Your privacy matters

This Privacy Policy explains how TaleTrail ("we", "us", or "our") collects, uses, and protects information when you use our platform. By using TaleTrail, you agree to the practices described here.

We collect only what is necessary to provide the TaleTrail experience:

• Account information — parent or guardian email address, password (hashed), and subscription status.
• Child profile data — first name, age range, and preferred story themes. We never collect a child's full name, school, or location.
• Usage data — stories read, words looked up, and session duration. Used solely to improve personalization.
• Payment data — handled entirely by Stripe. We never store card numbers or billing details on our servers.
• Device data — browser type and operating system for technical support purposes only.

We do not collect photos, voice recordings, or any biometric data.

• To generate personalized stories matched to your child's age and interests.
• To process subscription payments securely via Stripe.
• To send transactional emails (receipts, account updates) to the parent email only.
• To improve our AI models and content quality.
• To comply with legal obligations.

We will never sell your data, use it for advertising, or share it with third parties for marketing purposes.

We share data only with essential service providers under strict data processing agreements:

• Stripe — payment processing.
• OpenAI — story and image generation. Prompts are not used to train OpenAI's public models.
• Cloud hosting provider — secure infrastructure (data stored in the EU/US).

No data is shared with advertisers, data brokers, or analytics platforms that track users across the web.

We comply with the Children's Online Privacy Protection Act (COPPA) and applicable children's data protection laws globally. Specifically:

• We do not knowingly collect personal data directly from children under 13.
• Parental consent is required before creating a child profile.
• Parents may request deletion of all data at any time by emailing contact@taletrail.io.

Depending on your location, you have the right to:

• Access the data we hold about you and your child.
• Correct inaccurate information.
• Request deletion of your account and all associated data.
• Object to or restrict certain processing activities.
• Data portability — receive your data in a machine-readable format.

To exercise any of these rights, contact us at contact@taletrail.io. We will respond within 30 days.

We use industry-standard security measures including encryption in transit (TLS 1.3) and at rest, access controls, and regular security audits.

Account data is retained for as long as your subscription is active, plus 90 days after cancellation to allow reactivation. After that, all personal data is permanently deleted. Anonymized usage statistics may be retained indefinitely.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email at least 14 days in advance. Your continued use of TaleTrail after changes take effect constitutes acceptance of the updated policy.