Privacy Policy

G's Storytime (“G's Storytime,” “we,” “us,” or “our”) is a reading platform for children ages 4–8 operated by [REVIEW WITH COUNSEL: legal entity name, state of formation, business address]. This Privacy Policy explains what information we collect, how we use it, and the rights that parents and guardians have over it.

We intentionally collect as little as possible. Specifically:

From the parent/guardian account

• Email address and hashed password (for login).
• Family name or display name that you provide.
• Parent PIN (stored as a bcrypt hash, never in plain text).
• If you make a purchase: transaction metadata from our payment processor (purchase date, product, amount). We do not store credit-card numbers ourselves.
• If you opt in to family voice cloning: a short voice recording that you submit, and the third-party voice ID returned by our speech provider.

From the child's profile

• First name or nickname you provide.
• Age or grade band (to match content difficulty).
• An avatar selection (no photographs).
• Reading activity: stories opened, time spent, words tapped for pronunciation, and (if enabled) answers to comprehension questions.

Automatic technical information

• Standard web-server logs (IP address, user agent, timestamps), retained only long enough to diagnose abuse or errors.
• Anonymized performance telemetry from our hosting provider.

We do notcollect precise geolocation, biometric data, contact lists, photos or videos taken with the device camera, or any profile from your child's device.

• To operate and provide the service (log you in, show stories, track progress).
• To personalize your child's reading experience (difficulty, streaks, rewards).
• To show you, the parent, how your child is progressing.
• To debug, secure, and improve the service.
• To process payments (if you choose to buy credits).
• To communicate with you about your account (receipts, important policy changes).

We do notuse your or your child's information to build advertising profiles, serve behavioral advertising, or sell data.

G's Storytime is directed to children ages 4–8. We comply with the U.S. Children's Online Privacy Protection Act (“COPPA”). See our full COPPA Compliance noticefor the detail, including how we obtain verifiable parental consent, what we collect from children, and how parents can review or delete their child's data.

In short: we use the email-plus method (16 CFR §312.5(b)(2)(ii)) for free-tier accounts and credit-card verification at the first paid purchase for accounts that enable premium features. The method we use for a given account reflects what that account allows us to collect. Full detail on the COPPA page.

[REVIEW WITH COUNSEL: confirm the method descriptions above remain consistent with the final implementation, and that any FTC Safe Harbor claim we intend to make is separately vetted.]

We share limited information only with service providers that help us run the service:

• Hosting and database (Vercel, Neon).
• Text-to-speech (ElevenLabs).
• Image delivery (Cloudinary).
• Payments (RevenueCat and the App Store / Play Store, when available).
• Error monitoring (if enabled).

Each of these providers is contractually bound to use data only for the services they provide to us. We do not sell personal information. We do not share personal information with advertising networks.

[REVIEW WITH COUNSEL: verify each vendor's DPA is in place and that the vendor list here matches production reality at launch.]

We retain information for as long as your account is active plus [REVIEW WITH COUNSEL: retention window, e.g., 90 days] after you request deletion, after which backups are purged on their normal rotation. Server logs are retained for [REVIEW WITH COUNSEL: e.g., 30 days] and then deleted.

We use industry-standard safeguards: TLS on every connection, bcrypt for password and PIN hashing, rotating secrets for signed cookies, and access controls on our database. No system is perfectly secure, and we cannot guarantee the absolute security of any information.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you or your child.
• Correct inaccurate information.
• Delete the account and associated data.
• Export a copy of the data.
• Object to certain processing.

To exercise any of these rights, email us at [REVIEW WITH COUNSEL: support / privacy contact address]. We will respond within [REVIEW WITH COUNSEL: statutory response window] of receiving your request.

[REVIEW WITH COUNSEL: add state-specific notices — California CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA — where applicable.]

G's Storytime is operated from the United States. If you access it from outside the U.S., your information is processed in the U.S. [REVIEW WITH COUNSEL: add GDPR/UK-GDPR cross-border transfer mechanism if targeting EU/UK, or an explicit geographic restriction.]

We may update this policy from time to time. If we make a material change, we will notify account holders by email and post the updated version here with a new “Last updated” date.

Questions, requests, or concerns about this policy: [REVIEW WITH COUNSEL: privacy contact email, mailing address, and designated privacy contact name].