Privacy Policy

Last updated: March 16, 2026

1. Introduction

Lullatale ("we", "our", or "us") operates the Lullatale iOS mobile application (the "App") available at lullatale.app. This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and your rights regarding that data.

By creating an account and using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Data We Collect

2.1 Parent account

  • Email address — used for login and account identification
  • Password — stored as a bcrypt hash; the plaintext password is never saved
  • Language preference — determines the language of stories and interview questions
  • Phone number (optional) — not currently required or used

2.2 Child profile

You create a profile for each child. We collect:

  • First name — used to personalize stories
  • Age — used to calibrate story vocabulary and complexity
  • Gender (optional: Boy, Girl, Other) — used for story pronouns
  • Pronouns (optional) — overrides gender-based defaults
  • Interests (optional, list of strings) — used to personalise story themes
  • Story preferences — preferred length (Short / Medium / Long), narration voice

We do not collect location, school, full name, photos, or any biometric data.

2.3 Interview sessions

Each session consists of up to 5 questions about the child's day. We collect:

  • Text answers — typed or transcribed responses, stored in our database
  • Voice recordings — if your child uses the microphone, the audio is sent to OpenAI Whisper for transcription, then immediately deleted from our servers. We do not retain raw audio files
  • Timestamps — date and time of each session

2.4 Generated stories

  • Story title and full text — stored in our database
  • Audio narration (MP3) — generated by OpenAI TTS and stored on our server
  • Metadata — reading time, audio duration

2.5 Technical and usage data

  • API usage records — we log AI operation types and token counts for internal cost accounting. No personally identifiable information is stored in these records beyond your user ID
  • Authentication tokens — JWT tokens expire after 30 days and are stored encrypted on your device

3. How We Use Your Data

Story generation: Your child's age, gender, and their interview answers are sent to OpenAI's API to generate a personalized bedtime story. The child's real name is replaced with an anonymous token before transmission and restored on our servers after the response is received.

Audio narration: Story text and interview questions are sent to OpenAI's TTS API to generate spoken audio.

Voice transcription: Voice recordings are sent to OpenAI's Whisper API to convert speech to text. The audio file is deleted immediately after transcription.

Story library: We store your history of sessions and generated stories so you can re-read or re-listen to them.

Authentication: Your email and password hash are used to verify your identity and issue session tokens.

We do not sell your data. We do not use your data for advertising.

4. Data Shared with Third Parties

OpenAI

We use OpenAI's API for three purposes: (1) Whisper for voice-to-text transcription, (2) GPT for generating interview questions and stories, and (3) TTS for audio narration.

We apply data minimization before sending any data to OpenAI: your child's real name is replaced with an anonymous token [CHILD] in all prompts and interview history sent to GPT. The real name is substituted back only after the response is received on our servers. Data sent to OpenAI includes: the anonymous token, your child's age, gender category (boy/girl/other), and the text of their interview answers. OpenAI processes this data as a data processor under its API terms. See OpenAI's Privacy Policy. OpenAI's API data is not used to train their models by default.

DigitalOcean

Our backend servers and database are hosted on DigitalOcean's infrastructure in the Frankfurt, Germany (EU) region. DigitalOcean processes data as a data processor and is GDPR-compliant. See DigitalOcean's Privacy Policy.

Expo / EAS (Expo Application Services)

The App is built and distributed via Expo's build infrastructure. Expo may collect anonymized crash reports and build telemetry. Expo does not have access to your account data or story content. See Expo's Privacy Policy.

PostHog (Analytics)

We use PostHog to collect anonymous product analytics — such as which features are used and how often — to improve the App. PostHog collects a random device identifier and usage events. We do not send your child's name, age, voice recordings, or story content to PostHog. Analytics data is stored on PostHog's EU servers (Frankfurt, Germany). Session replay and autocapture are disabled. See PostHog's Privacy Policy.

Resend (Email)

We use Resend to deliver one-time login codes to your email address. Resend processes your email address solely for the purpose of sending authentication emails. See Resend's Privacy Policy.

We do not share your data with any other third parties.

5. Children's Privacy (COPPA & GDPR-K)

Lullatale is a parent-facing application. Parents (or legal guardians) create and manage all accounts. Children do not create accounts and do not independently provide personal information to us — all child data is entered and controlled by the parent.

We collect child-related data (name, age, gender, and interview answers) solely to provide the personalized story service. We do not use this data for advertising, profiling, or any purpose other than generating the story requested by the parent.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and the GDPR provisions for children's data. We do not knowingly permit children under 13 to create accounts. If you believe a child has independently submitted data without parental consent, contact us at [email protected] and we will delete it promptly.

6. Data Retention

Account and story data is retained for as long as your account is active. We do not automatically delete sessions or stories.

Voice recordings (raw audio) are deleted from our servers immediately after transcription. We do not retain audio of your child's voice.

Account deletion: You can delete your account at any time from the Settings screen in the App. Deleting your account permanently and irreversibly removes all associated data: your profile, all child profiles, all interview sessions, all messages, and all generated stories.

Story audio files: Generated MP3 narration files are stored on our server and are also deleted when your account is deleted.

7. Data Security

We implement appropriate technical safeguards:

  • All data in transit is encrypted via TLS/HTTPS
  • Passwords are hashed with bcrypt (10 rounds) — we never store plaintext passwords
  • Authentication uses short-lived JWT tokens stored in encrypted device storage (SecureStore)
  • Our servers are hosted in a private network on DigitalOcean Frankfurt

No transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Correct inaccurate data directly in the App (Settings), or contact us.
Right to erasure ("right to be forgotten"): Delete your account from the App's Settings screen. This permanently removes all your data.
Right to data portability: Request an export of your data in a structured format. Contact us at [email protected].
Right to restrict processing: In certain circumstances, request that we stop processing your data. Contact us.
Right to object: Object to processing based on legitimate interests.
Right to lodge a complaint: You may file a complaint with your local data protection authority.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

9. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

  • Contract performance — processing your account data and generating stories is necessary to deliver the service you signed up for.
  • Legitimate interests — maintaining API usage logs for cost accounting and service stability.
  • Legal obligation — complying with applicable laws and responding to lawful requests.

10. International Data Transfers

Our servers are located in the EU (Frankfurt, Germany). When we send data to OpenAI for processing, the data may be transferred to the United States. OpenAI's API services are covered by Standard Contractual Clauses (SCCs) ensuring GDPR-compliant data transfer. See OpenAI's Privacy Policy for details.

11. Changes to This Policy

We may update this Privacy Policy when our practices change. We will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or in-app notification. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions, data requests, or complaints:

Lullatale

Email: [email protected]

Website: lullatale.app