Our Chapters Ltd
Last updated: 1 June 2026 · Version 5.1 (interim, pending final legal review)
Our Chapters is an app that lets parents capture and keep the memories of their child’s life, and turn them into a printed book. We know you are trusting us with information about your family, including your children. Protecting that information is the most important thing we do, and it is built into the product rather than added on afterwards. This policy explains, in plain English, what we collect, why, the legal basis for it, who we share it with, how long we keep it, and the rights you have.
Our Chapters Ltd is the data controller for your personal information — meaning we decide why and how it is processed. We are a company registered in England and Wales (company number 17192759), registered office 46 Grasscroft, Northampton NN2 8TR. We are registered with the Information Commissioner’s Office (ICO), the UK’s data protection regulator, under registration C1922794.
For any privacy question or to exercise your rights, contact us at info@ourchapters.co.uk.
We only collect the information needed to provide the service.
| Information | Why we use it | Legal basis |
|---|---|---|
| Parent account details (name, email, encrypted password) | To create and secure your account and contact you about the service | Performance of a contract |
| Child details (first name, date of birth or due date, profile photo) | To build your child’s timeline and provide the core features | Performance of a contract |
| Memories you create (text, photos, videos, voice notes) | To store, display and back up your family’s memories, and generate your printed book | Performance of a contract |
| Subscription & billing status | To manage your plan and entitlements (card details are handled by our payment provider, not stored by us) | Performance of a contract |
| Security & technical data (e.g. IP address, device and login information) | To keep accounts secure, prevent fraud and abuse, and keep the service running | Legitimate interests (security) |
| Marketing preferences | To send you updates you have opted in to | Consent |
| Support messages | To resolve issues | Legitimate interests |
The legal bases above reflect our current position and are being confirmed as part of our final data protection review before launch.
We do not sell your data, we do not profile your family, and we do not use automated decision-making with legal or similarly significant effects. We do not currently use any artificial-intelligence processing of your content; if we introduce optional AI writing features in future, we will update this policy and ask for your separate, explicit consent before any such processing takes place.
3.1 Supabase as our storage provider. All data — including photos, videos, voice notes and text memories — is stored in Supabase, a secure managed platform built on PostgreSQL and object storage. Supabase provides encryption at rest and in transit, role-based access controls, row-level security, private storage buckets for media, audit logging, and UK/EU-based hosting (EU-West-2 where available). We review Supabase’s security posture regularly.
3.2 Location and metadata stripping. To protect your family’s privacy, all photos have EXIF/GPS/location data removed on upload; videos have embedded metadata removed where present; and voice notes contain no location metadata. This means we never hold a record of where your child has been, unless you choose to type a place into a memory yourself.
3.3 Staff access. No member of our team can browse your photos, videos, voice notes or memories. There is no internal admin interface for viewing user content. Only restricted, logged, infrastructure-level access exists, used solely for essential maintenance or where required by law.
3.4 Security practices. We follow industry-standard measures including encryption in transit (HTTPS/TLS) and at rest, least-privilege access, regular review of access logs, secure development practices, and ongoing DPIA review. We also follow the principles of the UK’s Children’s Code: high privacy by default, data minimisation, no behavioural advertising, no profiling, and no manipulative “nudge” or streak techniques.
No online service can be guaranteed completely secure. If you ever believe your account has been compromised, contact us immediately at info@ourchapters.co.uk.
Our Chapters is designed for parents and guardians to record their own children’s memories. Accounts may only be created by adults aged 18 or over. By using the service, you confirm that:
When your child turns 13. In the UK, children gain their own data protection rights from age 13. You are responsible for notifying us when your child turns 13, explaining the service to them in an age-appropriate way, and confirming whether they wish to continue using the service, take over the account, or have their data deleted. We will always respect a child’s rights if they contact us directly. The detail of this process is being finalised as part of our pre-launch legal review.
We process children’s data mainly on the basis of performance of a contract — we need to process it to provide the service you have signed up for. You enter into and manage that contract as the adult acting on behalf of your child. We also rely on legitimate interests for limited technical data needed to keep accounts secure. As noted above, our lawful-basis position is being confirmed in our final data protection review before launch.
Some content — such as photos, videos and voice notes of your child — may in some circumstances be treated as special category data under Article 9 of the UK GDPR. Where this applies, we will rely on your explicit consent and keep a record of it. We will make this clear at the point you provide such content.
Our Chapters supports two parents contributing to a child’s timeline.
Ownership. Each parent owns the memories they personally create, and one parent cannot edit or delete the other’s contributions.
Account holder. The parent who created the child profile is the “account holder” for subscription and administrative purposes.
Separation. If parents separate, either parent may use the Create Separate Account feature to create a new account, transfer a copy of the memories they personally created, and continue their own timeline independently. This does not duplicate the full child profile and does not remove the other parent’s contributions.
We do not mediate disputes. We only restrict access where required by law (for example, a court order) or where necessary to protect someone’s safety. We do not adjudicate family-law matters.
If someone featured in your content contacts us, we will assess the request, may ask you to edit or delete the content, and may restrict access where required by law. We do not disclose your memories unless legally required to.
We use a small number of trusted processors who act only on our written instructions and only handle the data needed to perform their role. They are not permitted to use your data for their own purposes.
| Provider | What they handle |
|---|---|
| Supabase | All data storage (text, photos, videos, voice notes, metadata) |
| Stripe | Payments and billing |
| MailerLite | Account emails and updates (with consent) |
| Prodigi | Printing and posting your book. Prodigi keeps order, invoice and production records only for as long as needed for legal, tax, dispute and quality purposes, then deletes them |
| Sentry | Error logging and crash reporting, to keep the app stable. Sentry receives technical identifiers (such as device, app and account identifiers) but never your photos, videos, voice notes or memory text. Data is held in the EU (Frankfurt) |
We do not sell your data to anyone. If our business is ever sold or transferred, we will ensure your information remains protected under terms consistent with this policy.
Our storage provider, Supabase, hosts your data in the UK/EU but uses a small number of its own infrastructure sub-processors (including Amazon Web Services and Google) to run its platform, some of which are based outside the UK. Our other processors (such as Stripe and Sentry) may also process limited data outside the UK. Where any data is transferred outside the UK, we rely on approved safeguards — such as the UK International Data Transfer Agreement (IDTA), standard contractual clauses (SCCs), or the UK Extension to the EU–US Data Privacy Framework — so that your information receives protection equivalent to that required under UK law.
We keep your information for as long as you have an account with us, so your family’s memories remain available to you. If you delete your account, we remove your memories and personal data from our active systems promptly, and they are then purged from our encrypted backups within our normal backup cycle (currently up to 30 days). We retain basic billing and transaction records for up to 7 years to meet HMRC and tax obligations; these are not used for any other purpose. Security logs are kept briefly and then deleted, and if you unsubscribe from marketing we keep a minimal record of that preference so we do not contact you again.
We may ask for reasonable information to verify your identity before fulfilling a rights request. For children turning 13, we may request age-appropriate confirmation that they understand their rights.
If an account holder dies, we may grant access to a verified next of kin or legal representative, and may require documentation before doing so. We will not disclose memories without appropriate authority, and we will respect that each parent owns only the memories they personally created.
Under UK data protection law you have the right to access your data, correct inaccurate information, delete your data (subject to the legal retention noted above), export your data, object to or restrict certain uses, and withdraw consent where we rely on it. You can exercise these rights in the app or by contacting info@ourchapters.co.uk. We will respond in line with the law (usually within one month). You can also complain to the ICO at ico.org.uk, though we would prefer the chance to resolve any issue directly first.
Our website uses essential cookies and, where you consent, basic analytics. We do not use advertising or cross-site tracking cookies. Where we use any non-essential cookies, we ask for your consent through a cookie banner first, and you can change your choice at any time.
We only send marketing emails if you opt in. You can unsubscribe at any time using the link in any marketing email, or by contacting us. Even if you opt out of marketing, we may still send you essential service messages (for example, to confirm an account change or a book order).
As we scale, we may migrate media storage to a specialist provider such as AWS S3, and we may introduce optional new features. If we make such a change, or any other significant change to this policy, we will update this page and our DPIA, and notify you through the app or by email. Continuing to use Our Chapters after a change means you accept the updated policy.
If you have any question about this policy, or want to exercise any of your rights, please contact us at info@ourchapters.co.uk.