Skip to main content

Privacy Policy

Last updated: February 1, 2026

Introduction

Welcome! At Bedtime Stories, we keep things simple when it comes to your family's privacy. This policy explains exactly what we need to create magical, personalized bedtime stories for your child.

The simple truth: We only need your child's age range (3-4, 5-6, 7-8, or 9-12 years) to create age-appropriate stories. Character names are completely optional. Everything else is just the technical stuff needed to run the service.

Information We Collect

What We Actually Need

For Your Account:

  • Your email address (for login and account updates)
  • Payment information (securely handled by Stripe, we never see your card details)

For Your Stories:

  • Character names you choose (optional - can be any names, real or fictional)
  • Age range you select (required - 3-4, 5-6, 7-8, or 9-12 years for age-appropriate content)
  • Story preferences and settings you customize (optionally saved with character names and voices)

The Technical Stuff

Like any website, we automatically collect some technical information to keep things running smoothly:

  • Generated story content (text, audio, images) based on your preferences
  • Basic device info (to make sure the site works on your phone/computer)
  • Usage data (to fix bugs and improve the experience)
  • Cookies (to remember you're logged in)

How We Use Your Information

Here's exactly what we do with your information:

Story Creation

  • Create personalized stories with the character names you choose
  • Generate age-appropriate magical adventures based on your selected range
  • Save your favorite stories and access them anytime

Account Management

  • Manage your account and subscription
  • Process payments securely
  • Send important account updates

AI Processing Note: Story text is generated using Anthropic Claude for creating personalized narratives. Story images are created through OpenAI using only story-related prompts. Text-to-speech conversion is handled by ElevenLabs for high-quality voice generation. AI content safety is monitored through Helicon AI services. Our backend services running on Hetzner European servers coordinate these AI services and store the final content in Supabase. We ensure all AI partners maintain strict data protection standards.

Bot Protection: We use Cloudflare for DNS and Turnstile captcha protection to protect against automated abuse and ensure platform security. Turnstile processes technical information (IP address, browser signals, TLS fingerprint) to distinguish humans from bots. This data is processed by Cloudflare Inc. (US) under their privacy policy. Turnstile does not use traditional cookies and collects minimal data solely for security purposes.

Analytics & Cookies: We use PostHog (European data region) for analytics and product improvement. PostHog uses cookies and local storage to track user sessions, feature usage, and platform performance. You can manage your cookie preferences and opt out of analytics tracking at any time. PostHog data is processed under their privacy policy with GDPR-compliant safeguards. For more details, see our Cookie Policy.

Error Monitoring: We use Sentry to detect and fix technical issues. Sentry does not use cookies and we have disabled personal data collection.

Email Communications: Transactional emails (account confirmations, password resets) are sent via ZeptoMail, a GDPR-compliant email service hosted in Europe.

Children's Privacy & Parental Consent

Important - Parents & Guardians Only

Our service is designed exclusively for parents and guardians. Children under 13 should not create accounts or provide personal information directly. Only parents or legal guardians should sign up and use this service on behalf of their children.

No Direct Collection from Children: We do not knowingly collect personal information directly from children under 13. All child-related information (names, age ranges) is provided by parents through their adult accounts.

Parental Consent & Control: By creating an account and providing your child's information, you (as the parent/guardian) are giving consent for us to use that information to create personalized stories. You maintain complete control and can review, modify, or delete your child's data at any time.

Compliance with Children's Privacy Laws

We comply with children's privacy regulations including:

  • COPPA (US): Children's Online Privacy Protection Act
  • GDPR Article 8 (EU): Special protection for children's data
  • International Standards: Age-appropriate data protection globally

If we discover we have received personal information directly from a child without proper parental consent, we will delete it immediately.

Story Personalization

Here's the simple truth: We only use the character names and age ranges you choose to create personalized stories. That's it!

  • Only you decide what names to use for story characters
  • You choose the age range for appropriate content
  • You control everything and can delete data anytime
  • No marketing emails, minimal analytics tracking, just magical stories

Data Storage & Protection

European Data Residency

Your data is stored primarily on European servers through Supabase's European data region, ensuring GDPR compliance and strong data protection standards. This includes our database, object storage, and authentication systems.

Security & Compliance

We implement enterprise-grade security measures including encryption, access controls, and regular security audits. For detailed technical security information, please see our comprehensive Security Policy.

Service Providers

We work with trusted partners who maintain strict data protection standards:

European Services:
  • Supabase (database, storage)
  • PostHog (analytics)
  • Hetzner (backend hosting)
Global Services:
  • Vercel (frontend hosting)
  • Anthropic Claude (story generation)
  • ElevenLabs (voice generation)
  • Google/Apple (optional login)

All partners maintain GDPR-equivalent protection standards through data processing agreements and appropriate safeguards.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share limited data only in these circumstances:

  • Service Providers: Trusted partners who help operate our service (hosting, payment processing, AI services) under strict data protection agreements
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In the event of a merger or acquisition, with equivalent privacy protection guarantees
  • Parental Consent: When explicitly authorized by parents and guardians

Your Privacy Rights & Data Control

You're in Complete Control

You can delete your stories or entire account anytime directly from your account settings. When you delete data, it's removed from our systems within 30 days. No need to contact us - you're in complete control!

Additional Privacy Rights

  • Access: Request copies of your personal data
  • Correction: Fix any incorrect information
  • Data Export: Download your data in a readable format
  • Questions: Ask us anything about your privacy

Data Retention

We only keep data as long as you want us to. Payment records are retained for 7 years as required by Dutch tax law, and analytics data is anonymized after 2 years for service improvement.

Policy Changes

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. When we make material changes:

  • We'll notify you via email at least 30 days before changes take effect
  • We'll update the "Last updated" date at the top of this policy
  • For changes affecting story content or personalization, we'll provide clear notification
  • You can review the current version at bedtime-stories.fun/privacy

Get in Touch

Have privacy questions or concerns? I'm here to help!

Related: Security Policy | Cookie Policy

This policy is effective as of the date listed above and applies to all users of Bedtime Stories.

Privacy Policy for Bedtime Stories, the leading AI-powered personalized children's story platform. Key privacy highlights: COPPA and GDPR compliant, European data residency (Frankfurt, Germany), only child's first name collected for personalization (optional), no tracking of children. Parents maintain complete control over all data and can delete anytime. Payment handled securely by Stripe (we never see card details). AI processing: Anthropic Claude for stories, ElevenLabs for voices, OpenAI for images. All AI partners maintain strict data protection standards. No selling of personal information. Analytics opt-in only (PostHog EU).