Privacy Policy

Last updated: May 8, 2026

1. Introduction

Lullatale is operated by OLLOMS, a company registered in Poland. Lullatale ("we", "our", or "us") operates the Lullatale iOS mobile application (the "App") available at lullatale.app. This Privacy Policy describes what personal data we collect, how we use it, who we share it with, and your rights regarding that data.

By creating an account and using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Data We Collect

2.1 Parent account

Email address — used for login and account identification. We do not require or store a password; sign-in is performed with a one-time 6-digit code (OTP) sent to your email via Resend
Parental PIN (optional, 4 digits) — used to lock the in-app Settings screen so children cannot change configuration. The PIN is stored only as a bcrypt hash; the plaintext value is never saved
Language preference — determines the language of stories and interview questions

2.2 Child profile

You create a profile for each child. We collect:

First name — used to personalize stories
Age — used to calibrate story vocabulary and complexity
Gender (optional: Boy, Girl, Other) — used for story pronouns
Pronouns (optional) — overrides gender-based defaults
Interests (optional, list of strings) — used to personalise story themes
Story preferences — preferred length (Short / Medium / Long), narration voice

We do not collect location, school, full name, photos, or any biometric data.

2.3 Interview sessions

Each session consists of up to 5 questions about the child's day. We collect:

Text answers — typed or transcribed responses, stored in our database
Voice recordings — if your child uses the microphone, the audio is sent to OpenAI Whisper for transcription, then immediately deleted from our servers. We do not retain raw audio files
Timestamps — date and time of each session

2.4 Generated stories

Story title and full text — stored in our database
Audio narration (MP3) — generated by OpenAI TTS and stored on DigitalOcean Spaces (Frankfurt, EU). Audio files are served via DigitalOcean's CDN over signed or public URLs that contain only opaque, non-guessable identifiers
Cover and inline illustrations — generated by OpenAI's gpt-image-1 model and stored on DigitalOcean Spaces alongside the audio
Metadata — reading time, audio duration, illustration positions

2.5 Technical and usage data

API usage records — we log AI operation types and token counts for internal cost accounting. No personally identifiable information is stored in these records beyond your user ID
Authentication tokens — JWT tokens expire after 30 days and are stored in encrypted device storage (Apple Keychain via Expo SecureStore)
Subscription state — when you purchase a subscription, RevenueCat assigns an identifier tied to your account and tracks whether the entitlement is active. The server stores only a boolean "premium" flag on your user record. Monthly story counts are derived from the timestamps of stories you create — we don't store a separate counter

3. How We Use Your Data

→

Story generation: Your child's age, gender, and their interview answers are sent to OpenAI's API to generate a personalized story. The child's real name is replaced with an anonymous token before transmission and restored on our servers after the response is received.

→

Audio narration: Story text and interview questions are sent to OpenAI's TTS API to generate spoken audio.

→

Voice transcription: Voice recordings are sent to OpenAI's Whisper API to convert speech to text. The audio file is deleted immediately after transcription.

→

Image generation: Short, anonymized scene descriptions derived from the generated story are sent to OpenAI's gpt-image-1 model to create the cover and inline illustrations. The child's real name is never sent.

→

Story library: We store your history of sessions and generated stories so you can re-read or re-listen to them.

→

Authentication: Your email is used to deliver a one-time login code, and to issue a JWT session token after you enter that code in the App.

→

Subscription management: When you purchase a subscription, your purchase receipt is validated by Apple and forwarded to RevenueCat to determine your entitlement (free or premium).

We do not sell your data. We do not use your data for advertising.

4. Data Shared with Third Parties

We use a small number of vendors (data processors) to operate the App. Each is listed below with the purpose it serves, the data it receives, where it processes that data, and a link to its privacy policy. Before sending anything about your child to an AI provider, we replace your child's real name with an anonymous token [CHILD] and only restore the real name on our own servers.

Vendor	Purpose	Data shared	Region
OpenAI	Voice-to-text transcription, story & question generation, audio narration, illustration generation	Anonymized child token, age, gender category, interview answers, generated story text. No real name. Voice audio is deleted after transcription. Not used to train OpenAI models (API default).	USA
ElevenLabs Optional narration	Alternative voice narration provider when enabled	Generated story text only (with `[CHILD]` redaction). No real name, no voice recordings, no interview answers.	USA
DigitalOcean	Backend hosting, database, and storage for story audio & illustrations	All account and story data at rest, served over signed/opaque URLs	Frankfurt, EU
Expo / EAS	Mobile app build and distribution	Anonymized crash reports and build telemetry. No account data or story content.	USA
PostHog	Anonymous product analytics (which features get used)	Random device identifier and usage events only. No child name, age, voice, or story content. Session replay and autocapture are disabled; IP geo-resolution is disabled via `$geoip_disable`.	Frankfurt, EU
RevenueCat	Apple receipt validation and subscription entitlement management	Apple receipt, anonymous device identifier, and your account ID (UUID). No child data, voice, or story content.	USA
Resend	Delivery of one-time login codes by email	Parent email address only, for authentication delivery	EU
Apple App Store	App distribution and merchant of record for in-app purchases	Payment is handled by Apple directly — we never receive your card or other payment details.	As per Apple

Each vendor acts as a data processor on our behalf under its own terms (and, where applicable, a Data Processing Addendum). We do not share your data with any third parties beyond those listed above, and we do not sell your data or use it for advertising.

5. Children's Privacy (COPPA & GDPR-K)

Lullatale is a parent-facing application. Parents (or legal guardians) create and manage all accounts. Children do not create accounts, do not have direct login credentials, and do not independently provide personal information to us — all child data is entered and controlled by the parent.

Verifiable parental consent. By creating an account, adding a child profile, and accepting these Terms and this Privacy Policy, you represent that you are at least 18 years of age and the parent or legal guardian of each child whose profile you create, and you provide your verifiable consent for us to collect, store, and process the child-related data listed in Section 2 for the sole purpose of generating personalized stories. Consent can be withdrawn at any time by deleting the child profile or the entire account from the in-app Settings screen, which permanently and irreversibly removes the related data.

We collect child-related data (first name, age, optional gender/pronouns, optional interests, and interview answers) solely to provide the personalized story service. We do not use this data for advertising, behavioral profiling, cross-context tracking, or any purpose other than generating the stories requested by the parent.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and the GDPR provisions for children's data (Article 8 GDPR, "GDPR-K"). We do not knowingly allow children under 13 to create accounts. If you believe a child has independently submitted data without parental consent, contact us at [email protected] and we will delete it promptly.

6. Data Retention

Account and story data is retained for as long as your account is active. We do not automatically delete sessions or stories.

Voice recordings (raw audio) are deleted from our servers immediately after transcription. We do not retain audio of your child's voice.

Account deletion: You can delete your account at any time from the Settings screen in the App. Deleting your account permanently and irreversibly removes all associated data: your profile, all child profiles, all interview sessions, all messages, and all generated stories.

Story audio and illustrations: Generated MP3 narration files and image files are stored on DigitalOcean Spaces (Frankfurt, EU) and are deleted along with the corresponding story when you delete your account or remove the child profile.

7. Data Security

We implement appropriate technical safeguards:

All data in transit is encrypted via TLS/HTTPS
Authentication is passwordless: a one-time 6-digit code is emailed for each sign-in. We do not store account passwords
The optional 4-digit Settings PIN is stored only as a bcrypt hash (10 rounds) — the plaintext PIN is never written to disk or transmitted after entry
JWT session tokens are stored in encrypted device storage (Apple Keychain via Expo SecureStore) and expire after 30 days
Our servers are hosted on DigitalOcean's Frankfurt, EU region

No transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

Right of access: Request a copy of the personal data we hold about you.

Right to rectification: Correct inaccurate data directly in the App (Settings), or contact us.

Right to erasure ("right to be forgotten"): Delete your account from the App's Settings screen. This permanently removes all your data.

Right to data portability: Request an export of your data in a structured format. Contact us at [email protected].

Right to restrict processing: In certain circumstances, request that we stop processing your data. Contact us.

Right to object: Object to processing based on legitimate interests.

Right to lodge a complaint: You may file a complaint with your local data protection authority.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

9. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

Contract performance — processing your account data and generating stories is necessary to deliver the service you signed up for.
Legitimate interests — maintaining API usage logs for cost accounting and service stability.
Legal obligation — complying with applicable laws and responding to lawful requests.

10. International Data Transfers

Our servers, database, and media storage (DigitalOcean Spaces) are located in the EU (Frankfurt, Germany). PostHog analytics data is also stored in the EU. When we send data to OpenAI, RevenueCat, or Resend for processing, the data may be transferred to the United States. These transfers are covered by Standard Contractual Clauses (SCCs) ensuring GDPR-compliant data transfer. See OpenAI's Privacy Policy, RevenueCat's Privacy Policy, and Resend's Privacy Policy for details.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to delete — You may request deletion of your personal information. You can also delete your account directly from the App.
Right to opt-out of sale — We do not sell your personal information to third parties.
Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at [email protected]. We will respond within 45 days.

12. Changes to This Policy

We may update this Privacy Policy when our practices change. We will update the "Last updated" date at the top of this page. For significant changes, we will notify you via email or in-app notification. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions, data requests, or complaints:

OLLOMS (operator of Lullatale)

Email: [email protected]

Data Protection Officer: [email protected]

Website: lullatale.app