Children's Privacy Notice

This notice applies to information about children under 13 that a parent or legal guardian voluntarily enters into the Service in order to receive a personalised bedtime story.

By using the Service to create a story about your child, you confirm that:

• You are the child’s parent or legal guardian;
• You consent to our collection and use of the limited child information described below; and
• You have the authority to make that decision on your child’s behalf.

The complete list of information we ever collect or process about a child:

• First name or nickname. So the story can reference your child by name when you enable that setting.
• Age band. A coarse range — 2–3, 4–5, 6–7, or 8–10 — so the story uses age-appropriate vocabulary, length, and pacing.
• The concern you describe.The free-text prompt you submit about what is on your child’s mind (for example, “first day of kindergarten tomorrow” or “had a tough day at school”). This may contain additional incidental information about your child if you include it.
• The generated story. The story text we produce and the audio segments we synthesize from it. These are stored against your account so you can play them back at any time.

We do not collect, and we will not knowingly accept submissions of:

• Your child’s last name or surname;
• Your child’s exact date of birth;
• Photographs, videos, or facial images of your child;
• Your child’s voice — only the parent’s voice is ever recorded;
• Home address, school name, or other geo-locating info;
• Government identifiers (social-security number, passport, etc.);
• Health, biometric, or genetic information; or
• Any information that would let us, or anyone else, contact your child directly.

If you accidentally include any of the above in a concern prompt, please contact us — we will help you remove it.

We use the child information you provide for one purpose: to generate the personalised bedtime story you asked for and to store it for you so you can play it back later.

We do not use the child information you provide to:

• Train any third party’s general-purpose AI model — our agreements with our AI providers prohibit this;
• Build a profile of your child or infer characteristics about them beyond what you tell us;
• Target your child with advertising;
• Contact your child directly — we have no mechanism to do so;
• Share child information with any party not listed in Sharing with subprocessors below.

COPPA requires us to obtain verifiable parental consent before collecting personal information about a child. We do this by:

• Requiring a tick-box affirmation that you have read and agree to the Terms of Service, the Privacy Policy, and this COPPA Disclosure when you create your account;
• Storing a timestamped record of that acceptance against your account (the tos_accepted_at and tos_version fields);
• Charging your credit or debit card for the subscription — the use of a verifiable payment method is one of the FTC’s recognised methods of obtaining verifiable parental consent (16 CFR § 312.5(b)(2));
• Requiring you to explicitly enter your child’s first name and age band into the Service before any story is generated. Both fields are editable and deletable from Settings.

If we ever expand the types of information we collect about children, we will not begin doing so without first obtaining renewed parental consent.

As the parent, you have direct control inside the app:

• Review. Every story we have generated for you is visible in your Library. Every setting (child first name, age band, story preferences) is visible in Settings.
• Edit.Update or correct your child’s first name and age band at any time from Settings.
• Delete individual stories. Each story has a delete control in your Library. Deleting a story removes both its text and its audio segments.
• Delete your child’s profile. Remove the child record from Settings; any future story will require you to enter a new one.
• Delete your account. Delete your account from Settings to remove all stories, all child information, all voice clones, and the account itself. We will also call our subprocessors to delete the corresponding records on their side.
• Refuse further collection. Email support@parentwhisper.app to tell us you no longer consent to our collection of any information about your child. We will respond by deleting your account.

We share child information only with the third-party service providers that are necessary to deliver the Service to you. Each one is bound by a written data-processing agreement that prohibits them from using the data for any other purpose.

• Story generation— concern text plus the child’s first name and age band are sent to OpenAI (for English stories) or Google (for Korean stories) so the language model can produce a personalised story.
• Safety screening— concern text is passed through OpenAI’s Moderation API so we can detect prompts that should be referred to a hotline rather than turned into a story.
• Speech synthesis— the generated story text is sent to Cartesia (or, for legacy accounts, ElevenLabs) for narration in the parent’s cloned voice.
• Storage — the generated text and audio are stored in Supabase (US region), our database and storage provider.

We do not sell, lease, or rent any information about your child. We do not share it for behavioural advertising. The full list of subprocessors is published in our Privacy Policy.

Information about your child is retained for as long as your account exists, and is deleted when:

• You delete the specific story (audio + text);
• You delete the child profile from Settings; or
• You delete your entire account.

Deletion is propagated to our subprocessors. Some technical retention (encrypted backups, log entries) may persist for a short period before being rotated out — typically no more than 30 days for logs and 30 days for backups.

We use the same protections for child information that we use for the rest of your account data: encryption in transit (TLS) and at rest, database-level row-level security so each account can only read its own rows, short-lived signed URLs for audio playback, and least-privilege access for our team. See the Security section of the Privacy Policy for the full list.

As a parent or legal guardian, COPPA gives you the right to:

• Review the personal information we have collected about your child;
• Direct us to delete that information at any time;
• Refuse to permit any further collection, use, or maintenance of that information.

To exercise any of these rights, email support@parentwhisper.app. We will respond within 30 days. We may ask you to verify that the account belongs to you before fulfilling the request.

If you have an unresolved concern about how we handle your child’s information, you may contact the U.S. Federal Trade Commission, the agency that enforces COPPA, at ftc.gov/coppa or by phone at 1-877-FTC-HELP.

Our designated point of contact for COPPA and other children’s-privacy matters is reachable at support@parentwhisper.app.

By post:

YCJW FBA LLC
Attn: Children’s Privacy
c/o Republic Registered Agent Inc., 3400 Cottage Way, Ste G2, Sacramento, CA 95825