ToddlerTales

Privacy Policy

We built ToddlerTales for the little ones in your life. Protecting their privacy — and yours — is part of how we work.

Last updated · June 18, 2026
Our promises
A small policy, written in plain language
We don’t sell data. Ever — not yours, not your child’s.
No accounts for children. Only parents and guardians hold accounts.
Only what we need. The minimum data to deliver the story, safely.
You’re in control. Export, correct, or delete your data whenever you wish.
01

Who we are

ToddlerTales (“we,” “us,” or “our”) is an independent developer that operates the ToddlerTales mobile app and related services (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

If you have any questions, please reach us at toddlertalessupport@gmail.com.

02

What we collect

We collect only what we need to deliver good bedtime stories and keep the Service running safely.

Account information
What: your email address and a stable identifier issued by your sign-in provider (Apple or Google), plus the date the account was created and your current subscription status. Why: to create and secure your account, send transactional emails, and remember your plan. We never see or store a password — authentication is delegated to Apple or Google.
Child profile details
What: first name or nickname, age (2–7), optional gender, and favorite themes or characters that you enter. Why: to personalize the stories we generate for your child. Profiles are created and controlled by the parent or guardian.
Generated content
What: the stories you create (text and audio), their themes, language, status, your favorites, and any in-app reports you submit about a story. Why: to deliver, save, and re-stream the content you generate.
Subscription & credits
What: your subscription status, plan, renewal/expiry date, the in-app purchase product identifiers, and your remaining story-credit balance. Why: to unlock paid features and enforce the credit allowance. Payment transactions are processed by Apple or Google — we never receive your card number.
Device, usage & support
What: a stable device identifier (UUID) stored in your device’s secure storage, device model, OS version, app version, app language, server-side request logs (IP address and timestamps), and any feedback messages you choose to send. Why: to enforce our usage and credit limits and prevent abuse (such as creating multiple accounts to bypass them), detect bugs, respond to your support requests, and protect the Service against fraud. The device UUID is not an advertising identifier and is not shared with advertisers.

We do not collect precise location, contacts, photos, microphone input, advertising identifiers, or behavioral-tracking signals.

03

How we use it

We use the information above to:

We never use child profile details to advertise, profile, or target anyone, and we do not use your data — or your child’s — to train our own or third-party AI models.

04

Children’s privacy

ToddlerTales is a product designed for very young children to enjoy under the supervision of a parent or guardian. We follow the spirit and intent of the U.S. Children’s Online Privacy Protection Act (COPPA), the EU GDPR, and similar laws around the world.

A grown-up holds the account
Only the supervising parent or legal guardian creates the account, enters payment information, manages child profiles, and consents to this Policy. Sensitive in-app actions (such as deleting the account) are protected by a parental gate.

For children:

If you believe a child has provided us information without your consent, please write to toddlertalessupport@gmail.com and we will delete it promptly.

05

Who we share with

We share information only with carefully selected service providers (“subprocessors”) who help us run the Service, and only as needed to perform their role. Each is bound by a contract requiring them to protect your information and use it only on our instructions.

Apple & Google
Auth & payments
Sign in with Apple and Sign in with Google authenticate you. The Apple App Store and Google Play handle all subscription purchases and billing. Their own privacy policies apply.
Anthropic (Claude)
Story generation
What we send: the child profile fields needed for the story (first name/nickname, age, gender, favorites, chosen theme and language). Why: to generate the story text. Anthropic does not use your data to train its models.
ElevenLabs
Audio narration
What we send: the generated story text and the selected voice. Why: to produce the audio narration that the app plays back.
RevenueCat
Subscriptions
What we send: a pseudonymous user identifier and the App Store / Google Play purchase receipt. Why: to manage subscription state, validate purchases, and detect refunds. RevenueCat never receives your card details.
Cloudflare R2
Audio storage
What we send: the generated audio file. Why: to store and stream story audio. Files are delivered via signed URLs that expire within 24 hours.
Railway
Hosting & database
What we send: all data needed to run the back-end — account, profile, story, and credit records, plus short-lived server logs. Why: Railway provides the cloud hosting and managed PostgreSQL database that power the Service.

We may also disclose information when required by law, or to defend the safety and rights of users or the Service. We do not sell personal information.

06

Storage & retention

We keep your information only as long as needed to provide the Service, comply with legal obligations, and resolve disputes:

07

Security

We protect your information using industry-standard safeguards:

No system is perfectly secure, but we work hard to reduce risk — and we will tell you promptly if a breach materially affects your information.

08

Your rights

Depending on where you live, you may have the following rights regarding your personal information — for yourself and for any child profile you control:

Access
Ask for a copy of the data we hold about you.
Correct
Fix anything inaccurate or out of date.
Delete
Erase your account and associated data.
Export
Receive your data in a portable format.
Object
Limit or object to certain processing.
Withdraw
Withdraw consent at any time, where applicable.

You can use most of these rights directly from Settings → Account in the app (including account deletion, which is protected by a parental gate), or by writing to toddlertalessupport@gmail.com. We respond within 30 days. You also have the right to complain to a data protection authority in your country.

09

International transfers

Our subprocessors may process information in countries other than the one where you live. When this involves transfers from the EEA, UK, or Switzerland to a country without an equivalent level of protection, we rely on the European Commission’s Standard Contractual Clauses or other valid safeguards.

10

Changes & contact

We’ll update this Policy when our practices change. If updates are material, we’ll notify you in the app or by email before they take effect.

Privacy Office: Send any privacy question, request, or complaint to toddlertalessupport@gmail.com. A human reads every message.
Privacy questions?
Write to our privacy team
We answer every request within 30 days. Most within 48 hours.
toddlertalessupport@gmail.com