Privacy Policy

Last updated: August 4, 2025

Introduction

Welcome! At Bedtime Stories Inc, we keep things simple when it comes to your family's privacy. This policy explains exactly what we need to create magical, personalized bedtime stories for your child.

The simple truth: We only need your child's age range (3-5 or 5-8) to create age-appropriate stories. Character names are completely optional. Everything else is just the technical stuff needed to run the service.

Information We Collect

What We Actually Need

For Your Account:

  • Your email address (for login and account updates)
  • Payment information (securely handled by Stripe, we never see your card details)

For Your Stories:

  • Character names you choose (optional - can be any names, real or fictional)
  • Age range you select (required - either 3-5 or 5-8 for age-appropriate content)
  • Story preferences and settings you customize (optionally saved with character names and voices)

The Technical Stuff

Like any website, we automatically collect some technical information to keep things running smoothly:

  • Generated story content (text, audio, images) based on your preferences
  • Basic device info (to make sure the site works on your phone/computer)
  • Usage data (to fix bugs and improve the experience)
  • Cookies (to remember you're logged in)

How We Use Your Information

Here's exactly what we do with your information:

The Fun Stuff

  • • Create personalized stories with the character names you choose
  • • Generate age-appropriate magical adventures based on your selected range
  • • Save your favorite stories and access them anytime

The Practical Stuff

  • • Manage your account and subscription
  • • Process payments securely
  • • Send important account updates

AI Processing Note: Story text is generated using Anthropic Claude for creating personalized narratives. Text-to-speech conversion is handled by ElevenLabs for high-quality voice generation. Our backend services running on Hetzner European servers coordinate these AI services and store the final content in Supabase. We ensure all AI partners maintain strict data protection standards.

Bot Protection: We use Cloudflare for DNS and Turnstile captcha protection to protect against automated abuse and ensure platform security. Turnstile processes technical information (IP address, browser signals, TLS fingerprint) to distinguish humans from bots. This data is processed by Cloudflare Inc. (US) under their privacy policy. Turnstile does not use traditional cookies and collects minimal data solely for security purposes.

Analytics & Cookies: We use PostHog (European data region) for analytics and product improvement. PostHog uses cookies and local storage to track user sessions, feature usage, and platform performance. You can manage your cookie preferences and opt out of analytics tracking at any time. PostHog data is processed under their privacy policy with GDPR-compliant safeguards.

Children's Privacy & Parental Consent

Important: Parents & Guardians Only

Our service is designed exclusively for parents and guardians.Children under 13 should not create accounts or provide personal information directly. Only parents or legal guardians should sign up and use this service on behalf of their children.

No Direct Collection from Children: We do not knowingly collect personal information directly from children under 13. All child-related information (names, age ranges) is provided by parents through their adult accounts.

Parental Consent & Control: By creating an account and providing your child's information, you (as the parent/guardian) are giving consent for us to use that information to create personalized stories. You maintain complete control and can review, modify, or delete your child's data at any time.

Compliance with Children's Privacy Laws

We comply with children's privacy regulations including:

  • COPPA (US): Children's Online Privacy Protection Act
  • GDPR Article 8 (EU): Special protection for children's data
  • International Standards: Age-appropriate data protection globally

If we discover we have received personal information directly from a child without proper parental consent, we will delete it immediately.

Story Personalization

Here's the simple truth: We only use the character names and age ranges you choose to create personalized stories. That's it!

  • Only you decide what names to use for story characters
  • You choose the age range for appropriate content
  • You control everything and can delete data anytime
  • No marketing, no tracking, just magical stories

Data Storage & Protection

European Data Residency

Your data is stored primarily on European servers through Supabase's European data region, ensuring GDPR compliance and strong data protection standards. This includes our database, object storage, and authentication systems.

Security & Compliance

We implement enterprise-grade security measures including encryption, access controls, and regular security audits. For detailed technical security information, please see our comprehensive Security Policy.

Service Providers

We work with trusted partners who maintain strict data protection standards:

European Services:
  • Supabase (database, storage)
  • PostHog (analytics)
  • Hetzner (backend hosting)
Global Services:
  • Vercel (frontend hosting)
  • Anthropic Claude (story generation)
  • ElevenLabs (voice generation)
  • Google/Apple (optional login)

All partners maintain GDPR-equivalent protection standards through data processing agreements and appropriate safeguards.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share limited data only in these circumstances:

  • Service Providers: Trusted partners who help operate our service (hosting, payment processing, AI services) under strict data protection agreements
  • Legal Requirements: When required by law, court order, or to protect rights and safety
  • Business Transfers: In the event of a merger or acquisition, with equivalent privacy protection guarantees
  • Parental Consent: When explicitly authorized by parents/guardians

Your Privacy Rights

Easy Self-Service

You can delete your stories or entire account anytime directly from your account settings. No need to contact us - you're in complete control!

You also have these additional privacy rights:

  • Access: Request copies of your personal data
  • Correction: Fix any incorrect information
  • Data Export: Download your data in a readable format
  • Questions: Ask us anything about your privacy

Data Control

You're in Complete Control

You can delete your stories or entire account anytime directly from your dashboard. When you delete data, it's removed from our systems within 30 days.

We only keep data as long as you want us to. Payment records are retained as required by law, and analytics data is anonymized after 2 years for service improvement.

Policy Changes

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. When we make material changes:

  • We'll notify you via email at least 30 days before changes take effect
  • We'll update the "Last updated" date at the top of this policy
  • For changes affecting story content or personalization, we'll provide clear notification
  • You can review the current version at bedtime-stories.fun/privacy

Get in Touch

Have privacy questions or concerns? I'm here to help!

Email Me

hello@bedtime-stories.fun

This policy is effective as of the date listed above and applies to all users of Bedtime Stories Inc.