Little Fort Studios Ltd ("we", "us", or "our") operates the Little Lines mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information when you use our App. This policy applies to users worldwide and includes jurisdiction-specific provisions where required by local law.
Little Fort Studios Ltd is a company registered in England and Wales (Companies House number 17149145), based in Bristol, United Kingdom.
1. About the App and Who Uses It
Little Lines is a creative tool that allows parents and guardians to generate personalised colouring pages and storybooks for children. The App is purchased and managed through a parent or guardian's account.
Children may directly interact with creative features within the App — such as colouring pages, tracing tools, and reading personalised storybooks — under the supervision of their parent or guardian. Account creation, subscription management, photo uploads, and story personalisation are intended to be performed by the parent or guardian.
A note for parents: We've designed Little Lines with children's privacy at the heart of how it works. We don't show advertising. We don't track your child across other apps or websites. We don't sell or share personal information for marketing. We collect only what's needed to make the app work, and we follow the UK Information Commissioner's Office (ICO) Age Appropriate Design Code (the "Children's Code") in how we handle your child's data.
2. Information We Collect
2.1 Information You Provide
Account information: your email address when you create an account.
Photos you upload to generate colouring pages, character reveals, or sketch traces. These may be photos of children, pets, toys, drawings, or any other subject the parent chooses.
Character details for stories: a character name and an age tier (used to set the reading level and difficulty of generated content). The character name can be anything the parent chooses — it does not need to be the child's real name.
Subscription and payment information, processed by Apple, Google, and our subscription management partner RevenueCat. We do not store payment card details ourselves.
2.2 Information Collected Automatically
Basic device information needed to deliver the service (device type, operating system version, app version).
Push notification tokens (Firebase Cloud Messaging) if you enable notifications, used solely to tell you when a story or colouring page is ready.
We do not use analytics SDKs, advertising identifiers (AAID/IDFA), location data, contacts, or browsing history. We do not profile users or use behavioural tracking.
3. How We Use Your Information
Photo and content generation: Photos you upload are sent to our AI processing partners (Google Gemini and OpenAI) to generate your colouring page, storybook illustration, or character reveal. The generated output is saved to your account so you can access your creations.
Story personalisation: The character name and age tier you provide are used to generate age-appropriate story text and illustrations. The character name appears in the storybook content itself.
Account management: Your email address is used to manage your account and respond to support enquiries.
Service delivery: We use Amazon SES to email you generated colouring page PDFs if you request them. We use Firebase Cloud Messaging to send you push notifications when content is ready.
4. Photos and AI Processing
Given our App's focus on creative content for children, we take particular care with photos:
Photos are transmitted using encrypted connections (HTTPS/TLS).
Photos uploaded for colouring page generation, character reveals, and sketch tracing are sent to our AI processing partners (Google Gemini and OpenAI) to generate the requested output. We do not store the original raw photos on our servers — only the generated output (the colouring page, the cartoon character reveal, or the line drawing) is saved to your account.
Our AI processing partners do not use photos sent through their APIs to train their models. Per their published data-processing terms, photos may be briefly retained by these providers for abuse-monitoring purposes (typically up to 30 days for OpenAI, with similar terms for Google), after which they are deleted from those providers' systems.
We do not use facial recognition or biometric identification.
Generated outputs (colouring pages, storybook illustrations, character reveals, coloured artwork your child creates within stories) are stored in your account for your access only. They are not shared with other users, sold, or used for advertising.
5. Children's Privacy
Little Lines is designed with children in mind. We comply with the following laws and frameworks governing children's data:
UK General Data Protection Regulation (UK GDPR) Article 8 and the equivalent provisions of the EU GDPR;
The UK Information Commissioner's Office Age Appropriate Design Code (the "Children's Code");
The U.S. Children's Online Privacy Protection Act (COPPA).
5.1 Lawful Basis for Processing Children's Data
Where Little Lines processes personal data relating to a child, we rely on the consent of the holder of parental responsibility under UK GDPR Article 8 and Recital 38. This consent is given by the parent or guardian when they create an account and accept this Privacy Policy. By creating an account, you confirm that you are the parent or legal guardian of any child for whom you use the App, and that you consent to the processing of personal data described in this Policy on their behalf.
5.2 ICO Children's Code Commitments
We design Little Lines to meet the standards of the Children's Code, including:
Data minimisation: we collect only what is necessary to generate the requested creative content.
High-privacy defaults: no advertising, no analytics, no behavioural tracking, no third-party data sharing for marketing.
No profiling: we do not build profiles of users for any purpose.
No nudge techniques: we do not use design patterns that pressure children into providing more data than is needed or into making purchases.
Transparency: we explain in plain language what we do with data, both in this Policy and within the App itself.
5.3 COPPA Compliance
The U.S. Children's Online Privacy Protection Act (COPPA) applies to the online collection of personal information from children under 13. Little Lines is purchased and managed by parents and guardians, who provide verifiable consent on behalf of their child by creating an account and accepting this Privacy Policy. If you believe your child has provided personal information to us without your consent, please contact us at support@littlefortstudios.com and we will promptly delete it.
6. Data Storage and Security
Your data is stored on Google Cloud (Firebase) infrastructure, which is certified under ISO 27001, SOC 1/2/3, and other recognised security standards.
Backend processing runs on Render (cloud hosting). Job queue state runs on Upstash Redis. Both providers process data in transit on our behalf under appropriate data-processing agreements.
We use encryption in transit (HTTPS/TLS) and at rest.
Access to user data is restricted to authenticated requests scoped to the account owner's user ID.
Despite our best efforts, no method of internet transmission or electronic storage is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours where required by law, and will notify affected users without undue delay.
7. Data Retention
Original uploaded photos: not stored on our servers. Photos pass through to our AI processing partners and only the generated output is retained.
Generated colouring pages, storybook pages, and character reveals: retained in your account for as long as your account is active, so you can revisit and re-print them.
Coloured artwork created by your child within a storybook: retained for the life of the storybook. If you delete a storybook, the associated coloured pages are deleted with it.
Account data (email, subscription status): retained until you request deletion or close your account.
Push notification tokens: retained until you disable notifications or delete your account.
We use the following third-party service providers to operate Little Lines:
Google (including Firebase and Gemini)
OpenAI
Render
Upstash
Amazon Web Services
RevenueCat
Apple (App Store)
These providers help us deliver core functionality such as account management, content generation, hosting, email delivery, and subscription processing. Photos sent to our AI processing partners (Google and OpenAI) are not used to train their models, as set out in Section 4. We have data-processing agreements in place with these providers where required by law. Each provider has its own privacy policy governing their handling of data.
9. Your Rights (United Kingdom and European Economic Area)
Under UK GDPR and EU GDPR, if you are located in the United Kingdom or the European Economic Area, you have the right to:
Access the personal data we hold about you;
Request correction of inaccurate data;
Request deletion of your data ("right to be forgotten");
Object to or restrict processing of your data;
Data portability (receive your data in a structured, machine-readable format);
Withdraw consent at any time;
Lodge a complaint with your local supervisory authority.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (UK) or your local EU data protection authority.
10. Additional Rights for United States Residents
10.1 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Right to Know: request details about the categories and specific pieces of personal information we collect about you.
Right to Delete: request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale or Sharing: we do not sell your personal information, and we do not share your personal information for cross-context behavioural advertising.
Right to Non-Discrimination: we will not discriminate against you for exercising any of your privacy rights.
Right to Correct: request that we correct inaccurate personal information.
To submit a request, contact support@littlefortstudios.com. We will verify your identity and respond within 45 days.
10.2 Other US State Privacy Laws
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Kentucky, Rhode Island, and other states with comprehensive privacy laws have similar rights, including the right to access, delete, and correct personal data. To exercise these rights, contact support@littlefortstudios.com.
10.3 US App Store Accountability Laws
We work with Apple and Google to support age verification and parental consent mechanisms as required by applicable state app store accountability laws (Texas, California, Utah, Louisiana, and others). We will act on age signals and consent information provided by app store platforms in accordance with these requirements.
11. Additional Information for Users in Other Jurisdictions
11.1 Canada (PIPEDA)
If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and request deletion of your personal data. Contact us at support@littlefortstudios.com to exercise your rights.
11.2 Australia (Privacy Act 1988)
If you are located in Australia, your personal information is protected under the Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to access and correct your personal information. If you wish to make a complaint, please contact us first. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
11.3 European Economic Area (EU GDPR)
If you are located in the EEA, we process your personal data on the lawful basis of parental consent (for children's data) under EU GDPR Article 8, and on the basis of contract performance and consent for parent/guardian account data. Your data may be transferred outside the EEA, and where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses). You may lodge a complaint with your local data protection authority.
11.4 Other Countries
If you are located in a country not specifically mentioned above, we will handle your personal data in accordance with the principles outlined in this Privacy Policy, which reflect internationally recognised data protection standards.
12. We Do Not Sell or Share Your Personal Information
We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising or targeted advertising purposes. This applies to users in all jurisdictions.
13. Cookies, Tracking, and Advertising
The App does not use cookies. We do not use advertising trackers. We do not display advertising in the App. We do not sell your data to advertisers. We do not use third-party analytics SDKs.
14. International Data Transfers
Your data may be processed on servers located outside your home country, including in the United States and other jurisdictions where our service providers operate. Where this occurs, we ensure appropriate safeguards are in place in accordance with applicable law, including UK GDPR / EU GDPR Standard Contractual Clauses and other recognised transfer mechanisms.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy within the App and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.
16. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email:support@littlefortstudios.com Website:littlefortstudios.com Company: Little Fort Studios Ltd, registered in England and Wales (company number 17149145) Registered office: Bristol, United Kingdom
UK/EU Complaints: Information Commissioner's Office (ICO) — ico.org.uk Australia Complaints: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au