🎄 Slots filling fast. Order now for guaranteed Christmas delivery.
Tiktoktale
Privacy Policy
This Privacy Policy describes how tiktoktale.com (the "Site" or "we") collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.
Section 1 – Who we are and how to contact us
Tiktoktale is a personalised-storybook service created and technically operated by Graph Innovations Pvt Ltd ("Graph"), A-3 Lakshmi Nilayam, Chhedanagar, Chembur, Mumbai 400 089, India.
European Union / EEA – The service is provided in the EU/EEA by Pivot to Peak FZ-LLC ("Pivot"), CWEP1043, Compass Building, Al Shohada Road, Al Hamra Industrial Zone-FZ, Ras Al Khaimah, UAE. Graph and Pivot act as joint controllers of your personal data.
United States, United Kingdom, Canada, India and all other regions – Graph is your sole controller.
Representative for EU & UK Data Subjects
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- European Union (EU)
- United Kingdom (UK)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website:
- For EU users: https://app.prighter.com/portal/tiktoktale-eu
- For UK users: https://app.prighter.com/portal/tiktoktale
Data-Protection Officer – Brian Raaijmakers · dpo@tiktoktale.com
For any privacy question, request or complaint, email dpo@tiktoktale.com. Your message will be routed to the correct regional team or representative.
Section 2 – Information we collect and how we use it
We collect only what we need—or what you allow us to use—to personalise, produce and deliver your story-book, operate and secure our website, understand how people use it, and (if you opt-in) send you marketing communications.
Device and usage information
Collected automatically when you browse. This includes IP address, browser type, time-zone, cookie identifiers, pages viewed and links clicked.
Why? Site display, security, fraud-prevention and analytics (legitimate interest or cookie consent where required). We retain raw security logs only as long as necessary to investigate abuse and secure our systems, after which they are aggregated or deleted.
Preview data and photo uploads
You may upload photographs and enter names, ages (optional), birth months (optional) and genders to see a personalised preview for a child or adult recipient.
Why? We cannot generate the preview without this data, so the legal basis is your explicit consent (which we ask for on the form and again before photo upload).
Unsaved previews and photos are erased after 24 hours. If you save a preview, you additionally provide us with your name and email. For saved previews or previews for which an order is placed, the related images remain for 12 months and are then deleted automatically. Textual personal data of saved previews is also deleted automatically after 12 months of inactivity by the user on our platform and emails.
Order and payment details
Name, email, phone, billing and shipping address, order ID and payment status. Card numbers go straight to Stripe or PayPal; they never touch our servers.
Why? Fulfil your order (contract) and comply with tax/fraud rules (legal obligation / legitimate interest). Order records are kept as long as required for accounting and legal purposes (up to seven years).
Customer-support correspondence
Emails or chat messages you send to our support team (and any files you attach).
Why? To answer your questions and keep an audit trail (legitimate interest / legal obligation). Support tickets are retained for 3 years after closure.
Sources and disclosures
We collect most information directly from you (form fields, photos). Device data comes from cookies and similar technologies (with explicit cookie consent where required). We share data only with trusted service providers that help us host the site, process payments, print and deliver your book, send emails or analyse site performance. A full list of sub-processors appears later in this policy.
Minors
The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at support@tiktoktale.com to request deletion.
Section 3 – Who we share data with & international transfers
We use specialist service providers bound by contract to protect your information:
Infrastructure & printing
Amazon Web Services (AWS), Cloudprinter B.V.
Payments
Stripe, PayPal, RazorPay
E-commerce platform
Shopify
Email & marketing
Klaviyo, Brevo, Meta Platforms, Google Ads
Analytics & error monitoring
Google Analytics (GA4), Microsoft Clarity, Functional Software Inc (Sentry)
Shipping
Logistics carriers engaged by Cloudprinter (UPS, USPS, Royal Mail, Blue Dart, Canada Post, Latvia Post, Post NL, WarenPost National, Spring GDS etc.)
Other tools
Uploadcare Inc (fallback uploader), AI Innovate Technology (background removal), AfterShip Ltd (parcel tracking)
International Transfers Information (For EU/EEA & UK users)
Our servers run on AWS in the United States; EU/UK data is protected by the EU–US Data-Privacy Framework and Standard Contractual Clauses.
All other service providers outside the EEA/UK rely on the same SCC (or UK IDTA) safeguards.
Print files for EU orders stay within the EEA; other orders go to a printer in the destination country.
Section 4 – Cookies & similar technologies
Our Site uses cookies and similar technologies to help us provide and improve our services, understand how you use our Site, and for analytics and to personalize content and advertising. We use different types of cookies, including those that are strictly necessary for our Site to function, as well as cookies for performance analytics and marketing/personalization.
Your ability to manage these cookies is handled as follows:
- For users in the European Union/EEA, UK, and Canada: You will be presented with a cookie consent banner upon your first visit where you can provide explicit consent for non-essential cookies. You can manage your detailed preferences at any time using the "Cookie Settings" button found in our Cookie Policy or via the initial banner.
- For users in the United States and other regions: Non-essential cookies for analytics and marketing may be active by default when you use our Site to support its functionality, help us understand site usage, and personalize your experience. You can opt-out of these non-essential cookies at any time using the "Cookie Settings" button found in our Cookie Policy
Regardless of your region, all users can find detailed information about the cookies we use, including a descriptive list of specific cookies, and can manage their cookie preferences or opt-out settings by visiting our Cookie Policy and using the "Cookie Settings" button provided therein.
You can also generally control cookies through your web browser settings. More information on this can be found in our Cookie Policy.
Section 5 – Your privacy rights
EU/EEA (GDPR)
You may request access, correction, deletion, restriction, portability, or object to processing. Contact dpo@tiktoktale.com. Our EU representative is Prighter GmbH (see Section 1). You may also complain to your local supervisory authority (e.g., Berlin BfDI).
United Kingdom (UK GDPR)
Same rights as those mentioned above for EU/EEA (GDPR); Contact dpo@tiktoktale.com. Supervisory authority is the ICO (ico.org.uk). Our UK representative is Prighter Ltd (see Section 1).
Canada (PIPEDA)
Right to access, correct and delete personal information. Contact us via dpo@tiktoktale.com.
United States & Other regions (courtesy)
We honour reasonable requests even where not legally required. Customers may still ask us to access, correct or delete their personal information by emailing dpo@tiktoktale.com.
Section 6 – Security & data retention
We protect your data with TLS 1.2+ encryption in transit, AES-256 at rest, MFA-protected admin access and audited logging. Vulnerability scans run periodically and high-risk issues are fixed promptly. Key retention periods are listed in Section 2.
Section 7 – Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The Last updated date below tells you the current version.
Section 8 – Complaints & contact points
Questions or concerns? For general questions email support@tiktoktale.com; For privacy questions or concerns email dpo@tiktoktale.com or write to our EU representative Prighter GmbH (see Section 1) or our UK representative Prighter Ltd (see Section 1).
Last updated: December 30, 2025