Privacy Policy

This Privacy Policy explains how we process personal data when you use the Fabelino website and app. We comply with the applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR) and, where applicable, national data protection laws. For users in the United States, additional federal or state privacy laws may apply, in particular the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act (CCPA/CPRA), where applicable.

1. Data Controller

The controller responsible for data processing in connection with the Fabelino website and app is:

Johannes Pfeiffer
Corosolweg 8, Villapark Zurzaak
Willemstad
Curaçao

Email: hi@fabelino.ai

The Fabelino website and app are aimed at users worldwide.

EU Representative (Art. 27 GDPR):
TIM Company GmbH
c/o Factory Berlin
Rheinsberger Str. 76/77
10115 Berlin
Germany
E‑Mail: info@timcompany.de

2. Description of the Service

Fabelino is an AI-powered app and website for creating personalized children’s stories. The service is designed for families and is set up so that use by children always takes place via a parent account and under the supervision of parents or legal guardians.

On the website, the first chapter of a story can be created partly without registration. Registration is required if you want to save stories, create additional chapters or use the mobile app.

Children below the legally permitted age may not register directly. Use by children requires the consent and involvement of the parents or legal guardians.

3. What data we process

Depending on how you use our service, we process in particular the following categories of personal data:

3.1 Account and identification data

Name
Email address
Password (stored in encrypted form if you register via email/password)
Information from third-party logins, if and to the extent you choose to share it, in particular via Google or Apple login

3.2 Profile data

Information about the child or children in the parent account, in particular:

Name
Age
Gender
Interests and preferences

3.3 Content data

Text entries
Created stories and chapters
Inputs used to personalize stories
Voice inputs where you actively use the microphone function
Transcripts generated from such voice inputs

3.4 Technical and usage data

IP address
Device and browser information
Operating system
App version
Language settings
Timestamps
Log files
Error and diagnostic data
Usage events and interactions within the website and app

3.5 Communication data

Content of support requests
Email communication
Any other communication with you

4. Special notes on voice data

If you use the microphone function, voice inputs are processed to recognize spoken content and convert it into text. We do not permanently store the original audio recording on our own servers. However, the transcript generated from your voice input is stored where necessary to create, continue or save a story.

Voice data is only processed if you actively use the microphone function. If you do not use this function, no voice-based input or transcription will take place.

5. Purposes of data processing

We process personal data in particular for the following purposes:

Providing and operating the website and app
Registering and managing user accounts
Authenticating users via email/password and via Google or Apple login
Creating, personalizing, storing and managing stories
Providing the microphone function and converting speech into text
Ensuring technical security and stability, error analysis and fraud/abuse prevention
Customer service, communication and support
Sending transactional messages, e.g. about your account, login, support or other operational information
Analysing use of the website
Marketing, newsletters, retargeting and promotional communication where you have given consent
Sending push notifications where you have given consent and once this feature is used in the future

6. Legal bases for processing

We process your personal data on the following legal bases:

6.1 Performance of a contract and pre-contractual measures

Processing is based on Article 6(1)(b) GDPR where it is necessary to provide our service. This includes in particular:

Registering and managing accounts
Login and authentication
Creating and storing stories
Using personalization features
Communication as part of support and ongoing use of the service

6.2 Legitimate interests

Processing is based on Article 6(1)(f) GDPR where it is necessary for the purposes of our legitimate interests. This includes in particular:

Ensuring IT security
Preventing misuse and fraud
Error analysis
Technical logging
Maintaining the basic operational stability of our systems and infrastructure

Processing is based on Article 6(1)(a) GDPR where you have given us your consent. This applies in particular to:

Google Analytics on the website
Meta tracking, retargeting and comparable marketing technologies
Future newsletters and email marketing
Future promotional push notifications
Other optional tracking or marketing measures

You can withdraw your consent at any time with effect for the future.

Fabelino is designed for families but is not intended to allow children below the legally permitted age to register on their own. Account setup and management is carried out exclusively by parents or legal guardians.

Where personal data of children are processed, this only takes place within the parent account and with the consent of the parents or legal guardians. We do not knowingly process personal data provided directly by children without the necessary parental consent.

For users in the European Union, we comply with Article 8 GDPR regarding children’s consent in relation to information society services.

Depending on availability, you can log in using:

Email and password
Google login
Apple login

If you use a third-party login, we receive from that provider the data you agree to share, in particular your name, email address or a unique identifier. The specific data transferred depends on your settings with the third-party provider.

9. Service providers and recipients

We use external technical and organizational service providers to deliver our service. Personal data may be transferred to these providers where necessary for the respective purposes.

The categories of providers and, where relevant, examples include in particular:

9.1 Hosting, infrastructure, database and authentication

Hetzner (hosting / server services, Germany)
Netlify (web hosting / technical infrastructure)
Supabase (database, backend, authentication)

9.2 AI and speech services

OpenAI
Perplexity
Microsoft Azure OpenAI
Microsoft Azure Speech Services

These services may be used to generate personalized stories, process content or convert voice inputs into text.

9.3 Security and performance services

Cloudflare (security, performance, content delivery)

9.4 Analytics and marketing services

Google Analytics (website analytics)
Meta SDK / Meta App Events / Meta Ads-related tracking and attribution technologies, where used
Mailchimp or a comparable provider for newsletters and email marketing, once this service is actively used

10. Transfers to third countries

Some of the service providers we use are located outside the European Union or the European Economic Area or process data there, in particular in the United States. This may apply in particular to providers such as OpenAI, Perplexity, Microsoft, Google, Meta, Mailchimp, Netlify, Supabase or Cloudflare, where their processing takes place in third countries.

Where we transfer personal data to a third country, we do so only in compliance with legal requirements. Where necessary, we rely in particular on:

an adequacy decision by the European Commission, or
standard contractual clauses adopted by the European Commission, together with additional safeguards where required.

Despite such measures, there remains a risk in some third countries that a level of data protection comparable to that in the EU may not be guaranteed in all respects.

What this means for you

When you use Fabelino, certain personal data may be transferred to the technical and AI-related service providers named above, to the extent necessary to provide the relevant functions. This may include, in particular, child profile data, content data, text entries, transcripts and technical usage data, where these are needed for the specific function.

11. Analytics, tracking and marketing

11.1 Google Analytics

We use Google Analytics on our website to statistically evaluate the use of our web offering and improve our service. Google Analytics is only activated on the basis of your consent.

11.2 Meta tracking and retargeting

Where we use Meta-related technologies such as the Meta SDK, App Events or retargeting, this is done exclusively on the basis of your consent. These technologies can be used to analyse usage of our service, measure conversions and optimise marketing activities.

11.3 Newsletters and email marketing

If you sign up for our newsletter or similar marketing communications, we process your email address and any additional information you voluntarily provide on the basis of your consent. In the future, we may use Mailchimp or a comparable provider to send these communications.

11.4 Push notifications

In the future, we may use push notifications for reminders, product updates, re-engagement or marketing purposes. We will only send such push notifications if you have explicitly enabled them on your device.

12. No use for our own AI model training

At present, we do not use personal data from your use of Fabelino to train or otherwise improve our own AI models beyond what is necessary to provide the specific function you are using. Your data is processed solely to deliver and personalise the functions you choose to use within our service.

13. Storage period

We store personal data only for as long as necessary to fulfil the respective purposes or as required by statutory retention periods.

Account data and stored content are generally kept until you delete your account.
Technical logs and security-related data are stored only for as long as necessary for security, stability and error analysis.
Marketing-related data is stored until you withdraw your consent or the relevant purpose ends.

If you delete your account, we delete your personal data and stored stories and child profiles, unless we are legally required to retain certain data for a longer period.

14. Your rights

Within the scope of applicable law, you have in particular the following rights:

Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right to withdraw consent with effect for the future
Right to lodge a complaint with a data protection supervisory authority

To exercise your rights, you can contact us at: hi@fabelino.ai

If you use a parent account and assert rights relating to a child’s data, we may request proof of your parental authority in order to protect the child and their data.

15. Account deletion

You can delete your account directly within the app. In this case, we will delete the associated personal data, stories and child profiles, unless statutory retention obligations or other compelling reasons require us to retain certain data for longer.

16. Privacy rights under US law

Where US law applies to your use of our service, you may have additional rights, in particular under COPPA, CCPA/CPRA or comparable state privacy laws. These may include rights of access, deletion, objection to certain types of processing, and specific protections for children’s data.

If you wish to make a request under applicable US privacy law, please contact us at: hi@fabelino.ai

17. Security

We implement appropriate technical and organisational measures to protect personal data against loss, unauthorised access, manipulation or other unauthorised processing. These measures include, in particular, encrypted transmissions, access restrictions and technical safeguards within our systems and with our service providers.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time if legal requirements, our service or the technologies we use change. The current version is always available in the app and on our website.