Legal

Privacy Policy

Effective Date: May 8, 2026  ·  Last Updated: May 8, 2026

Plain language summary

  • Fabelyn is a coloring book app for parents. Parents create the account and describe the story. Children color on paper — they never access the app.
  • We collect the minimum information needed to run the service.
  • We never show ads, never sell your data, and never share it with third parties except the providers listed below.
  • Parents can review or delete all their data at any time.

Contents

  1. 1. Who We Are
  2. 2. Who This Policy Covers
  3. 3. Children's Privacy — COPPA
  4. 4. Information We Collect From Parents
  5. 5. How We Use Information
  6. 6. AI and Content Generation
  7. 7. Data Sharing and Disclosure
  8. 8. Data Retention
  9. 9. Data Security
  10. 10. International Users
  11. 11. Cookies and Tracking
  12. 12. Contact Us
  13. 13. Changes to This Policy

1. Who We Are

Fabelyn is operated by Atlian Capital LLC, a Connecticut LLC ("Fabelyn," "we," "us," or "our"). Our registered address is 40 Old Road, Westport, CT 06880, USA.

For privacy questions, contact us at: info@atlian-capital.com

2. Who This Policy Covers

This Privacy Policy applies to parents and guardians who create Fabelyn accounts. Fabelyn is designed for parents of children ages 3–10. Children do not use the Fabelyn app — they receive printed or downloaded coloring books and color on paper. We do not permit children to create their own accounts, and children do not interact with the Fabelyn platform directly.

3. Children's Privacy — COPPA Compliance

Although children do not use the Fabelyn app, we take children's privacy seriously. We comply with the Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule.

3.1 What we collect about children

We collect the minimum necessary information to personalise stories:

First name or nicknamePersonalise the story titleYes
Age range (3–5, 6–8, or 9–12)Adjust illustration complexityYes

We do not collect children's last name, email address, phone number, home address, school name, device identifiers, photos, or any behavioral tracking data about children.

3.2 Parental consent

Before any child information is stored, we require verifiable parental consent from the account-holding parent or guardian, obtained through email verification during account creation and explicit acceptance of this Privacy Policy.

3.3 Parental rights under COPPA

As a parent or guardian, you have the right to:

  • Review: Request to see all personal information we hold. Email info@atlian-capital.com with subject "COPPA Data Review Request."
  • Delete: Remove your child's profile from Account Settings, or email info@atlian-capital.com.
  • Revoke consent: Withdraw consent at any time. This requires deletion of the child's profile.
  • Refuse further collection: Direct us to stop collecting and delete existing information.

We will respond to all COPPA-related requests within 30 days.

4. Information We Collect From Parents

4.1 Account information

  • Email address (required for login and communications)
  • Display name (optional)
  • Subscription tier and billing status

4.2 Payment information

We use Stripe to process all payments. Fabelyn does not store credit card numbers or bank details. Stripe's privacy policy is available at stripe.com/privacy.

4.3 Usage data

  • Stories created (prompts, titles, page count)
  • Print orders placed
  • Subscription events (upgrades, downgrades, cancellations)
  • Error logs (for debugging and service improvement)

4.4 Technical data

  • IP address (used for fraud prevention, not stored long-term)
  • Browser type and version (for compatibility)
  • Approximate timezone (for display purposes)

We do not use cookies for advertising or behavioral tracking. We use only a session authentication cookie and a CSRF protection token, both required for security.

5. How We Use Information

Providing the Fabelyn serviceContract performance
Processing paymentsContract performance
Child safety and content moderationLegitimate interest (child protection)
Sending service emails (receipts, updates)Contract performance
Improving safety systemsLegitimate interest
Legal complianceLegal obligation

We do not use your information for targeted advertising, sale to third parties, building behavioral profiles, or cross-context behavioral tracking.

6. AI and Content Generation

Fabelyn uses AI services to generate coloring book stories and illustrations.

  • Story prompts are sent to Anthropic's Claude API for content moderation and story generation. Prompts are not used to train Anthropic's models. See anthropic.com/privacy.
  • Story scene descriptions are sent to OpenAI's API for image generation. See openai.com/privacy.
  • All generated images pass through automated safety systems before being stored. Content that fails safety checks is deleted and never shown.

We do not send children's names, personal information, or identifying details to any AI provider.

7. Data Sharing and Disclosure

We share data only with the following service providers, under data processing agreements:

SupabaseDatabase and authenticationAccount data, story data
AnthropicStory generation and safetyStory prompts (no PII)
OpenAIImage generation and moderationScene descriptions (no PII)
StripePayment processingEmail, payment data
CloudflareImage storage and deliveryGenerated images
VercelWebsite hostingLogs, request data
LuluPrint fulfillmentName, shipping address (only when ordering a print)

We never sell personal information to third parties. We may disclose information if required by law, court order, or to protect the safety of children — including mandatory NCMEC reporting under 18 U.S.C. § 2258A.

8. Data Retention

Child profile dataUntil parent deletes the profile or closes account
Stories and generated pagesUntil parent deletes the story or account
Payment records7 years (legal and tax requirements)
Safety / moderation logs12 months
Server access logs30 days
Deleted account dataPurged within 30 days of deletion request

9. Data Security

  • All data transmitted using TLS 1.2+
  • Database encrypted at rest via Supabase
  • Row-level security rules ensure each account can only access its own data
  • All API keys stored as server-side environment variables, never exposed to the client
  • Regular security reviews

In the event of a data breach, we will notify affected users within 72 hours as required by GDPR, and comply with all applicable US state breach notification laws.

10. International Users

Fabelyn is operated from the United States. Data will be transferred to and processed in the United States.

EU / EEA users (GDPR)

Your rights under GDPR include: access, rectification, erasure, restriction of processing, data portability, and the right to object. Contact info@atlian-capital.com. We will respond within 30 days.

California users (CCPA/CPRA)

California residents have the right to know what data is collected, request deletion, and opt out of sale (we do not sell data).

11. Cookies and Tracking

sb-auth-tokenEssential — login sessionSession
csrf-tokenEssential — CSRF protectionSession

We do not use advertising cookies, social media tracking pixels, or any third-party tracking. Analytics (PostHog) run only on parent-facing pages and are anonymised.

12. Contact Us

For privacy questions and requests: info@atlian-capital.com — response within 30 days (COPPA requests receive priority).

For COPPA-specific requests, use the subject line: "COPPA Request — [Type of Request]"

Mailing address: Atlian Capital LLC, 40 Old Road, Westport, CT 06880, USA

13. Changes to This Policy

We will notify you of material changes by email at least 14 days before the change takes effect and via a notice in the Fabelyn dashboard. Continued use after the effective date constitutes acceptance.

If changes affect how we collect or use children's data, we will obtain fresh parental consent before the changes take effect.

Questions? Email us at info@atlian-capital.com

Atlian Capital LLC · 40 Old Road, Westport, CT 06880, USA

View Terms of Service →