Privacy Policy
Last updated: 13 June 2026
This Privacy Policy explains what personal information HaiTales collects, how we use it, and the choices you have. It applies to our website and the personalized photo book service.
1. Information you give us
When you use HaiTales we may collect: (a) account information (email, password hash), (b) the photo you upload of your child and the child’s first name, (c) any dedication text you provide, (d) shipping and billing information you enter at checkout, (e) order history and communications with our support team.
2. Information collected automatically
We collect basic technical data when you visit the site: device and browser type, IP address, referring page, and pages viewed. We use this to operate, secure, and improve the service. We do not use behavioural advertising trackers.
3. How we use your information
We use your information to: (a) generate, print, and ship your personalized book, (b) operate your account and send order updates, (c) provide customer support, (d) detect and prevent fraud or abuse, (e) comply with legal obligations, (f) improve the service in aggregate, and (g) if you opt in at checkout, send you occasional product news and offers — you can unsubscribe at any time. Where data-protection law applies, our legal bases for this are: performing our contract with you (to create, print, and ship your book and run your account); your consent (to process the child’s photo and first name, and to send you marketing email); our legitimate interests (to secure the service and prevent abuse); and compliance with legal obligations (such as tax and accounting).
4. Children’s privacy
HaiTales is a service for adults purchasing on behalf of children. We do not knowingly create accounts for users under 18. We only process a child’s photo and first name when an adult account holder uploads them. We never market to children, never enrich child data, and never share a child’s photo with third parties except as needed to print the book you ordered. If you believe a child has used the service without parental consent, contact us and we will delete the data.
5. AI processing and the photo you upload
To create the illustrated character and book pages, the photo you upload is sent to our AI provider (currently OpenAI) for the duration of generation only. We do not allow the provider to use your photo to train their models. Your uploaded photo is held in private, access-controlled storage that is never publicly accessible — it can be retrieved only by you and the systems that generate your book, and only through short-lived, authenticated links. We keep the original photo in that private storage only for as long as we need it to generate your book and handle any reprints, and while your account is active. You can ask us to delete your uploaded photo at any time, and we’ll do so promptly.
6. Who we share information with
We share the minimum information needed with: (a) Stripe, for payment processing, (b) Gelato, for printing and shipping (book file and shipping address only — not your photo), (c) OpenAI, for AI image generation, (d) Supabase, our hosting and database provider, (e) email and analytics providers used to operate the site, and (f) error-monitoring providers (such as Sentry) that help us detect and fix technical problems. We do not sell personal information.
7. Where your data is stored
Your data is stored on infrastructure operated by our hosting provider. Data may be processed in the United States or the European Union, depending on the provider. We use industry-standard safeguards (TLS in transit, encryption at rest, scoped access) to protect it.
8. How long we keep your data
Order records: as long as required for tax and accounting laws (typically 7 years). Account data: while your account is active. Uploaded photos: retained while your account is active and for as long as we need them to fulfill and reprint your order, and deleted on request. You can request deletion of your account and associated data at any time.
9. Your rights
Depending on where you live, you may have the right to (a) access the personal data we hold about you, (b) correct or update it, (c) delete it, (d) export it, (e) object to certain processing, (f) lodge a complaint with a data protection authority. To exercise any of these rights, email hello@haitales.com.
10. Cookies
We use a small number of strictly necessary cookies to keep you signed in and protect against abuse. We do not use third-party advertising cookies. You can clear or block cookies in your browser; some features of the site may not work as a result.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced on this page and, for account holders, by email. Continued use of HaiTales after a change means you accept the updated policy.
12. Contact
HaiTales — a registered DBA based in Los Angeles, California, USA — is the controller of your personal data. Privacy questions or requests? Email hello@haitales.com.