Penned For You

Legal

Privacy Policy

Last updated: March 28, 2026

01

Introduction

Penned For You (“we,” “our,” or “us”) creates custom poems, songs, and lyrics as meaningful personal gifts. When you use our service, you share personal stories and details that matter to you — and to the people you love. We take that responsibility seriously.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and how long we keep it. By using our service, you consent to the practices described here.

Data Controller: Penned For You
Contact: hello@pennedforyou.com

02

Information We Collect

We collect the following categories of information:

  • Contact Information: Your email address, used for order delivery and customer support.
  • Payment Information: Processed securely through Stripe. We do not store credit card numbers on our servers.
  • Personalization Content: Names, stories, memories, relationships, and specific details you share to create your custom piece.
  • Sensitive Category Information: Your stories may voluntarily include sensitive data — such as health information, religious beliefs, or ethnic background. We process this only with your explicit consent and solely to fulfill your order.
  • Technical Data: IP address, browser type, and device information, collected for security and site performance.

03

How We Use Your Information

We use your information for the following purposes, each with a defined legal basis:

  • Service Delivery: To generate your poem, lyrics, or song and deliver it to you. (Legal basis: Contract Performance)
  • Communication: To send order updates and respond to support requests. (Legal basis: Contract Performance)
  • Marketing: To send promotional emails via Resend. You may opt out at any time. (Legal basis: Consent)
  • Service Improvement: To analyze usage patterns via Google Analytics and optimize our site and checkout flow. (Legal basis: Legitimate Interests)

No AI Training: We do not use your personal stories, memories, or submitted details to train public AI models.

04

Third-Party Service Providers

We share your information only as necessary to provide our service. All providers are contractually obligated to protect your data.

ProviderPurposeData Shared
StripePayment ProcessingPayment info, Email
Anthropic (Claude)Content Generation (poems, lyrics, songs)Personal stories, Names, Occasion details
ElevenLabsVoice Synthesis (songs)Generated lyrics
Suno / Music AIMusic Generation (songs)Generated lyrics, Style preferences
ResendEmail & MarketingEmail address, Order status
SupabaseDatabase & StorageOrder data, Stories, Audio files
Google AnalyticsPerformance AnalyticsAnonymized usage data, IP address
Google Tag ManagerMarketing & Ad TrackingAnonymized usage data (active by default; disabled if you decline cookies)

05

Cookies, Tracking, and Your Consent Choices

We use three categories of cookies and tracking technologies on our site:

Essential Cookies

These are necessary for the checkout process, security, and basic site functionality. They cannot be disabled without breaking the service.

Server-Side Tracking

We use server-side tracking for order processing, fraud prevention, and service delivery. This does not rely on browser cookies and operates independently of your cookie preferences.

Analytics Cookies

Google Analytics is used to understand site traffic and improve our product. These cookies are activated based on your jurisdiction's requirements and your consent.

Marketing Cookies (Google Tag Manager)

Google Tag Manager is active by default to measure advertising effectiveness. You can disable these cookies at any time by declining via the cookie consent banner.

Managing Your Cookie Preferences

When you first visit our site, you will be presented with a cookie consent banner. You may accept or reject non-essential cookies at that time.

  • Accepting: Enables analytics and marketing cookies (Google Analytics, Google Tag Manager).
  • Rejecting: Disables marketing cookies (Google Tag Manager). Essential cookies and server-side tracking remain active as they are necessary for the service to function.

You may update your preferences at any time by clearing your browser cookies and revisiting the site, which will re-trigger the consent banner.

06

Children and Minors

Our service is intended for adults aged 18 and over. We do not knowingly collect personal information from individuals under the age of 13.

We recognize that customers frequently order gifts for children — for birthdays, milestones, or other occasions. In these cases:

  • The order is placed by an adult on behalf of a minor recipient.
  • We collect information about the adult placing the order, not about the child directly.
  • Any details shared about a child (such as their name or a memorable moment) are used solely to create the requested piece and are subject to the same data retention and deletion policies as all other personalization content.

If you believe we have inadvertently collected personal information directly from a child under 13, please contact us at hello@pennedforyou.com and we will promptly delete it.

07

Data Retention

We retain your data on the following schedule:

  • Personal Stories & Input: Retained for 12 months from the date of delivery to allow for remake requests and quality assurance. After this period, story inputs are permanently deleted from active storage.
  • Generated Content (poems, lyrics, audio): Stored for 12 months. Audio files and their associated story inputs are permanently deleted after this period.
  • Financial Records: Transaction records (excluding stories) are kept for 7 years as required by applicable tax law.

You may request early deletion of your stories and generated content at any time (see Your Rights sections below).

08

Your Rights Under GDPR European Users

If you are located in the EEA or UK, you have the following rights:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate data.
  • Right to Erasure: You may request deletion of your stories and generated content before the 12-month retention period ends.
  • Right to Restrict Processing: You may request that we limit how we use your data.
  • Right to Object: You may object to our use of your data for marketing or legitimate interest purposes.
  • Right to Portability: You may request your data in a portable format.

Legal Basis Summary: We process your data primarily under Contract Performance (to fulfill your order) and Consent (for sensitive stories, marketing, and non-essential cookies).

Data Transfers: Your data is processed in the United States. We use Standard Contractual Clauses (SCCs) to ensure your data receives equivalent protection to that required in the EU/UK.

To exercise any of these rights, contact us at hello@pennedforyou.com. We will respond within 30 days.

09

Your Rights Under CCPA/CPRA California Residents

California residents have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know

You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business or commercial purpose for collecting it, and the third parties with whom we share it.

Right to Delete

You may request deletion of personal information we have collected from you, subject to certain exceptions (such as our obligation to retain financial records for 7 years).

Right to Correct

You may request correction of inaccurate personal information we hold about you.

Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information — including health data, religious beliefs, and ethnic origin that you may share in your personalization content — to only what is necessary to fulfill your order. We do not use sensitive personal information for any purpose beyond service delivery.

Right to Opt Out of Sale or Sharing

We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising without your consent. Google Tag Manager is active by default but can be disabled at any time by declining cookies via our consent banner.

Data Retention by Category

  • Identifiers (email, IP): 12 months for order data; 7 years for financial records (email only).
  • Commercial information (transaction records): 7 years.
  • Personal stories and personalization content: 12 months from date of delivery.
  • Generated content (poems, lyrics, audio files): 12 months from date of delivery.
  • Cookie and analytics data: Per Google Analytics retention settings (default: 14 months).

Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Submit a Request: Contact us at hello@pennedforyou.com. We will verify your identity and respond within 45 days, with an extension of up to 90 days where necessary.

10

Your Rights Under PIPEDA Canadian Residents

If you are located in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access the personal information we hold about you, request corrections, and withdraw consent for non-essential uses at any time.

To exercise these rights, contact us at hello@pennedforyou.com. If you have unresolved concerns, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

11

Your Rights Under the Privacy Act Australian Residents

If you are located in Australia, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access and correct the personal information we hold about you.

To make a request, contact us at hello@pennedforyou.com. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12

Your Rights Under the Privacy Act 2020 New Zealand Residents

If you are located in New Zealand, we comply with the Privacy Act 2020. You have the right to access and request correction of any personal information we hold about you.

Contact us at hello@pennedforyou.com. You may also contact the Office of the Privacy Commissioner of New Zealand at privacy.org.nz.

13

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS) and at rest (AES-256 via Supabase).
  • Access Controls: Personal story data is accessible only to the automated systems and authorized personnel required to fulfill your order.
  • No storage of payment credentials: All payment processing is handled by Stripe; we never store full card numbers.

14

Contact Us

For questions about this policy or to exercise your data rights, contact us at:

Email: hello@pennedforyou.com

We aim to respond to all privacy inquiries within 5 business days.