Privacy Policy

Last updated: January 25, 2026

Introduction

At HeroBooks, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collaborative photo book platform.

By using HeroBooks, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Data Controller

FriendBooks GbR

FriendBooks GbR, Lindenstr. 33a, 12555 Berlin, Germany

Email: info@herobooks.de

What Data We Collect

1. Account Information

When you create an account, we collect:

  • Name (first and last name)
  • Email address
  • Password (encrypted and securely stored)
  • Language preference
  • Authentication provider (if you sign in with Google or Apple)

2. Survey Data

When you create or participate in surveys, we collect:

  • Survey titles and descriptions
  • Participant responses (name, interest indicators, number of copies requested)
  • Survey member information (email addresses, roles)
  • Survey settings (club name, team logo, colors, email addresses)

3. Photo Book Content

When you create photo books, we collect:

  • Page content, text, and answers to questions
  • Photos and images you upload
  • Collaborator information and roles

4. Usage and Analytics Data

To improve our service, we collect aggregated, non-personal data:

  • Creation and update timestamps for surveys and photo books
  • Completion percentages, participation counts, and other aggregate metrics
  • Join link usage statistics (how many times links are used)

How We Use Your Data

  • Provide, operate, and maintain our service
  • Authenticate users and manage accounts
  • Send you service-related notifications and respond to inquiries
  • Understand usage patterns and improve our platform (using aggregated, anonymized data)
  • Monitor for security threats and prevent fraud
  • Develop new features and improve existing functionality

Legal Basis for Processing (GDPR)

Contract Performance (Article 6(1)(b))

We process your data to provide our services as part of our agreement with you.

Consent (Article 6(1)(a))

Where we ask for your explicit consent, such as for email communications.

Legitimate Interest (Article 6(1)(f))

We process aggregated analytics data to improve our service, which is in our legitimate business interest and does not override your privacy rights.

Cookies and Tracking

We use essential cookies that are necessary for our website to function properly. These cookies do not require your consent under GDPR.

Essential Cookies (No Consent Required)

These cookies are necessary for the website to function:

  • Authentication cookies: Used by Clerk to manage your login session and keep you signed in

We do not use tracking, analytics, or marketing cookies. If we add such cookies in the future, we will ask for your explicit consent.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We only share data with trusted service providers who help us operate our platform:

Clerk (Authentication Service)

We use Clerk for user authentication and account management. Clerk processes your account information securely.

AWS (Cloud Infrastructure)

We use Amazon Web Services to host our application and store images securely.

Payment Processors

When you make a purchase, your payment information is processed directly by our payment provider (e.g., Stripe). We do not store your credit card information.

We do not share your data with marketing companies, advertisers, or data brokers.

Data Retention

We retain your personal data only as long as necessary:

  • Account data: Until you delete your account or request deletion
  • Survey and photo book data: Until you delete them or as required by law
  • Aggregated analytics data: Indefinitely, as it does not identify individuals

Your Privacy Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ('right to be forgotten')

Right to Data Portability

Receive your data in a machine-readable format

Right to Restriction

Request we limit how we use your data

Right to Object

Object to our processing of your data for certain purposes

To exercise any of these rights, please contact us at: info@herobooks.de

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Children's Privacy & Parental Consent

Our platform is designed for youth sports teams and is appropriate for children of all ages. However, under data protection law (GDPR Article 8), children under 16 years cannot legally consent to the processing of their personal data. This is a legal requirement - not a content restriction.

How HeroBooks works with children's data:

  • Account holders must be adults (16 years or older) - typically coaches, team managers, or parents
  • Adults manage photo books and surveys on behalf of the team
  • Children participate through the adult's account - we do not collect data directly from children
  • The adult account holder is responsible for obtaining parental consent before adding children's information (names, photos)

Parents and guardians have full rights to access, modify, or delete their child's information at any time. We only collect information necessary for creating team photo books (names and photos). If you are a parent or guardian and have questions about your child's participation, please contact us at info@herobooks.de.

This legal requirement exists to protect children's privacy rights. It does not mean our service is inappropriate for children - youth sports teams are our primary users!

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the 'Last updated' date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@herobooks.de

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of the date stated above and governs our collection and use of your personal information.