Privacy Policy

Nightly Story (“we”, “us”) is a daily bedtime-story subscription service operated by Chris Clark, based in Bolton, United Kingdom. For the purposes of UK data protection law, we are the “data controller” for the information described here. You can reach us at hello@nightlystory.com.

We keep this deliberately minimal. We collect:

• Your details (the parent or guardian): your email address, and optionally your name.
• Your child’s details, as you choose to share them: a first name, age, reading level, interests, pets, friends, and any context you add to help the stories feel personal.
• Delivery preferences: your preferred bedtime/delivery time, story length and time zone.
• Subscription and payment status: handled by our payment provider (Stripe). We receive your plan and subscription status, but we never see or store your full card details.
• The stories we generate for your child, so we can deliver them and keep them varied night to night.

We do not ask for your child’s surname, home address, school, or any photograph. Even on the Personalised plan, your child’s character is a cartoon drawn from a short written description — never from a photo, and we store no biometric data.

• To create and deliver the stories you subscribe to — this is necessary to perform our contract with you.
• To manage your subscription, trial and billing — also to perform our contract.
• To send essential service emails (such as the nightly story and account notices).
• To keep the service safe and working — our legitimate interest in security, reliability and preventing misuse.
• To meet our legal obligations where the law requires.

We do not sell your data, and we do not use your child’s details for advertising. We will only send marketing emails if you have asked us to, and you can opt out at any time.

Our stories are written by AI and personalised using the details you provide. To do this, your child’s first name and the interests you share are sent to our AI provider purely to generate that evening’s story. We instruct our providers not to use this information to train their models. We believe in being open about this — see our About page and FAQ.

Nightly Story is bought and managed by an adult on a child’s behalf. By signing up you confirm you are the parent or legal guardian of the child (or have their permission), and that you consent to us using the details you provide to create their stories. The child’s account is yours to control: you can review, change, export or delete it at any time.

We use a small number of trusted service providers (“processors”) to run the service. They act on our instructions and are bound to protect your data:

• Supabase — secure database and storage.
• Stripe — subscription billing and payments.
• Resend — delivering the nightly story emails.
• Anthropic — the AI that writes and safety-checks each story.
• Netlify — hosting this website.

Some of these providers may process data outside the UK. Where they do, we rely on appropriate safeguards (such as UK/EU-approved data-transfer terms) to keep your information protected.

We keep your account and your child’s details for as long as you have an active subscription, and for a short period afterwards in case you return. If you cancel and ask us to delete your data, we will remove it promptly, except where we must keep limited records (for example, billing records) to meet a legal obligation.

Under UK GDPR you have the right to:

• Ask for a copy of the information we hold (access).
• Correct anything that is wrong (rectification).
• Ask us to delete it (erasure).
• Receive your data in a portable format (portability).
• Object to or restrict certain processing.

To exercise any of these, email hello@nightlystory.com or use your preferences page. If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk — though we’d always like the chance to put things right first.

We use encryption in transit, access controls, and reputable infrastructure providers to keep your information safe. No service can promise perfect security, but we take sensible, proportionate steps to protect what you trust us with.

If we make a meaningful change, we’ll update the date at the top and, where appropriate, let you know by email.