Privacy Policy
Last updated: 6 June 2025
Memories in a Book (“Company,” “we,” “our,” or “us”) is committed to protecting the personal information you share with us when you visit https://memoriesinabook.com (the “Site”) or use any of our products and services (collectively, the “Services”). This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have.
⸻
1. Scope
This policy applies to information collected online (the Site, e-mail, chat, social media), offline (phone interviews, customer support), and through third-party partners that help us deliver the Services.
⸻
2. Information We Collect
Category Examples Source Legal Basis*
Identity & Contact Name, postal address, e-mail, phone Checkout, support forms Contract performance
Payment Card data (tokenised), billing address Entered at checkout; processed by Stripe Contract performance
Interview Content Audio recordings, AI transcripts, photos you upload Phone interview, optional uploads Consent
Order & Logistics Product ordered, delivery details, tracking notes Checkout, fulfilment partners Contract performance
Technical & Usage IP address, device type, browser, pages viewed, referral URL Cookies, pixels, server logs Legitimate interest
Marketing Preferences Newsletter opt-in, click-through data Sign-up forms, e-mails Consent
* Under UK/EU GDPR. Equivalent U.S. bases = “business purpose.”
⸻
3. How We Use Your Information
1. Create & deliver your book – schedule interviews, transcribe, edit, print, package and ship.
2. Process payments & prevent fraud – Stripe securely handles card data; we keep only the transaction ID.
3. Provide support – respond to queries, fix issues, and honour your rights requests.
4. Service improvement – anonymised transcripts help us refine interview questions and printing quality.
5. Analytics – aggregate, de-identified statistics (site traffic, campaign performance) to improve the Site.
6. Marketing (only if you opt in) – send newsletters, promotions or surveys. You may unsubscribe any time.
7. Legal & compliance – keep records required by tax, accounting, or regulatory authorities.
⸻
4. Cookies & Similar Technologies
Type Purpose Examples Control
Essential Site security, checkout flow, authentication Session cookie, CSRF token Cannot be disabled
Analytics Measure traffic & usage patterns Google Analytics 4 (IP-anonymised) Opt-out via cookie banner
Marketing Track campaign success Meta Pixel, email tracking pixel Disabled unless you give consent
Detailed settings appear in our Cookie Notice.
⸻
5. Sharing & Disclosure
We never sell your personal data. We share it only with:
Recipient Purpose Safeguards
Stripe Payment processing PCI-DSS Level 1; UK/EU SCCs
Printing & fulfilment partner Print and ship your book GDPR DPA; need-to-know access
Cloud hosting (AWS / GCP) Store audio, transcripts, backups Data encrypted at rest and in transit
Email service (Brevo/Mailchimp) Send order confirmations & newsletters TLS; unsubscribe links
Analytics provider Site metrics IP masking; no personal data in events
Law enforcement / regulators Only when legally compelled Verified, documented requests
⸻
6. International Transfers
Where data is transferred outside the UK/EU, we rely on:
• EU Standard Contractual Clauses (SCCs) with UK Addendum, or
• Recipient country adequacy decisions (e.g., Canada), or
• Binding Corporate Rules (BCRs) certified by the authorities.
⸻
7. Data Retention
Data Type Typical Retention Period Rationale
Interview audio & transcripts 24 months (or sooner on request) Allow re-edits or re-orders
Print files (PDFs) 36 months Easier re-print for families
Orders & invoices 7 years Tax and accounting laws
Support tickets 24 months Quality control & dispute defence
Marketing consents Until withdrawn or 24 months of inactivity Proof of consent
Backups are purged on a 30-day rolling basis.
⸻
8. Security Measures
• AES-256 encryption at rest; TLS 1.2+ in transit
• Zero-trust, least-privilege staff access with MFA
• Regular penetration testing and vulnerability scans
• Activity logging and automated anomaly detection
• Vendor security reviews and DPAs before onboarding third parties
⸻
9. Your Rights
Depending on your jurisdiction, you may:
1. Access – obtain a copy of personal data we hold.
2. Rectify – correct inaccurate or incomplete data.
3. Erase – request deletion (“right to be forgotten”).
4. Restrict or object – limit certain processing or stop marketing messages.
5. Portability – receive data in a machine-readable format to transmit elsewhere.
6. Complain – lodge a complaint with a supervisory authority (e.g., UK ICO).
To exercise any of these rights, follow the instructions in our Privacy Centre (link in Site footer) or e-mail privacy@memoriesinabook.com. We respond within 30 days.
⸻
10. Children’s Privacy
The Services are not directed to children under 13. We do not knowingly collect their data without verifiable parental consent. If you believe we have done so inadvertently, please notify us and we will delete it promptly.
⸻
11. Changes to This Policy
We may update this Privacy Policy periodically. Any material changes will be announced on the Site and the “Last updated” date will change. Continued use of the Services after such changes constitutes acceptance.
⸻
12. Governing Law
This policy is governed by and construed in accordance with the laws of [England & Wales] (or your local jurisdiction). Any disputes shall be resolved in the competent courts of that jurisdiction.
⸻