Logo

Privacy Policy

Effective date: January 1, 2025

Figtional (the “Company”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit or use our website, personalise a book, create an account, or place an order. By using our services, you agree to the practices described here.

Who We Are

Business name: Figtional (operated as “Figtional Partnership”). Principal place of business: Toronto, Ontario, Canada. Contact:[email protected].

Region of operation: Primarily Canada and the United States; we ship worldwide. Governing law: the Province of Ontario and the laws of Canada.

Scope

This policy applies to our website, personalisation flow, checkout, and related services. It also applies to communications you have with us (for example, contacting support or subscribing to email updates).

Information We Collect

  • Account information (optional): name, email, and hashed password if you choose to create an account. You can personalise and order without registering if you prefer.
  • Order and transaction data: selected products, shipping details, currency/locale, and order history. Payments are processed by Stripe; we do not store your full card details.
  • Personalisation data: child’s name, selected gender or pronouns, dedication text, selected language, and uploaded photo(s) used to create your personalised storybook.
  • Communications: messages you send to support and newsletter preferences if you opt in.
  • Technical and usage data: device/browser information, IP address, and pages viewed. Privacy-respecting analytics are powered by PostHog to help us understand traffic, campaigns, and conversion. When marketing consent is granted, we also use Google Tag Manager plus Meta Pixel and Meta Conversions API for advertising attribution and conversion measurement.

Cookies and Analytics

We use cookies for essential site functionality (for example, session and cart state), analytics to understand how visitors discover and use Figtional, and optional marketing tags for advertising attribution and conversion measurement. The site shows a privacy notice to explain this use, and the footer links back to this policy at any time.

  • Essential cookies: required for security, sessions, localization, and the checkout experience.
  • Analytics cookies: used with PostHog to understand site usage, campaign attribution, and funnel performance so we can improve the product.
  • Marketing cookies and signals: used with Google Tag Manager, Meta Pixel, and Meta Conversions API when you enable marketing consent.

How We Use Information

  • Provide, personalise, and fulfill your orders.
  • Operate and improve our website and services.
  • Provide support and respond to your requests.
  • Send important service communications (e.g., order updates).
  • Send marketing communications only if you opt in (you can unsubscribe at any time).
  • Ensure security, prevent fraud or abuse, and comply with legal obligations.

Our Legal Bases (where applicable)

  • Contract: to process orders and deliver your purchases.
  • Consent: for analytics, marketing, and optional account creation.
  • Legitimate interests: to maintain and improve services and ensure security, balanced against your rights.
  • Legal obligations: tax, fraud prevention, and regulatory compliance.

Sharing and Processing Partners

We share information only as needed to provide and improve our services:

  • Payments: Stripe processes payments; Figtional never stores full card numbers or CVV.
  • Infrastructure & storage: Supabase (PostgreSQL with Row Level Security) and related cloud services. Data is primarily hosted in the United States.
  • Analytics: PostHog for privacy-respecting product analytics and campaign attribution.
  • Marketing and advertising measurement: Google Tag Manager, Meta Pixel, and Meta Conversions API when marketing consent is granted.
  • Email: Resend for transactional messages (e.g., order confirmations).
  • Fulfillment: printing and shipping partners to manufacture and deliver your order.

We require appropriate contractual safeguards with service providers and do not sell personal information.

International Data Transfers

Your information may be transferred to and processed in countries outside your own, including the United States (e.g., Supabase and PostHog). Where required, we implement appropriate safeguards such as data processing agreements and standard contractual clauses.

Data Retention

We retain data for as long as necessary to provide our services and for legitimate business or legal purposes. Personalisation assets (including photos) may be retained to enable reprints and customer support. You may request deletion; see “Your Rights”.

Your Rights

  • Access, correct, or delete your personal information.
  • Export a copy of your data where technically feasible.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at[email protected].

Children’s Privacy

Our services are designed for parents and guardians. Although our books are for children, our website is not directed to children under 13, and purchases should be made by adults. If you believe a child provided us personal information without guardian consent, contact us to request deletion.

Security

We take security seriously and implement technical and organizational measures to protect your information, including encrypted transport (HTTPS), hashed passwords, and access controls. No method is 100% secure, but we continually improve our safeguards.

We also use Cloudflare Turnstile to help protect key flows from automated abuse. You can read Cloudflare's Turnstile Privacy Addendum.

Changes to This Policy

We may update this policy to reflect changes in our practices or the law. Material changes will be highlighted on this page with an updated effective date.

Contact Us

Questions about this policy or your data? Email[email protected].