Privacy Policy
Last updated: January 25, 2026
Introduction
At HeroBooks we take your privacy seriously. This privacy policy explains how we collect, use, disclose, and protect your data when you use our collaborative photo book platform. By using HeroBooks, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Data Controller
FriendBooks GbR FriendBooks GbR, Lindenstr. 33a, 12555 Berlin, Germany Email: info@herobooks.de
What Data We Collect
1. Account Information When you create an account, we collect: • Name (first and last name) • Email address • Password (encrypted and stored securely) • Language preference • Authentication provider (when you sign in with Google or Apple) 2. Survey Data When you create or participate in surveys, we collect: • Survey titles and descriptions • Participant responses (name, interest indicators, number of copies requested) • Survey member information (email addresses, roles) • Survey settings (club name, team logo, colors, email addresses) 3. Photo Book Content When you create photo books, we collect: • Page content, texts, and answers to questions • Photos and images you upload • Staff and role information 4. Usage and Analytics Data To improve our service, we collect aggregated, non-personal data: • Creation and update timestamps for surveys and photo books • Completion percentages, participant counts, and other aggregated metrics • Statistics on join link usage (how often links are used)
How We Use Your Data
• Providing, operating, and maintaining our service • Authenticating users and managing accounts • Sending service-related notifications and responding to inquiries • Understanding usage patterns and improving our platform (using aggregated, anonymized data) • Monitoring for security threats and fraud prevention • Developing new features and improving existing functionality
Legal Basis for Processing (GDPR)
Contract Performance (Art. 6(1)(b) GDPR) We process your data to provide our services under our agreement with you. Consent (Art. 6(1)(a) GDPR) Where we ask for your express consent, e.g. for email communication. Legitimate Interest (Art. 6(1)(f) GDPR) We process aggregated analytics data to improve our service, which is in our legitimate business interest and does not override your privacy rights.
Cookies and Tracking
We use essential cookies that are required for our website to function. These cookies do not require consent under GDPR. Essential Cookies (no consent required) These cookies are required for the website to function: • Authentication cookies: Used by Clerk to manage your login session and keep you signed in We do not use tracking, analytics, or marketing cookies. Should we add such cookies in the future, we will ask for your express consent.
Data Sharing and Third Parties
We do not sell, trade, or rent your personal data to third parties. We only share data with trusted service providers who help us operate our platform: Clerk (Authentication Service) We use Clerk for user authentication and account management. Clerk processes your account information securely. AWS (Cloud Infrastructure) We use Amazon Web Services to host our application and store images securely. Payment Providers When you make a purchase, your payment information is processed directly by our payment provider (e.g. Stripe). We do not store your credit card information. We do not share your data with marketing companies, advertisers, or data brokers.
Data Retention
We store your personal data only as long as necessary: • Account data: Until you delete your account or request deletion • Survey and photo book data: Until you delete it or as required by law • Aggregated analytics data: Indefinitely, as it does not identify individuals
Your Privacy Rights
Under the General Data Protection Regulation (GDPR), you have the following rights: Right of Access: Request a copy of your personal data Right to Rectification: Correct inaccurate or incomplete data Right to Erasure: Request deletion of your personal data ('right to be forgotten') Right to Data Portability: Receive your data in a machine-readable format Right to Restriction: Request restriction of the use of your data Right to Object: Object to the processing of your data for certain purposes To exercise any of these rights, please contact us at: info@herobooks.de
Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
Privacy for Children & Parental Consent
Our platform is designed for youth sports teams and is suitable for children of all ages. However, under data protection law (GDPR Article 8), children under 16 cannot legally consent to the processing of their personal data. This is a legal requirement - not a content restriction. How HeroBooks works with children's data: • Account holders must be adults (16 years or older) - typically coaches, team managers, or parents • Adults manage photo books and surveys on behalf of the team • Children participate through the adult's account - we do not collect data directly from children • The adult account holder is responsible for obtaining parental consent before adding information about children (names, photos) Parents and guardians have the full right at any time to access, modify, or delete their child's information. We only collect information necessary for creating team photo books (names and photos). If you are a parent or guardian and have questions about your child's participation, please contact us at info@herobooks.de. This legal requirement serves to protect children's privacy. It does not mean our service is unsuitable for children - youth sports teams are our main users!
International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
Changes to This Privacy Policy
We may update this privacy policy from time to time. We will inform you of material changes by publishing the new policy on this page and updating the 'Last updated' date. We recommend that you review this policy regularly.
Contact
If you have questions about this privacy policy or our data practices, please contact us: Email: info@herobooks.de If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. This privacy policy is effective as of the date stated above and governs our collection and use of your personal data.