Privacy Policy

Last updated: December 4, 2025

At Delilah & Mia, we treat your memories with the same care we treat our own families'. Below is the legal framework that helps us keep your data safe and our magical book-making machine running smoothly.

This Privacy Policy describes how Delilah & Mia (the "Site" or "we") collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Section 1 - Who we are and how to contact us

Delilah & Mia is a personalized storybook service operated in the United States. For any privacy questions, requests, or complaints, please email us at privacy@delilahandmia.com. This is the fastest way to reach the correct team.

Section 2 - Information we collect and how we use it

We are committed to data minimization and only collect what we need to create your beautiful storybook, operate our website securely, understand usage patterns, and (only if you opt-in) send you marketing communications.

Device and usage information

When you browse our Site, we automatically collect certain information, including your IP address, browser type, time zone, cookie identifiers, the pages you view, and the links you click.

                Why? This information is used to ensure the Site displays correctly, for security and fraud-prevention, and for analytics to improve our service (on the basis of legitimate interest or your cookie consent where required). Raw security logs are retained only as long as necessary to investigate potential abuse and are then aggregated or deleted.
            

Story creation data and photo uploads

To create your story, you will provide character names, age range, gender, reading level preference, story theme, and upload one or more photographs. Photos are automatically compressed for efficient storage. This is the core data we use to personalize your book.

                Why? We cannot generate your personalized storybook without this data. The legal basis for processing this information is your explicit consent, which we request before you upload any photos or submit your story details.
                
                Data Retention:
                Cover previews (no story generated): automatically deleted after 48 hours
Story previews (unpurchased): automatically deleted after 90 days
Purchased stories: retained for 24 months to allow re-orders, then automatically deleted

Order and payment details

When you make a purchase, we collect your name, email, billing and shipping addresses, order ID, and payment status. Your full credit card numbers are sent directly to our payment processor (Stripe) and never touch our servers.

                Why? This is necessary to fulfill your order (performance of a contract) and to comply with our tax and fraud-prevention obligations (legal obligation / legitimate interest). Order records are kept for as long as required for accounting and legal purposes, typically up to seven years.
            

Customer-support correspondence

This includes any emails, chat messages, or files you send to our support team.

                Why? To answer your questions and maintain a record of our correspondence (legitimate interest). Support tickets are retained for 3 years after closure.
            

Children's Privacy & Parental Data

While our products are designed for children, our Service is intended for use solely by parents and legal guardians. We do not knowingly collect personal data directly from children under the age of 13.

By uploading a photo, name, or story detail regarding a child, you represent and warrant that you are the parent or legal guardian of that child and have the legal authority to provide their data to us for the sole purpose of creating your personalized product. If you believe we have collected data from a minor without parental consent, please contact us at privacy@delilahandmia.com immediately to request its deletion.

Section 3 - Who we share data with & international transfers

We use trusted, specialist service providers to run our service. These providers are bound by contract to protect your information and only use it for the purposes we specify.

Infrastructure & Hosting: Netlify (for website hosting), Google Cloud / Firebase (for database, file storage, and authentication).
AI Story & Image Generation: Google Gemini (for writing story text and art prompts), Leonardo.ai (for generating illustrations using their Nano Banana Pro model). Your uploaded photos and story prompts are sent to these services to create your book.
Payments: Stripe (for secure credit card processing).
Printing & Fulfillment: Lulu (print-on-demand book production).
Shipping: Logistics carriers engaged by Lulu (e.g., USPS, UPS, FedEx).

Your data may be processed in countries outside of your own, including the United States. We ensure that all data transfers are protected by appropriate legal safeguards, such as Standard Contractual Clauses.

Section 4 - Cookies & similar technologies

Our Site uses only essential cookies required for the website to function properly, such as maintaining your session and remembering your preferences. We do not use third-party analytics or advertising cookies. Your browsing is not tracked for marketing purposes.

Section 5 - Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal information. We honor all reasonable requests, even where not legally required. To make a request, please email us at privacy@delilahandmia.com.

Section 6 - Security & data retention

We protect your data using industry-standard security measures, including TLS encryption for data in transit and AES-256 encryption for data at rest. Access to your data is strictly limited. Key data retention periods are listed in Section 2.

Section 7 - Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes. The "Last updated" date at the top of this page indicates the current version.