Why We Build With Security From Day One at BoekjesAtelier

At BoekjesAtelier, parents create a personal book about their child. They upload photos and share details that are not meant to end up anywhere else.

That makes security not a nice-to-have, but a prerequisite. That is why we don't store photos — they are only used temporarily and then deleted.

Our developer has a background in cybersecurity (read more about how BoekjesAtelier started in https://boekjesatelier.nl/en/blog/where-it-all-began). That means we don't just look at what works when building software, but also at what can go wrong.

Security is not a feature

With products like these, it is not just about accounts or payments, but about photos and personal input from parents.

That is why the foundation lies in fairly simple, but important choices:

• We build on industry standards and proven software, instead of reinventing security ourselves.
• Users only have access to their own data.
• We store as little data as possible — what you don't keep, can't leak.

Vendors are part of your security

For AI processing, we work with parties like fal.ai (for generating images) and Google Cloud (for generating text). That means data passes through them in some steps.

That is why we don't just look at functionality, but also at how they handle security and compliance. We only use parties that do not use data to train their models and that comply with European privacy regulations.

That does not remove our own responsibility, but it does determine who we want to build with in the first place.

Product decisions are also security decisions

Security is not just in infrastructure or code, but also in how a product works.

When something is unclear, people make mistakes faster. For example: not knowing what happens with a photo, or accidentally ordering something that is not right yet.

By making the process as clear and predictable as possible, you prevent those kinds of situations.

No storage as a starting point

We deliberately chose not to store photos, but to only use them temporarily to generate a description. After that, they are deleted, both by us and by the parties we use for processing.

The illustrations we generate are kept — you need those to view and order your book. But the original photos of your child? Those are gone as soon as we have the description.

That simply reduces the risk of data lingering somewhere.

If you want to know exactly how we handle data, you can read our privacy policy: https://boekjesatelier.nl/en/privacy

Security is never "done"

This is not a one-time decision, but an ongoing process.

New features, new vendors, new risks — we keep making choices, adjusting, and keeping systems up to date.

Ultimately, we are not just building a product, but also trust. And that mostly comes down to consistently making the boring, right choices.