AlreadyLoved

Privacy Policy

Last updated: January 2025

1. Introduction

AlreadyLoved ("we," "us," or "our") operates the website alreadyloved.com and related services (collectively, the "Services"). We create personalized children's books featuring your child's name, likeness, and characteristics.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information and your child's information when you use our Services. We take children's privacy extremely seriously and are committed to compliance with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

When you use our Services, you may provide us with:

  • Account Information: Name, email address, and password when creating an account
  • Child Information: Your child's first name, age/birthday, pronouns, and personalization preferences (collected with parental consent)
  • Photos: Images of your child that you upload for book personalization
  • Shipping Information: Delivery address, phone number for shipping notifications
  • Payment Information: Credit card details (processed securely through our payment processor, not stored by us)
  • Communications: Messages you send to us via email or support channels

2.2 Information Collected Automatically

When you access our Services, we may automatically collect:

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages visited, time spent, click patterns (anonymized)
  • IP Address: Used for fraud prevention and approximate location
  • Cookies: Session and preference cookies (see Section 10)

3. Children's Privacy & COPPA Compliance

Important: Our Services are designed for parents/guardians to create personalized books for their children. Children under 13 should not use our website directly. All information about children is provided by parents/guardians.

3.1 Parental Consent

We require verifiable parental consent before collecting any personal information about children under 13. By providing information about your child and purchasing our products, you represent that:

  • You are the parent or legal guardian of the child
  • You consent to our collection and use of your child's information as described in this policy
  • You understand the information will be used to create a personalized product

3.2 Limited Collection

We only collect the minimum information necessary to create your personalized book:

  • Child's first name (for story personalization)
  • Child's age or birthday (for age-appropriate content)
  • Child's photo (for character illustration - processed and deleted, see Section 4)
  • Optional characteristics (hair color, interests) for enhanced personalization

3.3 Parental Rights

As a parent or guardian, you have the right to:

  • Review the personal information we have collected about your child
  • Request deletion of your child's personal information
  • Refuse further collection of your child's information
  • Request that we not share your child's information with third parties

To exercise these rights, contact us at privacy@alreadylovedkids.com.

4. Photo & Image Data

Photos are central to our personalization process. Here's how we handle them:

4.1 Photo Processing

  • Purpose: Photos are used solely to create personalized character illustrations for your book
  • AI Processing: We use AI technology to analyze photos and generate illustrated characters that resemble your child
  • Human Review: Our team may review generated illustrations for quality assurance
  • Encryption: All photos are encrypted in transit (TLS) and at rest (AES-256)

4.2 Photo Retention & Deletion

Original photos are automatically deleted within 30 days after your book order is fulfilled. You can request immediate deletion at any time. We do not use photos for AI training, marketing, or any purpose other than creating your specific book.

4.3 What We Keep

We retain the final illustrated book artwork (not original photos) to enable reprints if requested. You can request deletion of all data, including artwork, at any time.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Order Fulfillment

  • Create your personalized book
  • Process payments securely
  • Ship your order and provide tracking information
  • Handle returns, refunds, or reprints

5.2 Communication

  • Send order confirmations and status updates
  • Respond to customer service inquiries
  • Send marketing emails (only with your consent, easily unsubscribed)

5.3 Service Improvement

  • Analyze usage patterns to improve our website (aggregated, anonymized data only)
  • Develop new features and products
  • Prevent fraud and ensure security

6. Third-Party Services

We work with trusted third-party service providers to deliver our Services. These providers are contractually bound to protect your data and use it only for the services they provide to us:

Service Provider Purpose Data Shared
Payment Processing Stripe Secure payment handling Payment details
Printing & Fulfillment Print Partner Book printing & shipping Book files, shipping address
Email Email Service Provider Transactional & marketing emails Email address, name
Analytics PostHog Website analytics Anonymized usage data
Cloud Infrastructure Cloudflare, Convex Website hosting & database All service data (encrypted)
AI Processing AI Providers Character illustration generation Photos (temporary, not for training)

We do not sell your personal information to any third parties. We do not share children's information except as strictly necessary for order fulfillment.

7. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data transmitted via TLS 1.3; data at rest encrypted with AES-256
  • Access Controls: Strict role-based access; employees only access data needed for their role
  • Infrastructure: Hosted on SOC 2 compliant cloud providers
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Incident Response: Documented procedures to respond to any security incidents

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any breaches.

8. Data Retention

We retain different types of data for different periods:

  • Account Data: Retained while your account is active; deleted upon account closure request
  • Order History: Retained for 7 years for legal/tax compliance
  • Original Photos: Deleted within 30 days of order fulfillment
  • Book Artwork: Retained indefinitely for reprints (deletable upon request)
  • Payment Data: We don't store card numbers; Stripe retains per their policy
  • Analytics Data: Anonymized data retained for 2 years

9. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights regarding your personal data:

9.1 For All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Opt-Out: Unsubscribe from marketing communications at any time

9.2 Additional Rights (GDPR - EU/UK Residents)

  • Portability: Receive your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent
  • Complaint: Lodge a complaint with your local supervisory authority

9.3 Additional Rights (CCPA - California Residents)

  • Know: Know what personal information is collected and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out of Sale: We do not sell personal information
  • Non-Discrimination: Not be discriminated against for exercising your rights

To exercise any of these rights, email us at privacy@alreadylovedkids.com. We will respond within 30 days (or sooner as required by law).

10. Cookies & Tracking

We use cookies and similar technologies on our website:

10.1 Essential Cookies

Required for the website to function (e.g., shopping cart, authentication). Cannot be disabled.

10.2 Analytics Cookies

Help us understand how visitors use our site (via PostHog). Data is anonymized and aggregated. You can opt out through your browser settings or our cookie consent banner.

10.3 Managing Cookies

Most browsers allow you to control cookies through settings. Note that disabling certain cookies may affect website functionality.

11. International Data Transfers

Our Services are primarily operated from the United States. If you access our Services from outside the US, your information may be transferred to and processed in the US or other countries where our service providers operate.

For EU/UK residents, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date, and for significant changes, we will notify you via email. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

AlreadyLoved Privacy Team

Email: privacy@alreadylovedkids.com

General Inquiries: hello@alreadylovedkids.com

For COPPA-related inquiries or to exercise parental rights regarding your child's data, please email privacy@alreadylovedkids.com with the subject line "COPPA Request."