Privacy Policy

1. Scope & Controller

This Privacy Policy applies to the DF: Bedtime Stories for Kids mobile application and any associated websites, services, features, and content (collectively, the “Service”). The data controller for the Service is DF: Bedtime Stories for Kids. If you need to contact our privacy team, please email [email protected] (Attn: Privacy Officer).

This policy does not create any contractual rights beyond those set out in our Terms of Use. This policy is intended to be clear and legally compliant, but it is not legal advice — if you need legal advice please consult a qualified attorney.

2. Information We Collect

We collect information you provide to us and information collected automatically when you use the Service. Examples include:

User-provided information

• Account and contact data: email address, display name, in-app profile information.
• Uploaded photos & documents: images, audio, and other files you upload for processing or to create stories, illustrations, or other content. We store uploaded media to perform the Service and to allow you to manage and re-use content you created.
• Messages & support communications: any content you send to our support team or include in feedback forms.
• Parental verification data: when required to comply with children's privacy laws we may collect proof of parental/guardian identity or consent (e.g., email confirmation, government ID where legally required and only if you explicitly provide it).

Automatically collected information

• Usage and analytics: interactions with the app (screens viewed, features used, timestamps, crash reports).
• Device & technical data: device model, operating system, app version, IP address, language and locale, unique device identifiers.
• Cookies & similar technologies: small files stored on your device or device identifiers used for session management, preferences, analytics, and advertising controls.

Sensitive data: We do not intentionally request or retain personal data that is legally considered “sensitive” (e.g., race, religion, health) except where you voluntarily provide such information in a message or uploaded content. If you or a child submits sensitive data, you understand and consent to our processing of that content for the limited purposes described in this policy.

3. How We Use Personal Data — Purposes & Legal Bases

We process personal data for the following purposes and rely on the legal bases described below (for EU users, legal bases are stated in accordance with the GDPR):

Where we rely on consent, you may withdraw consent at any time by contacting us or using the app’s settings (withdrawal does not affect processing already completed lawfully prior to the withdrawal).

4. Sharing & Third-Party Partners

To provide the Service we share personal data with service providers and partners who process data on our behalf or provide tools that operate the Service. We require partners to protect personal data and to process it only on our instructions.

Possible partners (processors and service providers)

We may share your uploaded photos, documents, and related information with the following partners for processing, storage, analytics, CDN, and other operational reasons:

• Vercel Inc.
• Cloudflare Inc.
• OpenAI OpCo LLC
• X.AI Corp.
• Google LLC
• Anthropic PBC
• Replicate Inc
• Eleven Labs Inc
• Mistral AI
• Amazon Web Services Inc.

We also use analytics services including Amplitude, Inc. (amplitude.com) to understand app usage and improve the Service.

Why we share

• To perform processing you request (for example: using a partner's machine-learning service to generate story imagery or audio from an uploaded photo).
• To store and deliver content (CDNs, cloud storage).
• To analyze and improve the app (analytics providers).
• To comply with legal obligations or protect rights (in response to lawful requests from public authorities).

Some partners may be located outside your country. When we transfer personal data internationally we use appropriate safeguards such as Standard Contractual Clauses or rely on other lawful transfer mechanisms where permitted by law.

5. Analytics, Cookies & Tracking

We and our partners use cookies, device identifiers, and similar technologies for the purposes described in this policy, including essential app functionality, analytics (Amplitude), and performance monitoring. Most devices and browsers allow you to control cookies and tracking — see your device or browser settings for details. You may also be able to opt out of certain analytics tracking via in-app controls or by contacting us.

6. Data Retention

We retain personal data only as long as is necessary to provide the Service, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

• Uploaded media (photos, audio): retained until you delete them from the app or your account is closed, and for a limited backup period thereafter (we typically retain backups for up to 30 days after deletion, except where law requires otherwise).
• Account and profile data: retained while your account is active and as required to comply with our legal obligations.
• Analytics and logs: aggregated or anonymized analytics are retained for product improvement; logs may be retained for up to 24 months subject to aggregation and anonymization.

If you need a different retention schedule (for legal reasons), please contact us at [email protected].

7. Security

We implement reasonable organizational, technical, and administrative safeguards to protect personal information against unauthorized access, loss, misuse, and alteration. These safeguards include access controls, encryption in transit and at rest where supported by our providers, and regular security assessments.

No system is perfectly secure; if we become aware of a security incident that poses a risk to your rights or freedoms, we will follow applicable legal requirements (including notification to affected users and regulators when required by law).

8. Children's Privacy

The Service is designed for children and families. We take special care with data about children.

• Parental consent: For users in jurisdictions where parental consent is required (e.g., under COPPA in the United States for children under 13), we rely on verifiable parental consent before collecting personal information from children. Where applicable, we will request parental contact information and evidence of consent through approved verification methods.
• Limited collection: We only collect personal information about children that is reasonably necessary to provide the Service (for example, to create and deliver a customized story that uses a child's uploaded photo).
• Parental rights: Parents and guardians can review, access, correct, or request deletion of their child’s personal data by contacting us at [email protected]. We will take reasonable steps to verify the identity of the requester before fulfilling such requests.
• If you believe we have collected a child’s personal data without appropriate consent: please contact us immediately and we will investigate and take appropriate action, including deletion of the data as required by law.

9. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information. Examples include:

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of personal data we hold about you (subject to legal exceptions).
• Portability: request an export of the personal data you provided in a commonly used, machine-readable format.
• Restriction/Objection: object to or request restriction of certain processing (e.g., profiling or direct marketing).
• Withdraw consent: where processing is based on consent, you may withdraw consent at any time.
• California residents (CCPA/CPRA): you may request disclosure of categories of personal information collected, the purposes for which it was used, and the categories of third parties with whom it was shared; you may also request deletion and exercise opt-out rights for sale/sharing where applicable.

To exercise your rights, please contact us at [email protected] or use in-app controls where available. We will take steps to verify your identity before responding. We aim to respond to verifiable requests without undue delay and in accordance with applicable law.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to request certain information about our data collection and sharing practices, the right to request deletion, and the right to opt out of the sale or sharing of personal information.

Do we sell personal information? We do not knowingly sell personal information for monetary consideration. If we ever do engage in activities that constitute a “sale” or “sharing” under applicable California law we will comply with notice and opt-out requirements and provide a “Do Not Sell or Share My Personal Information” mechanism.

To submit a request under California law, contact us at [email protected] with “California Privacy Request” in the subject line. We will verify your request in accordance with law.

11. Third-Party Links & Services

The Service may contain links to third-party websites or services that are not controlled by us. This policy does not apply to third-party services. We encourage you to review the privacy notices of third parties before providing your data to them.

12. International Transfers

Your personal information may be processed and stored in countries other than the country where you live. We take steps to ensure adequate protection for transfers (for example contractual protections, Standard Contractual Clauses, or reliance on adequacy decisions where available).

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will post a notice in the app and update the Effective Date above. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Privacy Officer
DF: Bedtime Stories for Kids
Email: [email protected]

If you are an EU resident, you also have the right to lodge a complaint with your local data protection authority. If you are in the United States and believe your privacy rights have been violated, you may have other remedies depending on local law.

15. Legal Disclaimer

This Privacy Policy is intended to describe our practices in clear terms and to be legally compliant with many common privacy laws. It does not create any contractual rights beyond those set out in our Terms of Use. This policy is not legal advice; consult a qualified attorney for legal counsel tailored to your situation.