Privacy Policy

TalePop ("we", "us", "our") is an AI-powered personalised children's story service operated by [Your Company Name] ABN [XX XXX XXX XXX], based in Australia. We take your privacy - and the privacy of your children - seriously. This policy explains what information we collect, why we collect it, and how we protect it.

Contact: hello@talepop.com

Account information. When you sign up, we collect your email address and (optionally) your name. If you use Google Sign-In, we receive your name and email from Google.

Parental consent record. At sign-up, we record your confirmation that you are 18 years of age or older and are acting as the parent or legal guardian of the child whose profile you create. This consent record is stored with your account.

Child profile information. To generate personalised stories, you provide details about your child including their name, age, gender, interests, and optionally appearance (hair colour, eye colour), siblings, friends, pets, and general location (city/country). This information is used solely to generate stories and is never shared with third parties for marketing purposes.

Generated stories. We store the stories we create for you so you can access them at any time.

Usage data. We collect basic usage information (number of stories generated, subscription status) to manage your account and enforce usage limits.

Payment information. Payments are processed by Stripe. We do not store your credit card details - Stripe handles all payment data under their own privacy and security standards.

Feedback. If you submit an app rating or comment through the in-app feedback feature, we store your rating and comment.

Where the UK GDPR, EU GDPR, or similar laws apply, we rely on the following legal bases under Article 6:

For child profile data specifically, we additionally rely on the explicit parental consent you provide at account creation, as required by COPPA (US) and the UK Age Appropriate Design Code.

We understand that information about children is particularly sensitive. Our service is designed for parents and guardians - children do not create accounts or interact directly with our platform.

Parental consent. Before collecting any child profile data, we require you to confirm that you are 18 or older and are acting as the parent or legal guardian. Your consent is recorded with a timestamp at account creation. Because you must provide a valid payment method to subscribe, this also satisfies the credit card + email verification method of verifiable parental consent under the US Children's Online Privacy Protection Act (COPPA).

What we collect about your child. Name, age, gender, interests, optionally appearance (hair colour, eye colour), and optionally siblings' names, friends' names, pet name/type, and general location (city/country for story setting). We never collect precise GPS location, biometric data, or school details.

How we use it. Child profile information is used exclusively to generate personalised stories for your family. We do not use this information for advertising, profiling for commercial purposes, or any purpose beyond story creation.

Profiling. We use child profile data to personalise story content. We do not create behavioural profiles, serve targeted advertising, or use child data to inform decisions about other products or services. Personalisation is limited to the story generation purpose and is not enabled for any other use.

Data minimisation. All child profile fields beyond name and age are optional. We encourage you to share only what is needed to create stories you are happy with.

Retention. Child profile data is retained for as long as your account is active. If you delete a child profile, the associated data is deleted within 7 days. If you delete your account, all child data is deleted within 30 days. We do not retain child data beyond what is necessary for the purpose of story generation.

Your rights as a parent. You may at any time review, correct, or delete your child's profile through the app. To request a full export or deletion of your child's data, contact us at hello@talepop.com. We will respond within 30 days.

• To generate personalised stories based on your child's profile
• To manage your subscription and process payments via Stripe
• To send transactional emails (password reset, subscription confirmation)
• To improve our service using anonymised, aggregated usage data
• To respond to support requests

We do not send marketing emails without your explicit consent. We do not sell your data to any third party.

We use the following third-party services to operate TalePop:

• Supabase - database and authentication (supabase.com/privacy)
• Anthropic - AI story generation via the Claude API (anthropic.com/privacy)
• Replicate - AI illustration generation (replicate.com/privacy)
• Stripe - payment processing (stripe.com/privacy)
• Vercel - hosting and deployment (vercel.com/privacy)

Each service operates under its own privacy policy. We share only the minimum information necessary for each service to function. Child profile data is transmitted to Anthropic (for story generation) and Replicate (image generation prompts only - no personal details). We have assessed these processors and are satisfied they meet appropriate data protection standards.

Our primary data storage is in Australia (Supabase, ap-southeast-2 region). When you use our service from the United Kingdom or European Economic Area, your data is transferred to Australia and to our US-based processors (Anthropic, Replicate, Stripe, Vercel).

Australia does not currently have a formal EU adequacy decision. For transfers of your personal data outside the UK/EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the relevant supervisory authorities, and/or the contractual necessity exception where applicable. You may request a copy of the applicable transfer safeguards by contacting us.

Your data is stored on servers in Australia (ap-southeast-2 region) via Supabase. We use industry-standard security measures including encryption at rest and in transit (TLS 1.2+).

We retain your account and story data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for 7 years under Australian tax law).

You have the right to:

• Access the personal information we hold about you and your child
• Correct inaccurate information
• Request deletion of your account and associated data (including child data)
• Export your stories in a readable format
• Withdraw consent for optional data uses at any time
• Object to processing based on legitimate interests
• Restrict processing in certain circumstances

To exercise these rights, contact us at hello@talepop.com. We will respond within 30 days.

Right to complain. If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection authority:

• Australia: Office of the Australian Information Commissioner (OAIC) - oaic.gov.au
• United Kingdom: Information Commissioner's Office (ICO) - ico.org.uk
• European Union: Your national data protection authority

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-app notice. Continued use of the service after changes means you accept the updated policy.

Privacy questions or concerns? Email us at hello@talepop.com

We aim to respond within 2 business days.

Postal address: [Your registered business address]