Last Updated: July 5th, 2026
Privacy Policy
Fablix helps you create, illustrate, narrate, and print children's books. This policy explains what personal data we process when you use Fablix, why we process it, who helps us process it, and the rights you have. It is written to meet the requirements of the EU General Data Protection Regulation (GDPR).
1. Who is responsible
The data controller for Fablix is:
[Legal entity name] [Street address] [Postal code, City], Austria Email: [privacy@yourdomain]
If you have any question about this policy or your data, email us — we answer personally.
2. What data we process
Account data. When you sign up we receive your name, email address, and a user identifier from our sign-in provider (Clerk). We don't see or store your password.
Your creative content. The books you make — text, layouts, drawings, uploaded images, generated illustrations, and narration audio — are stored so your work is saved across devices. Your books are private by default; nobody but you can open them.
Uploaded photos, including photos of children. Some features let you upload photos, for example to teach the AI what a character looks like. If you upload photos of a child, you are responsible for having the right to do so (for example, as their parent or guardian). We use these photos only to provide the feature you invoked — never for advertising, and never to train our own or anyone else's AI models.
Payment data. Purchases and subscriptions are handled by Paddle, our merchant of record. Paddle processes your payment details and billing address; we only receive confirmation of what was purchased, never your card number.
Usage and technical data. Standard server logs (IP address, browser type, timestamps) and per-account usage counters (for example how many AI generations you ran, which we meter as credits and also use to prevent abuse).
3. Why we process it (legal bases)
| Purpose | Legal basis (GDPR) | |---|---| | Providing the product: storing your account and books, syncing, exporting | Art. 6(1)(b) — contract | | Processing AI requests you trigger (illustrations, stories, narration) | Art. 6(1)(b) — contract | | Billing, trials, credits, fraud and abuse prevention | Art. 6(1)(b), 6(1)(f) — contract & legitimate interest | | Service emails (receipts, trial reminders, important changes) | Art. 6(1)(b), 6(1)(f) | | Legal obligations (tax and accounting records) | Art. 6(1)(c) |
We do not sell your data, we do not show ads, and we do not use your content to train AI models.
4. AI features — what leaves our servers
When you use an AI feature, the relevant content is sent to a processing partner to fulfil your request:
- Story and page text generation, illustrations: your prompt, relevant book context, and any reference images you selected are sent to Google (Gemini API).
- Narration and voice design: the page text to be narrated is sent to ElevenLabs.
These partners process the data to return the result and are contractually bound as processors; per their API terms, data submitted through these business APIs is not used to train their models. AI requests only happen when you press the button — nothing is sent in the background.
5. Our processors
| Partner | What they do for us | Location | |---|---|---| | Clerk | Sign-in and account management | USA | | Supabase | Database hosting (your books' data) | EU region | | UploadThing | File storage (images, audio) | USA | | Vercel | Application hosting | EU/USA | | Google (Gemini API) | AI text & image generation | USA | | ElevenLabs | AI narration | USA | | Paddle | Payments, invoicing, VAT (merchant of record) | UK/EU |
Where partners are outside the EEA, transfers rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses.
6. How long we keep data
- Your books and account: as long as your account exists. Delete a book and it is removed from our database; files that are no longer referenced by any book are deleted from storage.
- Account deletion: deleting your account removes your account data and
your books. Before deleting, you can export every book as a
.fablix.zipbackup with one click. - Payment records: kept as long as tax law requires (in Austria, generally 7 years).
- Server logs: rotated automatically after a short period.
7. Children
Fablix is a tool for adults — parents, relatives, educators — to create books for children. Accounts may only be created by people aged 18 or over, and we do not knowingly collect personal data directly from children. Content about children (names in stories, photos you upload) is processed solely on your instruction, under Section 2 above.
8. Cookies
We use only cookies that are necessary to run the product — session cookies from our sign-in provider that keep you logged in. We use no advertising or cross-site tracking cookies, which is why you won't find a cookie banner here.
9. Your rights
Under the GDPR you can, at any time:
- Access the data we hold about you (Art. 15)
- Correct inaccurate data (Art. 16)
- Delete your data ("right to be forgotten", Art. 17)
- Export your data in a portable format (Art. 20) — the
.fablix.zipbackup gives you your books; email us for the rest - Restrict or object to certain processing (Art. 18, 21)
- Withdraw consent where processing is based on consent (Art. 7)
Write to [privacy@yourdomain] and we'll respond within one month. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at) or your local supervisory authority.
10. Security
Your data is encrypted in transit (TLS) and at rest with our hosting providers. Access to production systems is restricted and authenticated. Books are private to your account by default; there is no public sharing unless you export a file and share it yourself.
11. Changes to this policy
If we change this policy in a way that matters — new processors, new purposes — we'll update this page and, for significant changes, notify you by email. The "Last Updated" date at the top always reflects the current version.