Privacy Policy

At Restful Reads, we take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, and the steps we take to keep it safe.

Who We Are

Restful Reads is a digital platform providing therapeutic bedtime stories for children. We are committed to safeguarding the data of all users, including parents, guardians, and children.

Restful Reads Ltd is a company registered in England and Wales (company number 16948218).
Registered office: The Wedgwood Big House 1 Moorland Road, Burslem, Stoke On Trent, ST6 1DJ, United Kingdom
Registered with the Information Commissioner's Office (ICO), registration number ZC131571.

Data We Collect

We collect limited personal data necessary to provide and support our service. This may include:

We recommend using first names or nicknames only and avoiding unnecessary personal or sensitive information when creating child profiles or story inputs.

  • Identifiers such as your username and email address.
  • Account credentials (your password is stored securely in hashed format).
  • Optional profile and story information you provide to personalise stories, including child names, preferences, and saved content.
  • Basic account and usage information, such as story generation activity, subscription tier, credit balances, and billing-related status, to operate the service and improve it.
  • Technical data (for example browser, device, IP address, and related diagnostic information) for system security, fraud prevention, and troubleshooting.

Sensitive Data

We do not intentionally collect or process special category personal data such as medical records or diagnoses. If you choose to include wellbeing, sensory, emotional, or similar information in story inputs, profile fields, or preferences, that information is provided by you voluntarily. We treat this information with a high level of care and apply appropriate technical safeguards, including secure storage and restricted access, so that it is not routinely accessible, not directly linkable to your account without additional protected information, and not readable outside of the systems required to provide the service.

How We Use Your Data

Your data is used to:

  • Generate and deliver personalised bedtime stories based on your inputs and preferences.
  • Manage your user account, profiles, saved stories, and story library.
  • Operate subscription and account features such as credit balances, plan access and renewals.
  • Process payments and billing events through our payment provider, Stripe.
  • Maintain platform security, monitor uptime, prevent misuse, and improve technical performance.
  • Notify you of important account, billing, service, or policy updates. Marketing communication is strictly opt-in.

Lawful Bases for Processing

We process personal data where necessary to provide the service you have requested, to manage our contractual relationship with you, to comply with legal obligations, and where we have a legitimate interest in operating, securing, and improving the platform. Where we rely on consent, such as for optional marketing communications, you may withdraw that consent at any time.

Data Storage & Security

All data is stored using industry-standard security measures designed to protect it from unauthorised access, loss, misuse, or disclosure. These measures include encryption in transit, two-factor encryption at rest, restricted access controls, and secure authentication practices. Passwords are stored using strong, one-way hashing algorithms. Access to personal data is restricted to authorised personnel and service providers who need it for legitimate operational purposes.

Children's Privacy

This platform is intended for use by parents and guardians on behalf of children. Children are not permitted to register accounts directly. Any child-related information is provided and managed solely by the adult account holder.

Restful Reads is designed in line with the principles of the UK Age-Appropriate Design Code (Children's Code). We apply high-privacy defaults, minimise the data collected about children, and use child-related information only to provide the core service.

We do not use behavioural advertising or targeted ads, and we do not collect precise geolocation data.

Third Parties

We do not sell, rent, or share your data with third parties for marketing purposes. We use a limited number of trusted service providers to help operate Restful Reads, such as hosting providers, technology service providers, email or notification services, and payment processors.

In particular, payments and subscription billing are processed by Stripe. We do not store your full card details on our systems. Stripe may process payment information, transaction details, customer identifiers, billing events, and related data in accordance with its own privacy practices.

We use Meta's Conversions API to measure the effectiveness of our advertising campaigns. Where we run paid advertising, we may share limited technical signals (such as IP address and browser information) and, where you complete registration, a one-way hashed (SHA-256) version of your email address with Meta Platforms Ireland Ltd. This sharing is on the basis of our legitimate interest in evaluating advertising performance and improving the relevance of our ads. Raw email addresses are never shared; only an irreversible hash is transmitted. You may object to this processing by contacting us.

Analytics & Service Improvement

We use trusted third-party analytics providers to understand how the service is used and improve the product. Events typically cover page visits and feature interactions, and are associated with your account identifier, not your name, email, profile details, or story content. For logged-out visits, events are associated with an anonymised session identifier instead. We do not use cookies or other long-term storage on your device for analytics purposes.

We do not include personal data, children's information, or story inputs or outputs in analytics events, and we do not use this data for advertising, profiling, or sharing with third parties for marketing purposes.

Data Retention

We retain personal data only for as long as necessary to operate the service, maintain your account, and meet legal, security, and operational requirements. Where data is no longer required, we take reasonable steps to delete or anonymise it. If you close your account or request deletion, we will delete or anonymise personal data unless we are required to retain certain records for legal, tax, fraud-prevention, or accounting reasons.

Technical logs and limited billing or transactional records may be retained for a reasonable period where necessary for security, audit, support, or compliance purposes.

Your Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and to request a copy of the information we hold about you. To exercise these rights, please contact us and we will respond in accordance with applicable law.

If you are in the UK and remain concerned about how we handle your personal data, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

International Transfers

Some of our service providers may process data outside the United Kingdom. Where this happens, we take reasonable steps to ensure appropriate safeguards are in place.

Contact

For privacy-related queries, data requests, or concerns about how your information is handled, please contact: [email protected]

This policy may be updated from time to time. We will notify registered users of any significant changes.