← Back to FableKit

Privacy Policy

Last updated: 2 March 2026

This Privacy Policy explains how Simpaira Ltd. ("Company", "we", "us", "our") collects, uses, and protects your information when you use the FableKit service at fablekit.com ("Service").

We are committed to protecting your privacy and your child's privacy. FableKit is designed with a privacy-first approach — we collect only what is necessary to provide the Service.

1. Information We Collect

Data	Purpose	Stored Where
WhatsApp phone number	Account authentication & story delivery	Google Cloud Firestore (EU)
Child's first name	Personalising stories	Firestore (EU)
Child's age range	Age-appropriate vocabulary & themes	Firestore (EU)
Parent's name	Account profile & print orders	Firestore (EU)
Child's appearance description	AI illustration personalisation (optional)	Firestore (EU)
Child's photo (optional)	Analysed by AI to describe appearance for illustrations — not stored	Processed in memory only
Generated stories & illustrations	Your story library	Firestore + Cloud Storage (EU)
Payment information	Processing purchases	Stripe (PCI-compliant) — we never see your card details
Shipping address	Print order delivery	Passed to Lulu (print partner) — not stored by us

2. How We Use Your Information

• Story generation: Your child's name, age, and preferences are sent to Google's Gemini AI to generate personalised stories and illustration prompts. No other personal data is included in AI prompts.
• Authentication: Your phone number is used to send verification codes via WhatsApp and to identify your account.
• Delivery: Daily stories and sign-in codes are delivered to your WhatsApp number via Meta's WhatsApp Business API.
• Payments: Payment processing is handled entirely by Stripe. We receive confirmation of payment but never access your card details.
• Print orders: Shipping details are passed directly to Lulu for fulfilment and are not stored by FableKit.

3. Children's Privacy

FableKit is a service for parents to create stories for their children. Children do not interact with the Service directly. All accounts are created and managed by parents or legal guardians.

We collect only a child's first name and age range — the minimum needed to personalise stories. We do not:

• Collect children's email addresses, phone numbers, or social media accounts
• Allow children to create accounts
• Store children's photos (optional photos are analysed in-memory and immediately discarded)
• Share children's information with advertisers
• Display advertising of any kind

4. Data Sharing

We do not sell your data. We share information only with the following service providers, strictly as needed to operate the Service:

• Google Cloud Platform (EU region): Hosting, database, AI story generation, text-to-speech
• Meta (WhatsApp Business API): Delivering verification codes and daily stories
• Stripe: Payment processing
• Lulu: Print-on-demand storybook fulfilment

All service providers are bound by their own privacy policies and data processing agreements.

5. Data Storage & Security

Your data is stored in Google Cloud Firestore in the europe-west1 (Belgium) region. All data is encrypted at rest and in transit. Access to production systems is restricted to authorised personnel only.

Session tokens (JWTs) are signed with a secret key and expire after 30 days. Verification codes expire after 10 minutes.

6. Cookies & Tracking

FableKit does not use cookies, analytics trackers, or third-party tracking scripts. We use localStorage in your browser solely to store your session token for authentication. No tracking or advertising identifiers are used.

7. Your Rights (GDPR)

Under the UK GDPR and Data Protection Act 2018, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a machine-readable format
• Object to processing

To exercise any of these rights, email us at info@simpaira.com. We will respond within 30 days.

8. Data Retention

• Account data & stories: Retained for as long as your account is active. You can delete your account by contacting us.
• Verification codes: Automatically deleted after use or expiry (10 minutes).
• Child photos: Never stored — processed in memory and immediately discarded.

9. Legal Basis for Processing

• Contract: Processing your data is necessary to provide the Service you have requested (Article 6(1)(b) GDPR).
• Legitimate interest: Improving the Service and preventing fraud (Article 6(1)(f) GDPR).
• Consent: Where applicable, e.g., optional features like daily WhatsApp stories (Article 6(1)(a) GDPR).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the Service or WhatsApp. The "Last updated" date at the top of this page indicates the most recent revision.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights:

• Email: info@simpaira.com
• Company: Simpaira Ltd.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO).