Privacy

Privacy Policy

Your photos are irreplaceable. Your data is private. Here is exactly how we treat both.

Effective Date: January 1, 2025  |  Last Updated: March 2025

01

Introduction

This Privacy Policy explains how LorePages (operated by October Wolf LLC) handles your personal information.

By using our service you agree to these practices. If you don't agree, please don't use the service.

The short version: We collect only what we need to make your book. We don't sell your data, share it with advertisers, or use it for anything you wouldn't expect.

Our Promises

🔒 Never Sold

Your personal data and photos are never sold to third parties. Ever.

🎯 Purpose-Limited

Your photos are used only to create your book. Nothing else.

🚫 No Advertising Use

We do not share your data with advertisers or ad networks.

🗑️ Deleted When Done

Photos are removed from active systems once your order is complete.

Who This Covers

This policy applies to everyone who visits our website, creates a preview, or places an order.

02

What We Collect

We only collect what we need. Here's what that includes.

When You Upload Photos and Create a Preview

  • Your email address - to send your preview link and order updates.
  • Your child's name - used in the book.
  • Your child's photos - used to generate the portraits. See the Your Photos section below.

When You Place an Order

  • Shipping name and address - to deliver your book.
  • Payment information - processed by our payment provider. We don't store your full card details.
  • Order history - what you ordered and when, kept for legal and accounting purposes.

    • When You Visit Our Website

  • Log data - IP address, browser type, pages visited, and visit time. Standard web server logging.
  • Device information - operating system, browser, and device type, so the site works correctly for you.
  • Usage analytics - anonymised data about how visitors use the site, so we can improve it.
  • Cookies - see the Cookie Policy section below.

    • When You Contact Us

  • Your message and any attachments.
  • Your email address and name.
  • A record of our conversation, kept for customer service.

    • What We Don't Collect

    We don't collect sensitive data like health information or biometric data. We don't build advertising profiles. We don't track you across other websites.

    03

    How We Use Your Information

    We only use your information for the purposes listed here. Nothing else.

    Purpose Information Used Legal Basis
    Generate your portrait preview Photos, child's name Performance of service Send your preview link Email address Process and fulfil your order Name, address, payment info Performance of contract Customer support and remake requests Email, order details, photos Fraud prevention and security IP address, payment data Legitimate interest Improving the service Anonymised usage analytics Legal and accounting obligations Order records, payment records Legal obligation Marketing emails (optional) Consent (opt-out anytime)

    Marketing

    We may occasionally email you about new products or offers. You can unsubscribe at any time. Unsubscribing from marketing won't affect order-related emails.

    Reminder Emails

    If you provide your email address via our reminder form, we will send you a single follow-up email. Your email is automatically deleted from our reminder system after 90 days.

    What We Don't Do

  • We don't sell your data.
  • We don't share it with advertisers.
  • We don't use your photos to train models for other customers.
  • We don't build advertising profiles or track you across other sites.
    • 04

    Sharing & Disclosure

    We only share your information with people who help us make and deliver your book. We don't sell it or share it with anyone who has no role in your order.

    Service Providers

    These providers are contractually required to use your data only as we instruct.

  • Portrait generation - the systems that create your child's portraits from your photos.
  • Print and fulfilment - our print partner receives your shipping details to produce and send your book.
  • Payment processor - handles your payment directly. We only receive confirmation, not your full card details.
  • Email service - sends your preview link, order confirmations, and shipping updates.
  • Hosting - the servers that keep the website running.
  • Analytics - receives anonymised usage data only. No personal data or photos.

    • Legal Requirements

    We may share your information if required by law or court order. We'll try to notify you first where we can.

    Business Transfers

    If the business is sold or merged, your information may transfer as part of that. We'll notify you and make sure the new owner protects your data at least as well as we do.

    Protection of Rights

    We may share information to protect against fraud, security incidents, or threats to safety.

    05

    Your Photos

    We know your child's photos may be irreplaceable. We treat them accordingly.

    How We Use Them

    Your photos are used only to create your child's portrait book. We study them to capture your child's unique characteristics so the portraits look like your child, not a generic one.

  • We don't share them publicly or use them in marketing without your consent.
  • We don't sell your photos.
  • We don't use them for anything other than making your book.

    • Storage and Deletion

    Photos are stored on encrypted servers during the order process. After your order is complete and the remake window has passed (typically 28 days), photos are deleted from active systems.

    Backups may keep copies for up to 90 additional days as part of standard infrastructure. These aren't accessible for operational use.

    Important: We're not a photo storage service. Please keep your own copies of any photos you upload.

    Testimonials

    We'll never feature your book in our marketing without your written consent. If you've consented and change your mind, just contact us and we'll remove it.

    06

    Data Retention

    We keep your data only as long as we need it. Here are our standard retention periods.

    Data Type Retention Period Reason Child's photos (active) 1 year Needed to generate book and support remake requests Duration of relationship + 12 months Order support and optional marketing Shipping address Order history and support Order records 7 years from order date Payment records 7 years from transaction date Customer service correspondence Dispute resolution and service improvement Website log data 3 years Security and performance monitoring Analytics data (anonymised) Service improvement

    If we're legally required to keep data longer, it's stored in restricted archives and not used for anything else.

    07

    Security

    We take security seriously, especially given that the photos you upload are often irreplaceable.

    What We Do

  • Encryption in transit - all data uses HTTPS between your browser and our servers.
  • Encryption at rest - photos and personal data are stored on encrypted infrastructure.
  • Access controls - only staff and systems that need access have it. Access is logged.
  • Payment security - payments are handled by PCI-DSS compliant systems. We don't store card numbers.
  • Regular reviews - we review and update our security practices as needed.

    • No Guarantees

    No system is 100% secure. We use industry-standard protections, but we can't guarantee absolute security.

    If Something Goes Wrong

    If there's a data breach that affects you, we'll notify you and any relevant authorities without delay. We'll tell you what happened and what we're doing about it.

    Found a Problem?

    If you spot a security issue, please contact us immediately. We take all reports seriously.

    08

    Your Rights

    You have rights over your data. We honour these regardless of where you live.

    For All Customers

  • Access - request a copy of your data.
  • Correction - ask us to fix inaccurate data.
  • Deletion - ask us to delete your data. We will, unless legally required to keep it.
  • Opt out of marketing - unsubscribe anytime without affecting your service.
  • Withdraw consent - if we process data based on your consent, you can withdraw it anytime.

    • EEA and UK Residents

    Under GDPR you also have the right to restrict processing, request data portability, object to processing, and lodge a complaint with your local data protection authority.

    California Residents

    Under CCPA/CPRA you have additional rights including the right to know what's collected, delete your data, and opt out of data sales (we don't sell data).

    How to Exercise Your Rights

    Contact us using the details in the Contact section. We'll respond within 30 days. We may need to verify your identity first. No fee for reasonable requests.

    09

    Cookie Policy

    Cookies are small files stored on your device that help the site work and help us understand how people use it.

    Essential Cookies Always Active

    Required for the site to work. These keep your session active and protect against security threats.

    Analytics Cookies Always Active

    Help us understand how visitors use the site so we can improve it. These don't identify you personally and aren't used for advertising.

    Functional Cookies Always Active

    Remember your preferences between visits, like your progress through the upload flow.

    No Advertising Cookies

    We don't use advertising or tracking cookies. We don't track you across other websites.

    Managing Cookies

    You can control non-essential cookies through your browser settings. Disabling analytics cookies won't affect your ability to use the site.

    Cookie Lifespans

    Type Typical Lifespan Session cookies (essential) Deleted when you close your browser Security cookies Up to 24 hours Analytics cookies Up to 24 months Functional preference cookies Up to 12 months
    10

    International Data Transfers

    We operate from the United States. If you're outside the US, your data may be transferred to and processed in the US or countries where our service providers operate. We ensure appropriate safeguards are in place.

    For transfers outside the EEA/UK, we use Standard Contractual Clauses or equivalent mechanisms. Contact us if you'd like more details.

    Legal Basis (EEA and UK)

  • Contract - generating your book and fulfilling your order.
  • Legitimate interests - analytics, fraud prevention, and security.
  • Legal obligation - keeping order and payment records as required by law.
  • Consent - marketing emails and non-essential cookies.
    • 11

    Children's Privacy / COPPA Compliance

    LorePages creates personalised mythology books for children. Because our service involves children's information, we take additional steps to comply with the Children's Online Privacy Protection Act (COPPA).

    Parental Consent Required

    We do not knowingly collect personal information from children under 13 without verifiable parental consent. A parent or guardian must provide consent via the parental consent checkbox before any child data is collected or processed.

    What Child Data We Collect

  • Name - used to personalise the mythology book.
  • Age - used to tailor the story content.
  • Gender (optional) - used to personalise the story narrative.
  • Photos - used solely to generate the child's portraits for the book.

    • How Child Data Is Used

    Child data is used solely to create the personalised mythology book. We do not sell, share, or use child data for advertising, profiling, or any purpose unrelated to producing the book.

    Photo Security and Deletion

    Child photos are encrypted at rest using server-side encryption (S3 SSE-S3). Photos are automatically deleted 30 days after book delivery. During this period, photos are retained only so we can address any quality issues with the finished book.

    Parental Rights

    Parents and guardians have the right to:

  • Review the personal information we hold about their child.
  • Request deletion of their child's data at any time by contacting support@lorepages.com.
  • Refuse further collection or use of their child's information.

    • If we discover we've collected data from a child under 13 without verifiable parental consent, we'll delete it promptly. If you believe we hold a child's information without proper consent, please contact us immediately at support@lorepages.com.

    12

    Policy Changes

    We may update this policy from time to time. When we do, we'll update the "Last Updated" date at the top of this page.

    For significant changes that affect how we handle your data, we'll email you at least 30 days before they take effect. For minor corrections or clarifications, we'll update the page without individual notification.

    Continuing to use the service after changes take effect means you accept the updated policy. If you disagree, you can stop using the service and request deletion of your data.

    13

    Contact Us

    Questions about this policy, your data, or anything else? Get in touch. We typically respond within 2 business days.

    Email:

  • Help Centre: lorepages.com/faq
  • Operator: October Wolf LLC, United States

    • EEA residents can also lodge a complaint with their national data protection authority, though we'd always prefer the chance to help directly first.