Privacy Policy

How YourBedtimeStory collects, uses, shares, and protects family data.

Effective date: 2026-03-13. Questions about privacy or these terms can be sent to privacy@yourbedtimestory.com or support@yourbedtimestory.com.

1. Controller identity and contact details

YourBedtimeStory is operated by Yourbedtimestory Inc., registered at [[REGISTERED ADDRESS, CITY, POSTAL CODE, COUNTRY]]. Privacy requests can be sent to privacy@yourbedtimestory.com, support questions to support@yourbedtimestory.com, and phone contact can be made at [[BUSINESS PHONE NUMBER]].

2. Information we collect and do not collect

We collect parent account identifiers, subscription and billing records, consent records, child profile preferences, story prompts and outputs, reminder settings, support messages, and device or security logs needed to operate the service. Some information is required to create an account, deliver a story, sync a subscription, or answer a support request. Optional items, such as marketing analytics consent, bedtime reminders, or marketing email preferences, can be withheld or switched off. We do not ask children to create standalone accounts, and we do not request children's email addresses, phone numbers, contacts, photos, videos, or precise geolocation.

3. How AI is used in the service

When you request a story or narration, we send the minimum prompt and account context needed to our AI, moderation, and text-to-speech providers so they can generate the requested output. Automated systems can make mistakes, so parents should review generated content before sharing it with a child.

4. Lawful bases for processing

We process data to provide the service you request, secure the platform, process payments, answer support requests, maintain records required by law, and prevent abuse or fraud. Where optional processing depends on consent, such as analytics on marketing pages, bedtime reminders, or marketing email, you can grant or withdraw consent through the available controls.

5. Service providers and disclosures

We use service providers for infrastructure, authentication, payments, AI generation, moderation, text-to-speech, email delivery, marketing analytics, and advertising. On consented marketing pages, we also use advertising platforms including Facebook Pixel, Facebook Conversions API (CAPI), and Google Ads to measure campaign performance. We share only the data reasonably needed for each provider to perform its services on our behalf and expect contractual privacy and security commitments where required.

6. International data transfers

Some service providers process data outside the European Economic Area or the United Kingdom. Where required, we rely on adequacy decisions, Standard Contractual Clauses, or another lawful transfer mechanism and assess those transfers as part of our compliance program.

7. Retention and deletion

We keep personal data only for as long as it is reasonably necessary to provide the service, maintain security, prevent fraud, resolve disputes, and meet legal obligations. When data is no longer needed, we delete it or irreversibly anonymize it according to our retention schedule.

8. Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, restrict, object to, or export personal data, and to withdraw consent. You can use in-app privacy controls or contact privacy@yourbedtimestory.com if you need help exercising those rights. If you are in the EEA or UK, you may also lodge a complaint with your local supervisory authority.

9. Children's privacy and parental controls

The service is intended to be set up and managed by a parent or legal guardian. Child profile names are stored locally on the device and are never transmitted to our servers. Stories use a placeholder that is substituted with the child's name on-device before display, so child names never leave the parent's device. We do not use child profile data for targeted advertising.

10. AI transparency and limitations

Stories, narration, moderation outcomes, and some safety decisions are created or assisted by automated systems. We use safety prompts, moderation, and operational review controls, but no automated system is perfect, and the service is not a substitute for parental judgment, medical advice, or mental-health advice.

11. Cookies and similar technologies

On web marketing pages, we use essential cookies for security and session continuity and optional analytics cookies only after consent. Protected app routes are designed to avoid non-essential tracking cookies, especially on child-directed or signed-in experiences.

12. Updates to this policy

When we make material changes, we will update the effective date above and provide additional notice where required by law before the changes take effect.

Current service-provider categories

  • Infrastructure and database hosting: Convex and Vercel.
  • Authentication and account session management: WorkOS.
  • Payment processing and subscription management: Paddle for web billing, Apple App Store / Google Play subscriptions managed through RevenueCat for mobile billing.
  • AI generation, moderation, and voice delivery: OpenAI, Anthropic, and Google AI / Google Cloud Text-to-Speech where enabled as primary or fallback providers.
  • Transactional email delivery and support communications: Resend.
  • Error monitoring and reliability: Sentry.

Cookie and tracking summary

  • Essential cookies may include convex_session, workos_auth, and cookie_consent to support authentication, security, and consent storage.
  • No third-party advertising or behavioural-tracking cookies are used on this domain. Product analytics (PostHog) runs server-side only on the parent device and does not set browser cookies.
  • Protected app routes and child-directed experiences are intended to avoid non-essential tracking cookies.

The marketing cookie banner lets you accept analytics, stay on essential-only settings, and reopen preferences later. You can also withdraw analytics consent from the banner or the in-app privacy controls where available.

How to exercise your rights

  • Use Settings to review consent choices, request a data export, or request account deletion.
  • Email privacy@yourbedtimestory.com from the account email address if you need help with access, correction, or deletion.
  • If you are in the EEA or UK, you may also complain to your local supervisory authority. In Poland, the supervisory authority is President of the Personal Data Protection Office (UODO).