Children's Privacy Notice

Last updated: 2026-06-01.

Numi creates books that are about children — so we take children's privacy very seriously. This notice describes how we comply with the U.S. Children's Online Privacy Protection Act (COPPA), as amended in April 2025, and the analogous EU/UK protections under GDPR Article 8 and the UK Age-Appropriate Design Code.

Verifiable Parental Consent

Before we accept a photo or birth date of a child, the adult ordering the book must verify they are the child's parent or legal guardian using one of these FTC-approved methods:

• Text-plus knowledge-based authentication, or
• A $0.10 card authorization (refunded) plus a signed consent statement.

The consent statement is presented in plain language, hash-stamped, and stored with the timestamp, IP, and user agent of the device used to consent. We retain this consent record permanently for audit purposes — but it contains no photo or biometric data.

What constitutes "child data"

We treat the following as protected children's personal information:

• Photo of the child
• Birth date (and optional birth time, birth city, if provided)
• First name, pronouns, age
• The illustrated likeness generated from the photo

What we do with it

• We use the photo only as input to illustrate the single book it was provided for.
• We do not train AI models on it.
• We do not use it to identify the child in any future system.
• We do not show one child's photo or likeness to any other user.
• We do not retain the photo for marketing or advertising.

Retention

Photos are deleted 30 days after the book ships. Birth-date and shipping data follow the same schedule. Parents can request earlier deletion at any time.

Parent rights

As the parent / legal guardian you have the right to: review the data we have collected about your child, require us to delete it, refuse to permit further collection or use of it, and revoke prior consent. Email privacy@numibook.com. We respond within 72 hours.

EU / UK

In the EU we rely on the parent as the legal basis under GDPR Article 6(1)(b) and Article 8. In the UK we follow the ICO Age-Appropriate Design Code's 15 standards. We do not profile children, run behavioural advertising against children, or use dark patterns to extend their engagement with our service.

Contact: privacy@numibook.com.