Your child's safety is our foundation.
Every decision we've made — from how we handle photos to how we store data — has been guided by one question: would a parent be comfortable with this?
How we handle your child's photo
The photo upload is the most sensitive moment in the ZukiBooks experience. Here's exactly what happens.
You upload a photo
The photo is transmitted over TLS-encrypted HTTPS and stored temporarily in an isolated, access-controlled environment.
We create the character
The photo is passed to our AI model to generate an illustrated character in the book's art style. This takes about 2 minutes.
The photo is deleted
Once the character is generated, your original photo is permanently deleted from our systems. We keep only the illustrated character.
You control everything
You can request deletion of your character and all associated data at any time from your account — instantly, no questions asked.
Our privacy principles
Photo used once, then gone
Your child's photo is processed once to generate their character. The original is then permanently deleted. We never retain real photos.
Never sold or shared
Your data — including your child's character — is never sold to third parties, shared with advertisers, or used to train AI models.
No tracking of children
We do not profile, track, or build any data model around children. Our data processing is strictly limited to what's needed to create and deliver your book.
Minimal data collection
We collect only what's necessary: your email (for delivery), payment data (processed by Stripe — never stored by us), and the generated character.
You own your data
You can export, correct, or permanently delete all your data at any time. No waiting period, no justification required.
EU-grade protection
We apply EU GDPR standards to all customers globally — not just EU residents. Your data is held in EU-based infrastructure.
GDPR & compliance
We take EU data protection law seriously — not just as a legal requirement, but as a design principle.
GDPR (EU) 2016/679
Full compliance with the General Data Protection Regulation, including lawful basis for processing, data subject rights, and breach notification.
Children's data protection
We apply enhanced protections for children's data consistent with GDPR Article 8 and national implementations across EU member states.
Data Processing Agreement
A DPA is available upon request for B2B customers. Our sub-processors are contractually bound to equivalent data protection standards.
Privacy by design
Privacy isn't a compliance checkbox — it's built into our product architecture. Data minimisation and purpose limitation are enforced at the system level.
Technical security
The infrastructure behind ZukiBooks is built to protect data at every layer.
TLS encryption in transit
All data between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS everywhere with HSTS headers.
Encrypted at rest
All stored data — including generated characters and account information — is encrypted at rest using AES-256.
Stripe for payments
We never see or store your card details. All payments are processed directly by Stripe (PCI DSS Level 1 certified). We receive only a payment token.
Access controls
Customer data is accessible only to staff with a legitimate need. Access is logged, audited, and protected by multi-factor authentication.
EU-based infrastructure
Our servers and data storage are located within the European Union, subject to EU data protection jurisdiction.
Regular security reviews
We conduct regular security assessments and keep our dependencies up to date. Vulnerabilities are addressed under a defined SLA.
Your rights
Under GDPR, you have the following rights — and we make them easy to exercise.
Access
Request a copy of all personal data we hold about you.
Rectification
Correct any inaccurate or incomplete data.
Erasure
Delete your account and all associated data instantly.
Portability
Export your data in a machine-readable format.
Objection
Object to any processing you disagree with.
Complaint
Lodge a complaint with your national data protection authority.
Security contact
Found a vulnerability? Have a privacy concern? We want to hear from you.