Privacy Policy
We built ToddlerTales for the little ones in your life. Protecting their privacy — and yours — is part of how we work.
Who we are
ToddlerTales (“we,” “us,” or “our”) is an independent developer that operates the ToddlerTales mobile app and related services (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.
If you have any questions, please reach us at toddlertalessupport@gmail.com.
What we collect
We collect only what we need to deliver good bedtime stories and keep the Service running safely.
We do not collect precise location, contacts, photos, microphone input, advertising identifiers, or behavioral-tracking signals.
How we use it
We use the information above to:
- Deliver the Service. Generate story text from your child’s profile, narrate it as audio, sync your library across devices, and unlock subscription content.
- Personalize bedtime. Tailor stories to a child’s age range, language, and chosen interests.
- Keep things working. Detect bugs, enforce usage and credit limits, defend against fraud, and improve performance.
- Communicate with you. Send transactional emails (account, billing, security) and, with your permission, occasional product updates.
- Comply with the law. Respond to lawful requests and protect our users and the Service.
We never use child profile details to advertise, profile, or target anyone, and we do not use your data — or your child’s — to train our own or third-party AI models.
Children’s privacy
ToddlerTales is a product designed for very young children to enjoy under the supervision of a parent or guardian. We follow the spirit and intent of the U.S. Children’s Online Privacy Protection Act (COPPA), the EU GDPR, and similar laws around the world.
For children:
- We do not create separate child accounts.
- We do not show third-party advertising.
- We do not sell, rent, or share child information for marketing.
- We only collect a child’s first name (or nickname), age, optional gender, and chosen story preferences — no last name, school, photo, location, or contact details.
- Child information is used only to personalize the bedtime experience and operate the Service safely.
If you believe a child has provided us information without your consent, please write to toddlertalessupport@gmail.com and we will delete it promptly.
Who we share with
We share information only with carefully selected service providers (“subprocessors”) who help us run the Service, and only as needed to perform their role. Each is bound by a contract requiring them to protect your information and use it only on our instructions.
We may also disclose information when required by law, or to defend the safety and rights of users or the Service. We do not sell personal information.
Storage & retention
We keep your information only as long as needed to provide the Service, comply with legal obligations, and resolve disputes:
- Account & profile data — kept while your account is active. On deletion, your account, child profiles, and stories are soft-deleted and hidden from the app immediately, and erased or irreversibly anonymized within 30 days.
- Generated stories & audio — kept until you delete them or your account; audio files in Cloudflare R2 are removed when the associated story is deleted.
- Subscription & purchase records — retained as required by tax and accounting law (typically 5–10 years), even after account deletion, in pseudonymous form.
- Server request logs — automatically purged after about 30 days.
- Feedback messages — retained for up to 2 years to help us improve the Service.
Security
We protect your information using industry-standard safeguards:
- All data is transmitted over HTTPS (TLS) and stored on encrypted disks.
- Authentication tokens are kept in the device’s Keychain (iOS) or Keystore (Android).
- The device identifier we use for anti-abuse is stored in the device’s secure storage, not in analytics systems.
- Audio files are served only through short-lived signed URLs that expire within 24 hours.
- Passwords are never stored — sign-in is delegated to Apple or Google.
- Internal database access is restricted to our back-end services and a small set of administrators.
No system is perfectly secure, but we work hard to reduce risk — and we will tell you promptly if a breach materially affects your information.
Your rights
Depending on where you live, you may have the following rights regarding your personal information — for yourself and for any child profile you control:
You can use most of these rights directly from Settings → Account in the app (including account deletion, which is protected by a parental gate), or by writing to toddlertalessupport@gmail.com. We respond within 30 days. You also have the right to complain to a data protection authority in your country.
International transfers
Our subprocessors may process information in countries other than the one where you live. When this involves transfers from the EEA, UK, or Switzerland to a country without an equivalent level of protection, we rely on the European Commission’s Standard Contractual Clauses or other valid safeguards.
Changes & contact
We’ll update this Policy when our practices change. If updates are material, we’ll notify you in the app or by email before they take effect.