Privacy Policy
Magic Memories Books ("we", "our", "us") values your privacy and handles your personal data with care. This policy describes what data we collect when you use our website magicmemoriesbooks.com, how we use it, how long we retain it, and what rights you have, with special attention to children's privacy protection.
Important notice: Our customers do not create accounts on this website. There is no user registration. Each order is independent and anonymous by default. We only retain the email address and data strictly necessary to deliver the ordered product.
1. Data Controller
The data controller for your personal data is:
- Trade name: Magic Memories Books
- Website: magicmemoriesbooks.com
- General contact: info@magicmemoriesbooks.com
- Privacy and data: contacto@magicmemoriesbooks.com
2. Children's Protection (COPPA and GDPR)
Our service creates personalized books for children. We take children's privacy with the utmost seriousness:
COPPA Compliance (US — Under 13):
- • We do not collect information directly from children under 13.
- • Photographs are uploaded exclusively by parents or legal guardians.
- • By uploading a photo of a minor, the parent/guardian provides verifiable consent.
- • Parents can request immediate deletion of data at any time.
GDPR Compliance (EU/UK — Under 16):
- • We process children's data only with parental consent.
- • Legal basis: Explicit consent (Art. 6.1.a and Art. 8 GDPR).
- • Do not enter sensitive medical data or special category data in free text fields.
- • You can exercise data subject rights by contacting contacto@magicmemoriesbooks.com.
3. Data We Collect
3.1 Data you provide directly:
- • Child's name: To personalize the story.
- • Photographs: Of the person and/or pet to create AI illustrations (Photo Magic Stories only).
- • Character traits: Hair color, eyes, skin tone, age (personalization data).
- • Email address: To deliver the product (eBook, PDF) and order communications.
- • Postal address: Only if you order a physical book, to coordinate delivery with Gelato.
- • Payment data: Not stored by us; managed directly by PayPal.
3.2 Automatically collected data:
- • Technical data: IP address, browser type, operating system, device.
- • Usage data: Pages visited, visit duration, interactions (via Google Analytics, see section 10).
Data we do NOT collect:
- • We do not create user accounts or passwords.
- • We do not collect permanent biometric data or create facial recognition profiles.
4. Purposes of Processing
We process your personal data exclusively for the following purposes:
- • Processing, producing, and delivering your order (eBook, PDF, physical book).
- • Generating personalized AI illustrations from the photos you upload.
- • Communicating with you about your order, answering inquiries, and providing customer support.
- • Sending order confirmations and product delivery notifications.
- • Improving our products, services, and website functionality.
- • Analyzing website usage to optimize user experience (Google Analytics, anonymized where possible).
- • Preventing fraud and abuse of our services.
5. Legal Bases for Processing (GDPR)
We process your data based on the following GDPR legal grounds:
- Contract performance (Art. 6.1.b GDPR): To process your order, generate the product, and communicate about delivery.
- Consent (Art. 6.1.a GDPR): For processing photographs you upload and specific personalization data to create the book. You grant this consent by uploading photos and confirming your choices. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Legitimate interest (Art. 6.1.f GDPR): For fraud prevention, system security, and service improvement through aggregated usage analysis.
6. Use of Photographs and Artificial Intelligence
The photographs you upload are used exclusively to generate personalized artistic illustrations using AI models and to create a visual reference to maintain consistency in the book. By uploading images, you expressly permit us to process them through our AI systems and those of our carefully selected technology partners.
Photographs are NEVER used for:
- • Training AI or machine learning models (neither we nor our partners).
- • Marketing, advertising, or promotion.
- • Sharing with unauthorized third parties.
- • Facial recognition or creation of biometric databases.
- • Any purpose other than creating your personalized book.
Your photos and input data remain your property and are used solely to fulfill the order.
7. Data Retention and Deletion
We do not retain your data longer than strictly necessary. We apply the following retention periods:
| Data Type | Retention |
|---|---|
| Uploaded original photographs | Maximum 72 hours — automatic deletion |
| Personalization data (name, traits) | Maximum 72 hours — automatic deletion |
| Generated eBooks and artistic PDFs | Permanent access (do not contain original photos) |
| Email address and order data | As long as necessary to deliver the product and resolve issues |
| Postal address (physical books) | Until order delivery is confirmed |
| Support communications | Up to 2 years from resolution of the inquiry |
The deletion of photographs and personalization data is automatic and irreversible. We do not keep backup copies of original photos after the retention period.
8. Third Parties with Data Access
We do not sell your personal data to third parties. We only share data when necessary to provide the service:
- PayPal — Secure payment processing (PCI-DSS). We do not share card data; the buyer enters it directly on PayPal's platform. We only receive payment confirmation. PayPal Privacy Policy
- Replicate (FLUX) — AI illustration generation. Photos are processed to create the product and are not used to train models. Replicate Privacy Policy
- OpenAI — Story text generation. Does not receive photographs. OpenAI Privacy Policy
- Gelato — Printing and shipping of physical books. Only receives the data needed to produce and deliver the order (postal address). Gelato Privacy Policy
- Google Analytics — Website usage analysis (pages visited, duration, behavior). Data is anonymized where possible. See section 10. Google Privacy Policy
- Authorities — If legally required.
9. International Data Transfers
Due to the use of third-party AI technology, your data (including photos and personalization texts) may be processed on servers outside the European Economic Area (EEA), particularly in the United States. We ensure we work exclusively with providers that offer an adequate level of protection, through certification under the EU-U.S. Data Privacy Framework or through Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Cookies and Tracking Technologies
Our website uses the following types of cookies:
- Functional cookies (necessary): Essential for the website to function. They keep your session active while you personalize your story and remember your language preference. Deleted when you close your browser or the session expires.
- Analytical cookies (Google Analytics): Help us understand how visitors use the website (popular pages, time on site, etc.) to optimize it. We use Google Analytics 4 with IP anonymization enabled. Data is aggregated and anonymized where possible. You can opt out via your browser settings or the Google Analytics Opt-out extension.
- Payment cookies (PayPal, third-party): Necessary for secure payment processing through PayPal's platform. See PayPal's Privacy Policy.
We do not use advertising cookies or behavioral tracking for direct marketing purposes.
11. Data Security
We adopt appropriate technical and organizational measures to protect your data against misuse, loss, unauthorized access, and disclosure:
- • SSL/TLS encrypted transmission across the entire site.
- • Restricted access to photographs (authorized systems only).
- • Scheduled automatic deletion of sensitive data (72 hours).
- • Photographs are not publicly accessible by URL.
- • Photo files are stored with randomized unique names.
- • Regular security updates on servers.
Should a data breach occur with likely negative consequences for your privacy, we will notify you in accordance with applicable legal obligations.
12. Your Rights (Data Subject Rights — GDPR)
Under the GDPR and applicable regulations, you (or the parent/legal guardian) have the following rights:
- • Access (Art. 15 GDPR): Request what personal data we hold about you.
- • Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data.
- • Erasure / "right to be forgotten" (Art. 17 GDPR): Request deletion of your data, unless there is a legal obligation to retain it.
- • Restriction of processing (Art. 18 GDPR): Request that we temporarily restrict processing of your data in certain cases.
- • Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
- • Objection (Art. 21 GDPR): Object to processing based on our legitimate interest.
- • Not be subject to automated decisions (Art. 22 GDPR): Right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you.
- • Withdraw consent: Withdraw your consent at any time, without retroactive effect.
To exercise any of these rights, contact contacto@magicmemoriesbooks.com. We will respond within 30 days. Depending on complexity, this period may be extended by up to two additional months.
If you believe that the processing of your data violates privacy regulations, you have the right to lodge a complaint with the competent supervisory authority. In the US: Federal Trade Commission (FTC). In the EU: the data protection authority of your country of residence.
13. Payment Processing (PayPal)
Payments are processed securely through PayPal (Level 1 PCI-DSS). The payment process takes place entirely on PayPal's secure platform. We do not store credit card data or financial information on our servers. We only receive payment confirmation.
Data shared with PayPal to complete the payment:
- • Buyer's email address (for receipt and confirmation).
- • Order amount and description.
- • Internal order identifier.
14. Marketing Communications
We do not send marketing communications without your prior and explicit consent. If you opt in to receive news or promotions, you can unsubscribe at any time by clicking the unsubscribe link in each email, or by contacting info@magicmemoriesbooks.com.
15. Changes to this Policy
We reserve the right to update this policy. Any material changes will be notified on our website. We recommend reviewing this page periodically.
16. Contact
For any privacy or data protection inquiries:
- Privacy and data: contacto@magicmemoriesbooks.com
- General support: info@magicmemoriesbooks.com
- Payments: contacto@magicmemoriesbooks.com
Last updated: March 2026