children extremely seriously and are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar regulations.

• Adult accounts only: Only individuals aged 18 or older may create a PageWeaver account. We do not knowingly collect personal information directly from children under 13 (or under 16 in jurisdictions where applicable).
• Parental/guardian control: All photos of children are uploaded by their parent or legal guardian, who retains full control over that data. Parents and guardians can view, manage, and delete all content associated with their children at any time.
• Limited use of children's photos:Children's photos are used solely for the purpose of generating illustrated style conversions and story illustrations within the parent's account. Photos are processed by our AI service providers only to fulfill the specific request made by the parent.
• No AI model training: Children's photos are not used to train, fine-tune, or improve any AI or machine learning models. Photos are processed for the sole purpose of generating the requested content and are not retained by our AI providers for training purposes.
• Deletion rights:Parents and guardians can delete all of their children's photos, characters, and associated content at any time through their account settings. When a character is deleted, the original uploaded photo and all generated style conversions are permanently removed from our storage systems.
• No direct collection from children: We do not have features that allow children to input personal information, create accounts, or interact with the service without adult supervision. Our Kids Mode feature is a read-only, PIN-protected viewing experience controlled by the parent.

If you believe we have inadvertently collected personal information from a child without proper parental consent, please contact us immediately at support@pageweaver.ai and we will promptly delete the information.

5. How We Share Information

We do not sell, rent, or trade your personal information to third parties. We share information only in the following limited circumstances:

5.1 AI Service Providers

To generate stories, illustrations, and audio narrations, we transmit relevant data (such as character photos and story prompts) to our AI service providers. These providers process the data solely to fulfill your specific content generation requests:

• Anthropic — Story text generation and orchestration
• Google AI (Gemini) — Image generation, theme suggestions, and character analysis
• OpenAI — Fallback image generation and content moderation
• ElevenLabs — Audio narration (text-to-speech)
• fal.ai — Image upscaling for print quality

These providers are contractually prohibited from using your data for training their AI models. Data is transmitted securely via encrypted connections (TLS) and is processed only for the specific request. We do not share your account information, email address, or payment details with these providers.

5.2 Payment Processing

Stripe processes all payment transactions. When you make a purchase, your payment information is collected directly by Stripe and is subject to Stripe's Privacy Policy. We share only the information necessary to process payments (such as your email and the transaction amount).

5.3 Print Fulfillment

When you order a printed book, we share the following with our print fulfillment partner, Lulu:

• The print-ready PDF of your book (containing illustrations and story text)
• Your shipping name and address

We share only the minimum information necessary to print and ship your order. We do not share your email address, account details, or payment information with Lulu.

5.4 Infrastructure

Our service is hosted on Google Cloud Platform (GCP). Your data (including uploaded photos, generated content, and account information) is stored on GCP infrastructure in the United States. Google acts as a data processor and is bound by their Data Processing Agreement.

5.5 Email Communications

Transactional emails (such as account verification, password resets, and order notifications) are sent through Resend. We share only your email address and the email content with Resend for delivery purposes.

5.6 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

6. Data Storage and Security

We implement industry-standard security measures to protect your personal information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). All communication between our services and third-party providers also uses encrypted connections.
• Encryption at rest:Data stored in our databases and cloud storage is encrypted at rest using Google Cloud's default encryption (AES-256).
• Secure media access: Photos and generated content are stored in private cloud storage buckets. Access is controlled through time-limited signed URLs, ensuring that media files cannot be accessed without proper authorization.
• Password security: Passwords are hashed using bcrypt with a unique salt per user. We never store or have access to your plaintext password.
• Authentication: We use JSON Web Tokens (JWT) for session management, stored in secure httpOnly cookies that are not accessible to client-side JavaScript. Tokens have short expiration times and are refreshed automatically.
• Access controls: We enforce strict ownership checks on all resources. You can only access your own photos, stories, and account data. Administrative access is logged and audited.
• Infrastructure: Our service is hosted on Google Cloud Platform in the United States, which maintains SOC 2, ISO 27001, and other security certifications.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents and notifying affected users as required by applicable law.

7. Data Retention

• Account data: Your account information is retained for as long as your account is active. You may delete your account at any time through your account settings.
• Account deletion: When you delete your account, it enters a 30-day soft deletion grace period during which you can restore it. After 30 days, your account and all associated data (including characters, photos, stories, and generated content) are permanently and irrevocably deleted from our systems.
• Generated content: Stories, illustrations, audio narrations, and other generated content are retained until you choose to delete them or until your account is permanently deleted.
• Payment records: Transaction records, invoices, and subscription history are retained as required by applicable tax and financial regulations, even after account deletion. These records do not contain full payment card numbers.
• Analytics data: Aggregated, anonymous usage data is retained indefinitely for service improvement purposes. This data cannot be linked back to individual users.
• Server logs: Access logs and error logs containing IP addresses are retained for up to 90 days for security and debugging purposes, after which they are automatically deleted.

8. Your Rights

You have the following rights regarding your personal information:

• Access: You can access and view all personal information we hold about you through your account dashboard, including your profile, characters, stories, and billing history.
• Correction: You can update your account information (name, email, password) at any time through your account settings.
• Deletion: You can delete individual characters, stories, and content at any time. You can also delete your entire account, which will permanently remove all associated data after the 30-day grace period.
• Data export: You can download your stories as PDF or ePub files at any time. If you need a full export of your personal data, please contact us at support@pageweaver.ai.
• Marketing opt-out: You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us. Note that you will still receive transactional emails related to your account and orders.
• Withdraw consent: Where we rely on your consent to process your data, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before your withdrawal.

To exercise any of these rights, you can use the self-service options in your account settings or contact us at support@pageweaver.ai. We will respond to your request within 30 days.

8.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@pageweaver.ai.

8.2 European Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data includes the performance of our contract with you (providing the service), your consent (where applicable), and our legitimate interests (service improvement and security).

9. Cookies and Tracking

9.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our service. These include authentication tokens stored in secure, httpOnly cookies. These cookies cannot be disabled as they are required for the service to function. They do not track you across websites and contain no personal information beyond your encrypted session identifier.

9.2 Analytics

We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies, does not collect personal data, and does not track users across websites. Plausible is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent banners. All analytics data is aggregated and anonymous.

9.3 No Advertising Cookies

We do not use any third-party advertising cookies or tracking pixels. We do not participate in ad networks, retargeting programs, or any form of cross-site tracking. Your browsing activity on PageWeaver is not shared with advertisers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you by email if the changes significantly affect how we handle your personal information or your children's data
• Provide a summary of the key changes

We encourage you to review this Privacy Policy periodically. Your continued use of PageWeaver after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days. For urgent matters regarding children's data, we will prioritize and respond as quickly as possible.