Privacy Policy

MagicBly LLC, 30 N Gould St Ste R, Sheridan, WY, 82801, United States (hereinafter "we", "us" or "our"), highly value your privacy and handle your personal data with care.

1. Collected Personal Data

We collect various types of personal data to provide and improve our services:

1.1 Data you provide directly to us

Contact and Account Details: Your name, email address, password (encrypted) when you create an account.
Order Details: Address details (billing and shipping address) for the shipment of physical books.
Personalization Data for the book: The name(s) for the book, chosen story steps, and any other textual input you provide for personalizing the product.
Uploaded images: Photos you upload to personalize the illustrations in the children's books. These are used by our AI systems to generate the characters.
Communication Data: Data you provide when you contact us via email or other communication channels.
Payment Details: These are not stored directly by us but processed securely by external providers Stripe, who comply with international payment standards.

1.2 Data collected automatically

When you visit our Website, we may automatically collect certain data via cookies and similar tracking technologies (see also Article 6 'Cookies and Tracking Technologies'):

Technical data: IP address, browser type and operating system, device data.
Usage data: Pages visited, click behavior, the duration of your visit, and interactions on the Website.

2. Purposes of Data Processing

We process your personal data exclusively for the following purposes:

Creating and managing your account.
Processing, producing, and handling your orders.
Generating personalized children's books (both eBooks and physical books) using AI technology, based on the personalization data and uploaded images you provide.
Shipping your ordered products (physical books) and making digital e-books available for download.
Communicating with you about your order, answering your questions, or providing customer service.
Sending service-oriented emails (e.g., order confirmations, shipping notifications).
Improving our products, services, and the functionality of our Website.
Analyzing website usage to optimize usability (anonymized where possible).
Complying with legal obligations, such as fiscal retention duties.
Preventing fraud and misuse of our services.

3. Legal Bases for Processing

We process your personal data based on applicable data protection laws, including GDPR (for EU/UK users) and CCPA/CPRA (for U.S. users), or other local laws as applicable:

Performance of the contract (Art. 6(1)(b) GDPR): For processing your order, delivering the products, and managing your account.
Consent (Art. 6(1)(a) GDPR): For the use of the photos you upload and specific personalization data for creating the children's books. You give this consent when uploading and confirming your choices. You have the right to withdraw this consent at any time, although this does not affect the lawfulness of processing before the withdrawal.
Legal obligation (Art. 6(1)(c) GDPR): For complying with our administrative and fiscal obligations.
Legitimate interest (Art. 6(1)(f) GDPR): For improving our services, website analysis (analytics), direct marketing (if permitted and with opt-out possibility), and fraud prevention, whereby we always make a careful assessment between our interests and your privacy rights.

4. Sharing Personal Data with Third Parties

We do not sell your personal data to third parties. We only share your data with third parties if this is necessary for the execution of our services, to comply with a legal obligation, or based on your consent. With companies that process your data on our behalf, we conclude a data processing agreement to ensure the same level of security and confidentiality of your data. We remain responsible for these processing operations. This concerns the following categories of third parties:

Payment providers (e.g., Mollie B.V.): For the secure processing of your payments.
Shipping partners (e.g., postal and courier services): For the delivery of physical products (for this, name and address details are shared).
Printers: For the production of the physical books.
Hosting and IT service providers: For hosting the Website, data storage, and maintenance of our IT systems.
AI technology suppliers: For generating the texts and illustrations for the personalized children's books. Uploaded photos and relevant personalization data are processed with these systems to create the book. We select these suppliers carefully and strive for agreements that safeguard your privacy.
Analysis services (e.g., Google Analytics): For analyzing website visits and usage, as much as possible on an anonymized basis.
Authorities: If we are legally obliged to do so, for example, in the context of a tax investigation or by order of the judiciary.

5. Retention Periods

We do not store your personal data longer than strictly necessary to achieve the purposes for which your data is collected, or as required by law. We apply the following retention periods:

Account data: As long as your account is active, or until you request deletion.
Order and invoice data: Minimum 7 years, in accordance with U.S. tax law requirements (IRS).
Uploaded photos: Maximum 3 months after the creation of the initial digital book. This period allows you to make any adjustments to the illustrations based on these photos within this time. After this period, the photos are automatically and permanently deleted from our active systems.
Communication data (e.g., customer service emails): Up to 2 years after handling, unless a longer retention period is necessary for handling disputes or legal obligations.
Digital download links for E-books: Access to the download of the E-book via your account remains available as long as your account is active and the product has not been archived. The direct link provided in the email may have a more limited validity period.

6. Cookies and Tracking Technologies

We use cookies and similar technologies (such as pixels and local storage) to analyze the use of our Website, improve functionality, and, with your consent, for marketing purposes. Cookies are small text files that are placed on your device when you visit our Website. We use the following types of cookies:

Functional (necessary) cookies: These cookies are essential for the proper functioning of the Website. They ensure that you can navigate, log in, and place products in your shopping cart and order.
Analytical cookies: These cookies help us understand how visitors use the Website (e.g., which pages are popular, how long visitors stay). With this, we can optimize the Website. The data is anonymized as much as possible.
Marketing cookies (if applicable and with consent): These cookies can be used to track your Browse behavior and show you relevant advertisements on our Website or on third-party websites based on it. These are only placed after your explicit consent.

EU/UK users: You will be informed via a cookie banner about our use of cookies and asked for consent to place non-essential cookies. U.S. users: Certain state laws (e.g., California CCPA/CPRA) may provide additional rights to opt-out of data sharing.

7. Security of Personal Data

We take the protection of your personal data seriously and take appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. This includes, among other things, the use of encryption (SSL/TLS) for data transmission, secure servers, access control, and regular security updates.

Despite our efforts, we cannot offer an absolute guarantee for the security of data transmitted via the internet. Any transmission of data is at your own risk. Should a data breach unexpectedly occur with likely adverse consequences for your privacy, we will inform you accordingly in compliance with legal obligations.

8. Your Rights (Rights of Data Subjects)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You have the right to request an overview of the personal data we process about you.
Right to rectification (Art. 16 GDPR): If your data is incorrect or incomplete, you have the right to have it corrected or supplemented.
Right to erasure ("right to be forgotten", Art. 17 GDPR): You have the right to have your personal data deleted, unless we have a legal duty or legitimate interest to retain it (e.g., fiscal retention obligation).
Right to restriction of processing (Art. 18 GDPR): In certain cases, you have the right to have the processing of your data temporarily restricted.
Right to notification (Art. 19 GDPR): If you exercise your right to rectification, erasure, or restriction, we will inform the third parties to whom your data has been disclosed, unless this proves impossible or involves a disproportionate effort.
Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format and/or to transfer it to another controller, insofar as the processing is based on consent or a contract and is carried out by automated means.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on our legitimate interest. You can also object at any time to processing for direct marketing purposes.
Right not to be subject to automated individual decision-making (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into, or performance of, a contract, is authorized by law, or is based on your explicit consent.

If you wish to exercise any of these rights, you can contact us via the contact details at the bottom of this policy (Article 12). We will respond to your request as soon as possible, but no later than within one month. Depending on the complexity of the request, this period may be extended by two months. We may ask you to identify yourself before we process your request.

If you believe that our processing of your personal data infringes privacy legislation, you have the right to lodge a complaint with the Data Protection Authority.

9. Consent for Processing and Use of Images

By placing an order and uploading images for the personalization of your children's book, you give us explicit consent to use these images and associated personalization data for creating the ordered product using our (AI) systems. If you upload photos of third parties (e.g., your child), you guarantee that you are entitled to do so and have any necessary consent from other legal representatives or the individuals concerned themselves (if applicable based on age and context).

10. Children's Data

Our products are aimed at children but are ordered by adults. We do not knowingly collect personal data directly from children without the consent of a parent or legal guardian. Children's personal data (such as name for the book, and the uploaded photo) are only processed for the purpose of personalizing the product, based on the input and consent of the adult Buyer. If you suspect that we have collected personal data from a child without the required consent, please contact us so we can take appropriate measures.

11. Changes to the Privacy Policy

We reserve the right to change this privacy policy. Changes will be published on our Website. The date of the last revision is stated at the bottom of this policy. We recommend that you consult this policy regularly to stay informed of any changes. In the event of significant changes that have a material impact on your rights or the way we process your data, we will actively inform you, for example, via email or a clear notification on our Website.

12. Contact Details

For questions or comments about this privacy policy, you can contact us by email: info@magicbly.com, or via our contact page.

This privacy policy was last updated on Sept 15, 2025.