COPPA Compliance

The U.S. Children's Online Privacy Protection Act (“COPPA”) is a federal law that protects the online privacy of children under 13. The rule requires operators of online services directed to children (or with actual knowledge that they collect personal information from children) to give parents direct notice, obtain verifiable parental consent, limit what they collect, secure what they collect, and give parents ongoing control.

G's Storytime is designed for children ages 4–8. COPPA applies to us, and we take it seriously.

• We never sell data about your child.
• We never show advertisements to your child.
• We never build a marketing profile about your child.
• We collect only what is needed to run the reading experience and show you progress.
• You, the parent, can review or delete your child's data at any time.

We collect the following about each child profile you create:

• First name or nickname you provide.
• Age or grade band (to match content difficulty).
• An avatar selection you make together (no photographs).
• Reading activity: stories opened, time spent, words tapped for pronunciation, badges earned, and (if enabled) answers to comprehension questions.
• If you enable family voice cloning, the voice recording is submitted by you, the parent — not by the child — and used only to generate narrated audio in your family account.

We do not collect geolocation, contact lists, photos or videos from the device camera, biometric identifiers, or any cross-service profile about the child.

Before we collect personal information from a child, we obtain verifiable parental consent (“VPC”) from the account-holding parent or guardian. We use one of two VPC methods, matched to the data each tier involves. Both methods are approved under 16 CFR §312.5(b).

Free-tier accounts — email plus

When you create an account, we send a consent-request email to the address you provided. You review the notice describing what we collect about your child (first name or nickname, age or grade band, avatar choice, and reading activity), then click the confirmation link. After you confirm, we send a second confirmation email so you can verify the consent was recorded and revoke it with one click if the original email was not from you. This is the “email-plus” method under §312.5(b)(2)(ii), which is available to us because free-tier data is used strictly for G's Storytime's internal operations and those of our service providers (hosting, database, content delivery). We do not disclose your child's information to advertisers, analytics networks, data brokers, or any other third party.

Paid-tier features — credit-card verification

Certain premium features — family voice cloning, comprehension assessment, and bilingual learning — involve sending additional data to third-party providers (for example, the parent's recorded voice is processed by our voice- cloning vendor). For these features we obtain a stronger VPC via your first credit purchase: the completed credit-card transaction confirms that an adult cardholder authorized the expanded collection. The purchase-screen notice discloses every premium feature and data flow covered by that consent, so a single transaction authorizes the full paid-tier bundle.

[REVIEW WITH COUNSEL: confirm that the FTC's 2025 COPPA Rule amendments do not narrow the availability of the email-plus method for this service's actual data flow, and that our third-party list (Vercel hosting, Neon database, Cloudinary images, ElevenLabs text-to-speech, RevenueCat payments) remains classified as “service providers” rather than “third parties” under the current rule.]

[REVIEW WITH COUNSEL: redline the consent-request email template and the paid-tier purchase-screen notice so they satisfy the direct-notice requirements of §312.4 — each category of PI enumerated, purposes stated, and a revocation path named.]

At any time, you have the right to:

• Review the information we have collected about your child.
• Request that we delete your child's information.
• Refuse to allow further collection of your child's information (which will end the child's use of the Service).
• Revoke any consent you previously gave.

Many of these actions can be done directly from your parent dashboard. For any you cannot do yourself, email us at [REVIEW WITH COUNSEL: COPPA contact address] and we will respond within [REVIEW WITH COUNSEL: e.g., 10 business days].

We use TLS on every connection, bcrypt hashing for credentials, rotating signed cookies, and least-privilege access to our database. Backups are encrypted at rest. We review access to children's records on a regular cadence.

We share children's information only with service providers strictly necessary to operate the Service (e.g., hosting, database, text-to-speech). Each is contractually bound to use the information only to provide services to us and to protect it consistent with COPPA. We do not share children's information with advertising networks, data brokers, or analytics products designed to profile users.

[REVIEW WITH COUNSEL: confirm each sub-processor has a COPPA- aligned DPA and appears on our published sub-processor list.]

G's Storytime does not provide any functionality that allows children to publicly share personal information, communicate with other users, or contact third parties. There are no chat features, no public profiles, and no leaderboards that display identifying information.

We retain child-profile information for as long as the parent account is active. When you delete a child profile or close your account, we delete the child's records within [REVIEW WITH COUNSEL: retention window, e.g., 30 days], except where we are required by law to retain limited records for a defined period.

If you have any question about how we handle your child's information, or to exercise any of the rights above, contact [REVIEW WITH COUNSEL: designated COPPA contact name, email, and mailing address]. We will respond promptly.

You may also contact the U.S. Federal Trade Commission at ftc.gov if you believe a children's online service is not honoring COPPA.

• Privacy Policy
• Terms of Service