Welcome to StoryMind! We are committed to protecting the privacy of children and their families. This Privacy Policy explains how we collect, use, and safeguard information when you use our mobile application.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Parent/guardian email address
• Child's first name and age
• Password (encrypted)

1.2 Content Created by Children

• Stories written by your child
• Drawings and illustrations
• Progress and achievement data
• Learning preferences and interests

1.3 Usage Information

• App features used
• Time spent in the app
• Device type and operating system
• Crash reports and error logs

1.4 Payment Information

For premium subscriptions, payment processing is handled securely by Apple App Store or Google Play Store. We do not store credit card information.

2. How We Use Information

We use the collected information to:

• Provide personalized story creation experiences
• Track learning progress and achievements
• Improve our AI tutoring and feedback systems
• Send important account and service updates
• Provide customer support
• Ensure app security and prevent fraud
• Comply with legal obligations

3. COPPA Compliance

StoryMind is designed for children and complies with the Children's Online Privacy Protection Act (COPPA):

• We obtain verifiable parental consent before collecting any personal information from children
• We collect only the minimum information necessary to provide our services
• Parents can review, delete, or refuse further collection of their child's information
• We do not condition a child's participation on providing more information than necessary
• We do not share children's information with third parties for marketing purposes

4. Data Storage and Security

We take data security seriously:

• All data is encrypted in transit using HTTPS/TLS
• Data at rest is encrypted using industry-standard encryption
• We use secure cloud infrastructure (AWS/Google Cloud)
• Access to data is strictly limited to authorized personnel
• We regularly audit our security practices
• We do not sell or rent personal information to third parties

5. Third-Party Services

We use the following third-party services:

• Clerk: Provides secure authentication and account management. Handles parent email addresses and encrypted login credentials. Data is protected according to Clerk's privacy policy and security standards.
• OpenAI: Powers our AI story generation and tutoring features. Stories are processed according to OpenAI's privacy policy and are not used to train their models.
• ElevenLabs: Provides text-to-speech narration. Audio is generated on-demand and not stored by ElevenLabs.
• RevenueCat: Manages subscription billing. Does not access story content or personal information beyond what's necessary for payment processing.
• Analytics: We may use privacy-focused analytics to understand app usage patterns. No personally identifiable information is shared.

6. Parental Rights

Parents and guardians have the right to:

• Review all information collected about their child
• Request deletion of their child's information
• Refuse further collection of their child's information
• Export all data in a portable format
• Update or correct any information

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

7.1 Retention Periods by Data Type

• Account & Profile Data: While account is active, or 24 months after last login
• Stories & Educational Content: While account is active, deleted within 30 days of account deletion
• System & Error Logs: 90 days, then automatically deleted
• Analytics Data (Anonymized): Up to 24 months for service improvement
• Payment Records: 7 years (required for tax and legal compliance)

7.2 Account Deletion Process

When you request account deletion:

• Immediate: Account access is disabled
• 7-day grace period: You can cancel the deletion request
• Within 30 days: All personal information permanently deleted from active systems
• Within 90 days: Data removed from all backups
• Exception: Payment transaction records retained for 7 years per legal requirements

7.3 Inactive Account Policy

For account security and data minimization:

• 18 months: Email reminder sent if no login activity
• 21 months: Final warning about pending deletion
• 24 months: Account automatically deleted if no response

7.4 Backup Retention

• Daily backups: Retained for 7 days
• Weekly backups: Retained for 4 weeks
• Monthly backups: Retained for 12 months

Deleted data remains in backups until backup expiration, but backups are only restored for disaster recovery.

8. International Users

StoryMind is based in the United States. By using our app, you consent to the transfer and processing of information in the U.S. and other countries where we operate.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

• In-app notification
• Email to the address on file
• Updated "Last Updated" date at the top of this policy

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: