Skip to content
Legal ·There's a Book in Everyone

Privacy Policy

Your data, in plain English – what we collect, why, and the rights you keep.

Version 1.0Last updated · 27 June 2026 Ask a question
What changed

Version 1.0· effective 27 June 2026

This is the first published version of this policy.

Last updated: 27 June 2026 • Version 1.0

Who we are

There's a Book in Everyone is a trading name of Around Tenby Ltd, a company registered in England and Wales. In this policy, "we", "us" and "our" mean Around Tenby Ltd, trading as There's a Book in Everyone. "You" means the person using our platform.

If you have any questions about this policy, please contact us at hello@theresabookineveryone.com or our data protection contact at privacy@theresabookineveryone.com.

What this policy covers

This policy explains what personal data we collect when you use There's a Book in Everyone (the "platform"), how and why we use it, who we share it with, how long we keep it, and the rights you have under UK GDPR and the Data Protection Act 2018.

What personal data we collect

Depending on how you use the platform, we may collect:

  • Account data — name, author name, email, password (stored hashed by our authentication provider), profile photo if you add one.
  • Subscription and billing data — plan, billing status, transaction references and invoices. Card details are entered directly into our payment provider (Stripe) and are not stored by us.
  • Project and content data — book ideas, outlines, manuscripts, scenes, notes, prompts, cover descriptions, uploaded reference images, generated covers, metadata and marketing copy.
  • AI request data — the prompts and contextual data we send to AI providers on your behalf, and the outputs they return.
  • Usage and analytics data — pages viewed, features used, errors, approximate device, browser and (if you consent) analytics identifiers.
  • Support data — the contents of any messages you send us, including via PageMate, the contact form, or email.
  • Referral and tester data — your referral code, who you invited, who invited you, and any tester programme notes.
  • Marketing preferences — whether you've opted in to product updates, picture book waitlist, or marketing emails.

How we collect personal data

  • Directly from you when you sign up, complete project steps, upload files, contact us, or change your settings.
  • Automatically from your device when you use the platform (e.g. log files, basic analytics).
  • From third parties such as Stripe (payment status) and Google (if you sign in with Google).

Why we use your personal data, and our lawful bases

We rely on the following lawful bases under UK GDPR:

  • Contract — to create your account, deliver the AI publishing tools you've asked for, and process your payments.
  • Legal obligation — to issue receipts, comply with tax and accounting rules, and respond to lawful requests.
  • Consent — to send optional marketing or product update emails, and to set non-essential cookies. You can withdraw consent at any time.
  • Legitimate interests — to keep the platform secure, prevent fraud and misuse, debug issues, and improve our service.

How we use book content you upload or generate

  • You may upload or generate book ideas, manuscripts, prompts, images, cover concepts, notes and related content.
  • We process this content only to provide the platform services you've asked for (for example, drafting a chapter, generating a cover, exporting a manuscript).
  • We do not claim ownership of your original uploaded content.
  • AI-generated outputs are made available to you to use, subject to our Terms of Service and the terms of the underlying AI providers.
  • You must not upload content you do not have the right to use (for example, copyrighted text, photos of other people without permission, or other people's confidential information).
  • Please avoid uploading highly sensitive personal information (such as health, financial or government identification data) unless it is genuinely necessary for your book.

How AI requests are processed

When you ask the platform to write, edit, design or analyse something, we may send the relevant prompt and context to third-party AI providers (such as Google Gemini, OpenAI or Anthropic) under their respective enterprise terms. These providers process the request and return a result, which we display to you.

We choose AI providers that contractually agree not to use your prompts or outputs to train their general models. AI providers may temporarily retain requests for safety and abuse monitoring under their own policies.

Payment data and Stripe

Payments are processed by Stripe. Card details are entered directly into Stripe and are not stored by us. We store payment status, subscription status, plan, customer reference and invoice references so we can manage your subscription and give you access to the right features.

Email and support providers

We use email providers such as Resend to deliver transactional emails (account confirmations, deletion notices, policy updates, support replies). These providers process your email address and the message content on our behalf.

Cookies and analytics

We use cookies and similar technologies. Strictly necessary cookies are used to keep you signed in and to keep the site secure. Analytics, functional and marketing cookies are only set if you give consent through our cookie banner. See our Cookie Policy for full details and the controls available to you.

Who we share your data with

  • Our service providers — hosting, payments (Stripe), email (Resend), authentication (Supabase), AI providers, analytics, error monitoring, customer support tools. They only process data on our instructions.
  • Professional advisers — lawyers, accountants and auditors where reasonably needed.
  • Authorities — where we are required to disclose information by law.
  • In a business transfer — if Around Tenby Ltd is involved in a merger, acquisition or asset sale, your data may be transferred under equivalent protection.

We do not sell your personal data.

International data transfers

Some of our service providers are based outside the UK and EEA, including in the United States. Where we transfer personal data abroad, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, Standard Contractual Clauses, or transfers to jurisdictions covered by a UK adequacy decision.

How long we keep your data

  • Account data — for as long as your account is active. If you delete your account, we follow a 30-day soft-delete window so you can recover it, after which we permanently remove personal data except where retention is required by law (for example, tax records).
  • Book content — kept while you have an account; deleted with your account or when you delete the project, subject to backups being rotated out within a reasonable period.
  • Billing records — typically kept for up to 7 years to comply with UK tax law.
  • Support messages — typically kept for up to 3 years.
  • Logs and analytics — kept for a shorter rolling period (typically up to 13 months).

Data security

We use technical and organisational measures to protect your data, including encryption in transit, secure hosting, role-based access controls, audit logging, regular dependency updates and security testing. No system is 100% secure; please use a strong, unique password and keep your login details safe.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • ask us to correct inaccurate data;
  • ask us to delete your data (right to be forgotten);
  • object to or restrict certain processing;
  • request a portable copy of your data;
  • withdraw consent where we rely on consent (e.g. marketing).

To exercise any of these rights, email privacy@theresabookineveryone.com or use the Account area in the app (which includes self-service data export and account deletion).

How to complain

If you're unhappy with how we've handled your data, please contact us first so we can try to put it right. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.

Children

Our platform is not directed to children under 16. If you believe a child has provided us with personal data, please contact us so we can remove it.

Changes to this policy

We may update this policy from time to time. The version number and last updated date at the top of this page will change when we do. If we make a material change, we will notify you by email and may ask you to re-accept the updated policy the next time you sign in.

Get in touch

Have a question about this policy?

We're a small team and we read every message. Email hello@theresabookineveryone.com or visit our contact page.

There's a Book in Everyone is a trading name of Around Tenby Ltd.

The full set

Other policies