Privacy Policy
Your Privacy Matters
At Tinytales, we are committed to protecting your privacy and the privacy of children who use our service. This Privacy Policy explains how we collect, use, and safeguard your information.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored securely and encrypted)
- Account preferences and settings
- Subscription status and billing information (processed by LemonSqueezy)
1.2 Child Information for Story Personalization
To create personalized stories, we collect:
- Child's first name (for story personalization only)
- Child's age (to ensure age-appropriate content)
- Interests and themes for story generation
- Any specific topics or challenges to address in stories
Important: We do not collect last names, addresses, phone numbers, or any other personally identifiable information about children beyond what is necessary for story creation.
1.3 Generated Content
We store:
- Stories you create and generate
- Images and audio files associated with your stories
- Story ratings and community interactions
- Usage patterns and preferences to improve our service
2. How We Use Your Information
We use your information exclusively for:
- Story Creation: Personalizing stories with your child's name, age, and interests
- Service Delivery: Providing account access, managing subscriptions, and delivering content
- Content Moderation: Ensuring all generated content is safe and age-appropriate
- Service Improvement: Analyzing usage patterns to enhance our AI and user experience
- Communication: Sending important account updates and service notifications
- Legal Compliance: Meeting our obligations under data protection laws
3. Children's Privacy (COPPA Compliance)
Special Protections for Children
We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar laws worldwide that protect children's privacy online.
3.1 Parental Consent
- Parents/guardians must create accounts and provide consent for children under 13
- Only parents can input their child's information for story personalization
- Parents maintain full control over their child's data at all times
- Children cannot directly create accounts or provide personal information
3.2 Limited Data Collection
- We collect only the minimum information necessary for story personalization
- No behavioral tracking or profiling of children
- No third-party advertising or marketing to children
- No sharing of children's information with third parties for commercial purposes
3.3 Parental Rights
Parents have the right to:
- Review all information we have collected about their child
- Request deletion of their child's information
- Refuse further collection or use of their child's information
- Contact us with questions about our children's privacy practices
4. Data Storage and Security
4.1 Security Measures
We implement industry-standard security measures:
- Encryption of data in transit and at rest
- Secure authentication and access controls
- Regular security audits and updates
- Limited employee access on a need-to-know basis
- Secure hosting infrastructure with Fly.io
4.2 Data Location
Your data is stored:
- Application Data: Hosted on Fly.io servers with PostgreSQL database
- Files (Images/Audio): Stored securely on Tigris object storage
- Geographic Location: Servers located in data centers with appropriate security certifications
5. Third-Party Services
We work with trusted third-party services to deliver our features:
OpenAI
Processes story prompts to generate personalized content, images, and audio. Subject to OpenAI's privacy policy and data processing terms.
Tigris Storage
Securely stores generated images and audio files. Data is encrypted and access-controlled.
LemonSqueezy
Processes subscription payments and billing. We do not store your payment information - it's handled entirely by LemonSqueezy's secure systems.
LogSnag
Provides analytics and monitoring for service improvement. Only aggregated, non-personal data is shared.
We carefully vet all third-party services and ensure they meet our privacy and security standards. We do not share personal information with third parties for their own marketing purposes.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:
- Community Library: All created stories are automatically shared in our public community library
- Service Providers: With trusted third parties who help us operate our service (as described above)
- Legal Requirements: When required by law, court order, or to protect rights and safety
- Business Transfer: In the event of a merger or acquisition (with continued privacy protections)
7. Community Features
All stories you create are automatically shared in our community library:
- All generated stories become publicly viewable to other users by default
- Your child's first name will appear in shared stories
- Other personal information is never shared publicly
Important: By creating stories on Tinytales, you consent to sharing them in our community library. This helps other families discover wonderful stories and builds our collaborative storytelling community.
8. Your Rights and Choices
8.1 Access and Control
You have the right to:
- Access all personal information we hold about you and your child
- Correct or update any inaccurate information
- Delete your account and all associated data
- Restrict or object to certain processing activities
8.2 Account Settings
Through your account settings, you can:
- Update your email address and account preferences
- Manage your subscription and billing information
8.3 Communication Preferences
You can opt out of non-essential communications at any time. We will always send important service updates and security notifications.
9. Data Retention
We retain your information only as long as necessary:
- Active Accounts: Data is retained while your account is active
- Inactive Accounts: We may delete accounts inactive for over 2 years
- Account Deletion: Most data is deleted immediately upon account deletion
- Legal Requirements: Some data may be retained longer for legal compliance
- Backups: Data in backups is deleted according to our backup retention schedule
If you request account deletion, we will delete your personal information within 30 days, except where longer retention is required by law.
10. International Data Transfers
Tinytales operates internationally, and your data may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Transfers within the EU/EEA are considered adequate
- Transfers outside the EU/EEA use appropriate safeguards such as Standard Contractual Clauses
- All third-party services we use provide appropriate data protection guarantees
- We regularly review and update our international transfer mechanisms
11. Updates to This Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last updated" date at the top of this policy
- We will notify you of significant changes via email or in-app notification
- We will never reduce your privacy rights without your explicit consent
- You can review the current policy at any time on our website
Continued use of our service after policy updates constitutes acceptance of the new terms.
12. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on:
- Contract Performance: Processing necessary to provide our service to you
- Legitimate Interest: Improving our service and ensuring security
- Legal Obligation: Complying with applicable laws and regulations
- Consent: For children's data and certain marketing communications
13. Contact Information
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Website: https://tinytales.io
Twitter: https://twitter.com/codestirring
For GDPR requests: If you are in the EU and wish to exercise your data protection rights, please contact us via Twitter with "GDPR Request" in your message.
Our Commitment
At Tinytales, protecting your privacy and your child's privacy is fundamental to everything we do. We are committed to transparency, security, and giving you full control over your personal information. Thank you for trusting us with your family's storytelling journey.