Privacy Policy

What we collect

— Your account email and password (or Google account), the voice recording you upload for cloning, your child's first name and age band, the concerns you ask us to address in a story, and the stories we generate for you.

What we do not collect

— Your child's voice. Your child's full name, address, or any other contact information. We do not knowingly collect any personal information directly from a child under 13.

How we use it

— To run your account, generate and play back your bedtime stories, prevent abuse, comply with the law, and improve the Service. We never sell your information, and we do not show advertising.

Who we share with

— Service providers that help us operate (Supabase, Stripe, OpenAI, Cartesia, ElevenLabs, Google). Each is listed by name below.

Your rights

— You may access, correct, download, or delete the information we hold about you at any time. If you are in California, you have additional rights under the CCPA.

How to reach us

— Email support@parentwhisper.app or write to YCJW FBA LLC, c/o Republic Registered Agent Inc., 3400 Cottage Way, Ste G2, Sacramento, CA 95825.

We process your information to:

• Create and manage your account — authenticate you, store your settings, and let you sign in across devices.
• Provide our core service — record and clone your voice, generate personalized bedtime stories from your inputs, synthesize those stories in your cloned voice, and play them back.
• Process payments — bill you for your subscription via Stripe and provide invoices.
• Enforce abuse and safety limits — screen story prompts for content that should not be turned into a story (for example, indications of self-harm or abuse) and route to appropriate referrals; enforce the monthly story quota included with your subscription.
• Comply with law — respond to lawful requests from courts, regulators, and law enforcement, and meet our tax and consumer-protection obligations.
• Communicate with you — send transactional messages (confirmations, password resets, trial-ending reminders), and, if you have opted in, occasional product updates.
• Improve the Service — analyze aggregate, de- identified usage patterns to understand which features parents actually use.

We will never use your information to:

• Train any third party’s general-purpose AI model.
• Profile your child for advertising.
• Sell your data to data brokers.

We process your information only when we have a valid legal basis to do so. Depending on the activity, we rely on one or more of:

Consent

— When you click “I agree” at signup, when you upload your voice recording for cloning, and when you submit a story prompt.

Performance of a contract

— To deliver the Service you signed up for and to bill you for it.

Legitimate interests

— To prevent abuse, secure our infrastructure, and analyze aggregate usage — balanced against your privacy interests, with technical and organizational safeguards in place.

Legal obligation

— To comply with applicable law, including tax law and COPPA.

Vital interests

— Where an exceptional case — such as a credible safety concern surfaced by a screening signal — requires action to protect the life or physical safety of a child.

You may withdraw consent at any time by deleting the underlying content (e.g., removing a voice slot to revoke the cloning consent, or deleting a story) or by deleting your account. See Review, update, or delete your data.

We share information only with the service providers we have engaged to operate the Service, and only to the extent each provider needs to deliver its function. Each provider is bound by a written data-processing agreement that requires them to use the data only for our instructions, to maintain appropriate safeguards, and to delete the data on our request.

The current list of subprocessors:

Supabase, Inc.

— Authentication, application database, and audio file storage (US region). Data shared: Account credentials, parent profile, stories, audio segments, child first name & age band. Operating from United States. Privacy notice.

Cartesia, Inc.

— Voice cloning model training (Instant Voice Clone) and text-to-speech synthesis of bedtime stories. Data shared: Voice recording uploaded by the parent; generated story text submitted for synthesis. Operating from United States. Privacy notice.

ElevenLabs, Inc.

— Legacy text-to-speech synthesis for voice clones created before our Cartesia migration. Parents are migrated to Cartesia on their next re-record. Data shared: Voice clone IDs (no raw audio re-uploaded) and story text. Operating from United States. Privacy notice.

OpenAI, L.L.C.

— Concern classification, English-language story generation (GPT-5), safety screening (Moderation API), and voice-note transcription (Whisper). Data shared: Concern text submitted by the parent (may contain the child's first name and age) and short audio notes when the voice-input button is used. Operating from United States. Privacy notice.

Google LLC (Gemini API + Google OAuth)

— Korean-language story generation (Gemini 2.5 Pro) and optional Google sign-in for the parent account. Data shared: Concern text and account email/name when Google sign-in is used. Operating from United States. Privacy notice.

Stripe, Inc.

— Subscription billing for the $19.99/month plan and customer self-service portal (update card, cancel subscription). Data shared: Email, billing address, last 4 digits of payment card, subscription state. Full card numbers are tokenized by Stripe and never reach our servers. Operating from United States. Privacy notice.

We will also disclose information if we are required to do so by law, if we believe in good faith that disclosure is necessary to comply with a legal process or government request, to enforce our Terms of Service, to protect the rights, property, or safety of our users or others, or in connection with a merger, acquisition, or sale of all or part of our business — in which case we will give notice and require the successor to honor this notice.

Voice cloning is the heart of our service, so we want to be specific about how this data flows:

• What you record — when you set up a voice slot, the browser captures roughly 60–120 seconds of you reading a sample script. The audio is converted to a WAV file in your browser.
• Where it goes — the WAV file is uploaded directly from our servers to Cartesia (or, for legacy accounts, ElevenLabs). The provider trains an Instant Voice Clone model and returns a voice ID.
• What we keep — the voice ID, a label you choose (Mom, Dad, etc.), and the language you recorded in. We do not keep the raw WAV file on our servers after the clone succeeds.
• What our provider keeps— Cartesia and ElevenLabs each retain the recording and the resulting model on their infrastructure for as long as the voice ID exists in your account. When you delete a voice slot, we call the provider’s delete-voice endpoint to remove both.
• Synthesis — when we narrate a bedtime story, we send the story text and the voice ID to the same provider. The audio comes back as MP3 segments and is stored in encrypted Supabase Storage, served to your browser via short-lived signed URLs that expire automatically.

ParentWhisper relies on third-party AI models to generate stories and screen prompts for safety. These providers act as our subprocessors and are listed under Sharing above.

• Story generation— short prompts (your concern text, plus your child’s first name and age band) are sent to OpenAI for English stories and to Google’s Gemini API for Korean stories. The provider returns generated text. We do not opt into any setting that would allow the provider to use this text to train their general models. Each provider’s standard enterprise agreement prohibits such training.
• Safety classification— the same concern text is passed through OpenAI’s Moderation API and through a lightweight classifier we built on top of it. This is how we detect prompts that should be referred to a hotline rather than turned into a story.
• Voice-note transcription — when you tap the microphone icon to dictate a concern, the audio is sent to OpenAI Whisper for transcription. The original audio is discarded after transcription succeeds.
• Speech synthesis — see Voice cloning above.

We use only the small set of cookies and similar technologies required to operate the Service. We do not use advertising cookies, analytics cookies that track you across websites, or social-media trackers.

Authentication cookies

— Supabase issues a session cookie when you sign in. It is HttpOnly, Secure, and SameSite=Lax. Removing it signs you out.

CSRF tokens

— Short-lived tokens stored in your browser to prevent cross-site request forgery on sensitive form submissions.

Preferences

— We may persist UI preferences in localStorage (for example, whether you previously dismissed an in-app banner). These never leave your device.

Most browsers let you delete cookies or block specific cookies. Blocking authentication cookies will prevent you from signing in.

If you choose to register or sign in with Google, we receive the information that Google’s standard OAuth profile scope returns to us — your email, your display name, your profile picture URL, and a Google account identifier we use to recognise you on subsequent sign-ins.

We do not request, and Google does not share, any additional information unless you grant additional scopes. We use this information only to create and manage your account. You can disconnect the link at any time from your Google account’s security settings.

Account

— Until the parent deletes their account.

Voice clone

— Until the parent re-records (replaced) or deletes the voice slot. The voice clone is hosted with the synthesis provider; deleting the slot triggers an API call to remove it.

Voice sample (raw recording)

— The original ~90-second voice recording is uploaded to the synthesis provider during cloning. We do not retain a copy on our own servers after the clone succeeds.

Stories

— Until the parent deletes the story. Each story's audio segments live in encrypted Supabase Storage and are served via short-lived signed URLs.

Child profile / concern text

— The first name and age band of the child are stored on the children record. Concern text is stored on each story record. Both are deleted with the account or with the individual story.

Server logs

— Server logs that may contain a parent's user-id and request metadata are retained for 30 days for security and abuse-prevention purposes, then automatically rotated out.

Billing records

— Billing records (invoices, subscription history) are retained by Stripe for the period required by U.S. tax and financial-record regulations (currently 7 years).

When the retention period for a category lapses, we delete the data or anonymise it so it can no longer be associated with you or your child.

We implement organisational and technical safeguards designed to protect your information, including:

• TLS (HTTPS) for all traffic between your browser, our servers, and our subprocessors.
• Encryption at rest for the database (Supabase Postgres) and for audio files (Supabase Storage).
• Row-level security policies in the database that restrict every parent to only their own rows — even our own server-side code must authenticate as that parent to access their data.
• Short-lived signed URLs for audio playback (no public buckets, no permanent URLs).
• Least-privilege access for our team. Administrative actions are logged.
• Strict separation between billing data (held by Stripe) and application data (held by us).

No system is perfectly secure. If a breach occurs that affects your information, we will notify you and the appropriate authorities as required by applicable law.

ParentWhisper is operated by adults, for adults. The Service is offered only to users who are at least 18 years old. We do not knowingly collect personal information directly from any user under 13 years of age.

We do, however, process limited information about children — specifically, the child’s first name (or nickname) and age band that a parent provides, and any concerns the parent describes — so we can generate personalised bedtime stories. Under the Children’s Online Privacy Protection Act (COPPA), this is treated as personal information of a child collected with verifiable parental consent. By providing this information to us, you confirm that you are the parent or legal guardian of the child described.

Our complete COPPA disclosure — including the categories of children’s information we collect, how we use it, and the controls available to parents — is published at https://parentwhisper.app/coppa.

Depending on where you live, you may have one or more of the following rights regarding the personal information we hold about you:

• Access — request a copy of the personal information we hold about you.
• Correction — request that we correct any inaccurate or incomplete information.
• Deletion — request that we delete your account and all associated personal information.
• Portability — receive an export of your data in a structured, commonly used, machine-readable format.
• Restriction — request that we limit the processing of your information in certain circumstances.
• Objection — object to certain processing activities, including processing based on legitimate interests.
• Withdraw consent — withdraw consent at any time where we are processing on the basis of consent.
• Lodge a complaint — complain to your local data-protection authority.

To exercise any of these rights, email support@parentwhisper.app. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature. Because no industry standard for honouring DNT signals has been finalised, we do not currently respond to them. That said, we do not engage in any cross-site tracking, so the practical effect is the same: we do not track you across other websites.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

We may update this notice from time to time. When we do, we will change the “Effective date” at the top of this page and, if the changes are material, we will notify you by email (to the address associated with your account) and ask you to re-accept the updated notice the next time you sign in. Older versions are available on request.

If you have questions or comments about this notice, you may:

• Email us at support@parentwhisper.app; or
• Write to us at: YCJW FBA LLC, Attn: Privacy, c/o Republic Registered Agent Inc., 3400 Cottage Way, Ste G2, Sacramento, CA 95825.

For data-protection inquiries specifically, our point of contact is reachable at support@parentwhisper.app.

Most of your data is editable from inside the app:

• Account — change your email, password, and communication preferences in Settings. Delete your account from the same page.
• Child profile— edit or delete your child’s first name and age band from Settings.
• Voice clones — re-record, replace, or delete any voice slot from Voice setup. Deleting a slot calls our provider’s delete-voice endpoint to remove the clone on their side as well.
• Stories — delete any individual story (text + audio) from your Library.
• Data export — request a copy of everything we hold about you by emailing support@parentwhisper.app.

When you delete your account, we delete the rows we hold for you and call our subprocessors to delete the corresponding records on their side. Some information may be retained where law requires (billing records, in particular, are subject to the 7-year retention described above).