Privacy Policy

Once Upon Publishing AB including our affiliates and related parties (“we”) process personal information through our digital channels such as this website, mobile apps and/or other future digital interfaces. 

We only collect, use or disclose personal information in accordance with applicable US privacy laws and this privacy policy (the “Privacy Policy”).

This Privacy Policy sets out how we collect use, disclose and store your personal information and the rights you have in relation to the information you provide us, or we collect from other sources.

 You need not provide any personal data in order to visit the digital channels but, if you do not provide the requested information, it is possible that you will not be able to obtain the products (hereinafter the “Products”), offers, functions, tools, services or resources provided by us through the app (hereinafter the “Service”) or visit all parts of the digital channels. If you have any remaining questions, feel free to contact us. Information regarding how to contact us is available in the “Contact information” section which you will find at the end of this Privacy Policy.

If you live outside of the US, please see our international Personal Data Policy.

1. Personal data which is processed 

“Personal Data” means every type of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural, living person . We must collect Personal Data in order for the Service to at all operate and be meaningful for you as a user. We collect and process the following Personal Data regarding you:

1.1 Via the app

In conjunction with your creation of an account via the app, we collect the following Personal Data: e-mail address. We also process the information you share with us in conjunction with the use of the Service, e.g. when you upload and/or contribute content and information (for example, pictures and text materials you have chosen for your Products(s)). In conjunction with ordering a Product in the app, we collect information regarding you in order to process the order. This includes your name, your address and contact information in the form of telephone numbers and e-mail addresses to the extent we are not already in possession of the same.                                                                         

When you use the app, certain information will also be automatically obtained, e.g. information regarding your order and about your use of the Service, localisation information, information regarding network and unit performance, language and information regarding identification and operating systems as well as other technical information regarding your unit such as the model and type of telephone used. We may use cookies and similar technology in order to collect this information. More information may be found in the “Cookies” section below.

1.2 Via the website 

Via the website, we collect the Personal Data you upload on the website, e.g. when making contact with us in order to obtain access to the Service such as names, telephone numbers and e-mail addresses. When you use the website, certain technical information will also be obtained automatically, e.g. the web address from which you visit the website, information regarding network and unit performance, type of browser, language and information regarding identification and operating system. We may use cookies and similar technology in order to collect this information. More information regarding the use of cookies is found in the “Cookies” section.

2. Sensitive personal data

Sensitive personal data is information which reveals race or ethnic origin, political views, religious or philosophical convictions, or membership in a labour union and personal data concerning health or sex life (hereinafter referred to as “Sensitive Personal Data”). Health information may consist of, for example, sick leave, pregnancy and doctors visits. Depending on the pictures and text material you choose to share with us, we may process Sensitive Personal Data within the context of the Service.

2. What do we use the personal data for?

We will process the Personal Data collected by us for the following purposes:        

  1. In order to be able to communicate with you;  
  2. To deliver the Service and ensure that the Service works;   
  3. In order to be able to produce and deliver the Product you have created and ordered via the app;
  4. In order to be able to offer you the opportunity to order Products once again;
  5. To analyse your use of the Service to improve the Service and develop new Products and services;                
  6. To administer your account and use of the Service and communicate with you, e.g. via notices, e-mail and in other ways;           
  7. To inform you regarding our updates to the Service and the general terms and conditions which are applicable to the use of the app;           
  8. To market the Service, either within or outside the Service, including functions and content of the Service; and      
  9. For the express purposes otherwise presented in this Privacy Policy.

Your integrity is very important to us and we will process your Personal Data you share with us with the utmost care and in accordance with “best practices”, the Privacy Policy and applicable laws and rules. In the absence of your consent therefor, we will not release your Personal Data to a third party in any manner other than as follows from this Privacy Policy.

3. Legal basis

Information we collect in conjunction with your registration of a user account via our app is processed by us in order to fulfil our obligations under the agreement with you as a customer, i.e. to provide the app and the Service in general. When we collect information regarding you when you place an order via the app, we process this data in order to fulfil our undertakings relating to the order, i.e. to produce and deliver the Product you have ordered.  

When we analyse user behaviour, we do so in light of our legitimate interest in developing the Service and our Products. In the event we process personal data regarding you in conjunction with direct marketing, we do so in light of our legitimate interest in marketing the Service and our Products.

We may also use your Personal Data as we believe to be necessary or appropriate: (a) under applicable law, including laws outside of user’s state or country of residence; (b) to comply with legal process; (c) to respond to requests from governmental authorities; or (d) to enforce our terms of use.     

4. Information from third parties

In certain cases, we may supplement the Personal Data provided by you with information from a third party for the purpose of evaluating and improving the digital channels in the Service. 

We obtain information regarding your name and e-mail address from Facebook if you choose to log in to the Service through your Facebook account. In addition, we obtain information from our collaboration partners for news despatches in order to evaluate our marketing.

5. Information to third parties

Other than as stated in the Privacy Policy and our general terms and conditions, we will not share the Personal Data you provide to us with third parties other than when (i) such has been specifically agreed upon between you and us, (ii) where necessary to protect your rights, (iii) as required by law, a decision of a governmental authority or a court of law, (iv) we retain independent suppliers for our services in connection with our digital channels or the Service, (v) we retain third parties to produce a Product which is designed in accordance with your order in the Service. 

These providers may process Personal Data and sometimes require limited access to Personal Data which has been collected via the digital channels or the Service. We shall at all times strive to limit such access to Personal Data and shall only share information reasonably necessary in order for the providers to be able to carry out their work or provide their services. We will also require that such providers

(i) protect your Personal Data in accordance with the Privacy Policy and (ii) do not use or disclose your Personal Data for any purpose other than to provide the agreed products or services. Personal Data will not be disclosed to third parties for marketing purposes without your written consent. 

At no time will we disclose customer lists, order histories or similar information to third parties except as may be necessary or required under Section 4.

6. Transfers to third countries

In the event we choose to retain providers outside the United States, e.g. cloud service providers, we will in such case comply with all applicable laws, rules and regulations that may apply to your Personal Data and you consent to such transfer and processing of your data.

7. Storage time

Your Personal Data will not be retained for a period of time in excess of what is necessary taking into account the purposes of processing, and we will otherwise erase Personal Data in the manner following from applicable legislation. We save your Personal Data connected to your account as long as you have an account in the Service provided you do not, prior thereto, request that we erase your Personal Data. Products which you have created through the Service will be erased at the same time you remove your account.

We also save digital copies of the Products which you have ordered during a period of ninety (90) days. The purpose of this is to be able to reproduce Products about which complaints have been made. 

We do not save your personal identification number or your card or bank information. All processing concerning payments is handled via third party suppliers of the payment service. In order to obtain information regarding the manner in which they process your personal data, we refer you to their privacy policies.                      

The file names of the pictures you upload in the app are not saved but, rather, are replaced by a new name series which, in turn, is managed by our system.

9. Your rights

You have the right to request information regarding which Personal Data (if any) we process regarding you. If you believe that we possess personal data regarding you which is incorrect, you may, furthermore, request correction of your personal data. 

You are entitled to object to personal data we process regarding you in accordance with a so-called legitimate interest. This applies, for example, when we process your personal data in order to send direct marketing to you. Notify us if you do not want us to continue with this type of processing of your personal data.

You are also entitled to request that we temporarily limit certain processing of personal data regarding you and a right to request to be erased.

If you wish to know whether we process Personal Data regarding you, you may send a written and signed request to us (see “Contact information” below).

8. Links

Our digital channels may contain links to other websites provided by other companies. This Privacy Policy does not apply to these websites. Accordingly, you should read the personal data policies of such websites prior to releasing personal data.

9. Cookies

We collect information by means of technology such as cookies, beacons and local storage (e.g. on your browser or unit). In the Privacy Policy, we use the term “cookies” for all technology, including data and parts of text, which we store on your web browser or unit. A cookie is a small text file which is stored on your computer, telephone or other unit when you visit our website. Cookies may, for example, assist us in recognising you the next time you visit our website, but also make it possible for us to offer a secure and more operationally sound service. We use functional cookies for functions in the Service so that your choices and settings will be remembered when you use the Service again. In order to maintain and improve the website, we use cookies for analysis in order to measure how our services are requested, used and work when they are used. Most web browsers allow you to choose how cookies are handled. You may set your web browser to decline cookies or to remove certain cookies. If you choose to block cookies, parts of the Service’s functionality may deteriorate or disappear.

10. Federal and State Legislation

10.1 COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personally identifiable information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under 13.

10.2 CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.  

If you object to receiving commercial emails, you can unsubscribe through a link at the end of these emails or by contacting us at

10.3 California Requirements

If the California Consumer Privacy Act (CCPA) applies to your information, we provide these disclosures described in this Privacy Policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information. We do not sell your personal information. We only share your information as described in this Privacy Policy. We process your information for the purposes described in this Privacy Policy, which include “business purposes” under the CCPA. These purposes include:

10.3.1 Protecting against security threats, abuse, and illegal activity

We use and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, we may receive or disclose information about IP addresses that malicious actors have compromised.

10.3.2 Auditing and measurement

We use information for analytics and measurement to understand how our services are used, as well as to fulfill obligations to our business partners like developers. We may disclose non-personally identifiable information publicly and with these partners, including for auditing purposes.

10.3.3 Maintaining our services

We use information to ensure our services are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.

10.3.4 Research and development

We use information to improve our services and to develop new products, features and technologies that benefit our users and the public.

10.3.5 Use of service providers

We share information with service providers to perform services on our behalf, in compliance with our Privacy Policy and other appropriate confidentiality and security measures. For example, we may rely on service providers for storage of your information.

10.3.6 Laws and regulations

We also use information to satisfy applicable laws or regulations, and disclose information in response to legal process or enforceable government requests, including to law enforcement.

10.4 California Do Not Track Disclosures

Do Not Track (DNT) is a privacy option that a user can set in certain web browsers. When a user turns on the Do Not Track signal, the browser will send a message to websites requesting them not to track the user. As of the effective date indicated below, we do not respond to Do Not Track browser settings or signals. Note, whether or not you have turned on the Do Not Track signal, we may deploy cookies and other technologies on our websites and those of our customers to collect information about you and your internet activity as provided elsewhere in this privacy policy. We have no control over third parties’ use of or tracking collecting personally identifiable information even if such third party is accessed through our website.

11. Security

We take all suitable technical and organisational security measures necessary in order to protect the Personal Data against unauthorised access, alteration or destruction. However, there is always a risk involved in providing Personal Data via digital channels since it is not possible to completely protect technical systems from encroachment.            

Communications between you and Once Upon take place via a so-called SLL protocol, an encrypted transmission between service and user which maintains a recognised high standard. SSL is used, for example, by Facebook, Instagram and Google. Your information is saved on the Google Cloud Platform servers and, in conjunction with payment in AWS (Amazon Web Services) in accordance with their agreement. Logs of user behaviour are saved by us through Google Analytics, Firebase Analytics and Firebase Crashlytics.

12. Personal Data Incidents

In conjunction with a security incident concerning Personal Data, e.g. hacking or an unintentional loss of personal data, we will notify you of such security incident in accordance with applicable laws. We may also require information from you, e.g. if there is a risk of ID theft or fraud.

13. Amendments to the Privacy Policy

In the event we amend the Privacy Policy, in our discretion, we will provide notice when you log on to the Service and on the digital channels in general and provide information regarding the content of the new terms and conditions approved by you.

14. Invalid provisions

In the event a competent court of law finds any provision of the Privacy Policy to be invalid, such shall result only in a reasonable adjustment of the provision in question. Other provisions will continue to apply with full force and effect.  

15. Applicable law; Dispute resolution

By choosing to access or Products or using our Service or provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the State of New York without regard to its conflict of law principles thereof. You also agree to abide by any limitation on damages and dispute resolution process contained in our General Terms and Conditions, or other agreement that we have with you.

16. Contact information

In the event you have any questions regarding the Privacy Policy or any other question or complaint regarding our processing of your Personal Data, feel free to contact us at: Once Upon Publishing AB, company registration no. 559073-3670, Storgatan 26, 931 32 Skellefteå, Sweden or at

17. Consent 

When you approve the Privacy Policy, you approve our use and processing of your Personal Data in accordance with the description in the Privacy Policy. You also approve our use of cookies (see section 11). If you do not accept the provisions of the Privacy Policy, we request that you do not use the digital channels or the Service. You may revoke your consent at any time by providing notice to us thereof.

Effective date for this Privacy Policy is February, 2022.