Privacy Policy

1. Introduction

MakeMyTale ("we", "our", or "us") is committed to protecting the privacy of everyone who uses our app, especially children. This Privacy Policy explains what information we collect, why we collect it, how it is used, and your rights regarding your data.

This policy applies to the MakeMyTale iOS application and all related services. By using MakeMyTale, you agree to the terms described here.

If you are a parent or guardian and you have questions about your child's data, please contact us at privacy@makemytale.com.

2. Information We Collect

We collect only the minimum information necessary to provide our service.

• Email address (required for account creation; stored in device Keychain)
• Parent or guardian's display name
• Password (stored as a secure hash — never in plain text)

• Child's first name (kidName) — used to personalise story generation; stored on-device and in your account; never shared with AI providers
• Child's age — required to verify eligibility and apply COPPA protections; encrypted on-device with AES-GCM (CryptoKit) before storage

• Stories you generate and save as favourites
• Story preferences (characters, themes, language)
• In-app coin balance and purchase history
• Subscription status and expiry date (Apple-ID-scoped; stored locally and in Firestore)
• Referral codes you create or apply

• Device model and operating system version
• App version
• Crash reports and performance diagnostics
• Anonymised usage analytics (screens visited, features used)
• IP address (used for country detection only; not stored beyond the session)

• Precise GPS location
• Contacts or address book data
• Photos, camera, or microphone data
• Advertising identifiers (IDFA) for targeted advertising
• Any biometric data

3. How We Use AI to Generate Stories

MakeMyTale uses artificial intelligence to create personalised stories. When you request a story, the following information is sent to our AI service provider:

• Your selected story parameters (theme, characters, moral lesson, length)
• Your preferred language

We do NOT send your name, your child's name, your email address, your child's age, or any other personal identifiers to the AI provider. Story prompts contain only the creative choices you make within the app.

Our AI providers are contractually prohibited from using your input to train their models or for any purpose other than generating your requested story.

Generated story content is stored in your account solely so you can access it again. You may delete any saved story at any time from your Favourites screen.

4. Third-Party Services

We use the following trusted third-party services to operate MakeMyTale:

• Authentication — manages secure sign-in with email/password or Google account
• Firestore — stores your account data, stories, and preferences in a secure cloud database
• Cloud Functions — processes story generation, narration synthesis, and referral rewards on our servers; no personal data is logged
• Storage — stores generated story audio files
• Analytics — collects anonymised, aggregated usage data to help us improve the app
• Crashlytics — collects crash reports and performance data so we can fix bugs quickly

Firebase Privacy Policy

If you choose to sign in with your Google account, Google shares your name and email address with us for account creation. We do not receive your Google password.

Google Privacy Policy

Story narration audio is synthesised using Google Cloud TTS (Chirp 3 HD voice). Only the story text is sent — no user identifiers are included. Audio files are cached in Firebase Storage and served back to you.

Google Cloud Privacy Notice

Story generation requests are processed by OpenAI. Only anonymised creative parameters are sent (see Section 3). OpenAI's data processing agreement prohibits training on customer inputs.

OpenAI Privacy Policy

Story illustration images are generated using Stability AI's Stable Diffusion XL model. When a story page is displayed, a text prompt describing the scene (character species, setting, mood — derived from your story choices) is sent to Stability AI's API to produce the illustration. The prompt is always in English regardless of the language you read in; your child's name, your email address, and all other personal identifiers are never included in the prompt.

Stability AI does not receive any personal data from MakeMyTale users — only abstract, depersonalised scene descriptions.

Stability AI Privacy Policy

In-app purchases (coin packages and subscriptions) are processed entirely by Apple. We receive only a transaction confirmation and the product identifier — never your payment card details.

Apple Privacy Policy

• Third-party advertising networks
• Social media tracking pixels
• Data brokers or data resellers

5. Children's Privacy (COPPA) Kids App

MakeMyTale is designed for children and families. We comply fully with the Children's Online Privacy Protection Act (COPPA) and equivalent international regulations (GDPR-K, CALOPPA).

• We require parental consent before creating an account for a child under 13 (US) or under 16 (EU).
• We collect a child's age at registration solely to determine which privacy protections apply. Age is encrypted on-device using AES-GCM (Apple CryptoKit) and is never transmitted to third-party AI providers.
• We collect a child's first name (kidName) for story personalisation. It is stored in your account and is never sent to AI providers or any third party.
• We do NOT show behavioural advertising to child users.
• We do NOT allow children to share personal information publicly within the app.
• We do NOT sell or disclose children's personal information to third parties for commercial purposes.
• AI story generation for child accounts uses only anonymous story parameters — no name, age, or identity is transmitted.

6. Parental Rights & Controls

Parents and legal guardians have the following rights regarding their child's data:

• Review — request a copy of all personal information we hold about your child
• Correct — ask us to correct inaccurate information
• Delete — request deletion of your child's account and all associated data
• Restrict — ask us to stop further collection or use of your child's data
• Withdraw consent — revoke previously given consent at any time

To exercise any of these rights, email privacy@makemytale.com with the subject line "Parental Request". We will respond within 30 days and may ask you to verify your identity as the child's parent or guardian.

We will never require a child to disclose more information than is reasonably necessary to participate in the app.

7. How We Use Your Information

We use collected information only for the following purposes:

• Providing the service — creating and storing stories, managing your account, processing purchases and subscriptions
• Personalisation — remembering your language preference, story themes, child's name for story generation, and saved content
• Improving the app — understanding which features are used most, diagnosing crashes, fixing bugs
• Safety and fraud prevention — detecting abuse of the referral system, preventing unauthorised access
• Legal compliance — meeting obligations under COPPA, GDPR, CCPA, and other applicable laws
• Service communications — sending important service-related notifications (we do not send marketing emails without your explicit opt-in)

• Sell your personal data to any third party
• Use your data for targeted advertising
• Use your story content or your child's name to train AI models
• Share your data with data brokers

8. Data Storage & Security

Your data is stored in Google Firebase's cloud infrastructure, hosted on servers in the United States and the European Union.

• All data is encrypted in transit using TLS 1.2 or higher
• Firestore data is encrypted at rest by Google
• Passwords are never stored — only cryptographic hashes via Firebase Authentication
• Your email address is stored exclusively in your device's Keychain (iOS Keychain Services), not in plain-text storage
• Your child's age is encrypted on-device using AES-GCM (Apple CryptoKit) with a key stored in the iOS Keychain
• Access to production data is restricted to authorised personnel only
• Firestore Security Rules ensure each user can only access their own data
• Crash and performance data is anonymised before processing

While we implement industry-standard security practices, no method of transmission over the internet is 100% secure. If you suspect unauthorised access to your account, contact us immediately at privacy@makemytale.com.

9. Subscriptions & In-App Purchases

MakeMyTale offers Dreamland Monthly and Dreamland Annual auto-renewable subscriptions that provide unlimited story generation. Subscriptions are managed and billed by Apple through the App Store.

• Subscriptions are tied to your Apple ID and are shared across all devices signed in with the same Apple ID.
• Any authenticated MakeMyTale account on a device signed in to the subscribing Apple ID benefits from the active subscription.
• Subscriptions automatically renew at the end of each period unless cancelled at least 24 hours before renewal in your Apple ID account settings.
• To cancel or manage your subscription, visit Apple Subscriptions or go to Settings → your Apple ID → Subscriptions.
• We receive only a transaction confirmation and the product identifier — never your payment card details.

Coin packages are one-time consumable purchases processed entirely by Apple. Coin balances are stored in your MakeMyTale account and are non-transferable. Coins are non-refundable except where required by applicable law or Apple's refund policies. To request a refund, use Apple's standard refund process at reportaproblem.apple.com.

Free coins earned through valid referrals are applied to your account balance and are governed by the same terms as purchased coins.

10. Your Privacy Rights (GDPR / CCPA)

Depending on where you live, you may have the following rights:

• Right to access — obtain a copy of your personal data
• Right to rectification — correct inaccurate data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restriction — limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — at any time, without affecting prior processing
• Right to lodge a complaint with your national Data Protection Authority (DPA)

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights
• Right to correct inaccurate personal information

• You may delete your account at any time by emailing privacy@makemytale.com
• You may request a copy of all data we hold about you

To exercise any right, contact privacy@makemytale.com. We will respond within 30 days and may ask you to verify your identity before processing the request.

11. Data Retention

We retain your data only as long as necessary:

• Active account data — retained for as long as your account is active
• Saved stories and favourites — retained until you delete them or close your account
• Generated audio (narration) — cached in Firebase Storage; deleted with your account
• Crash and diagnostic reports — anonymised and retained for up to 12 months
• Anonymised analytics — retained in aggregated form for up to 24 months
• Support correspondence — retained for 3 years for quality and legal purposes
• Payment transaction records — retained for 7 years as required by financial regulations

Upon account deletion: your profile, stories, coin balance, audio files, and referral data are deleted within 30 days. Residual copies in backup systems are purged within 90 days. Anonymised, aggregated analytics data (containing no personal identifiers) may be retained.

12. Deleting Your Account & Data

To delete your account, send a request to privacy@makemytale.com with the subject "Delete My Account". Include the email address associated with your account.

• Your stories, favourites, profile, coin balance, and audio files are permanently deleted within 30 days
• Your email address is removed from all mailing lists immediately
• We cannot recover deleted accounts or stories after the deletion period

If you are a parent requesting deletion of a child's account, see Section 6 (Parental Rights & Controls).

13. Cookies & Tracking Technologies

MakeMyTale is a native iOS application and does not use web browser cookies.

The app uses the following tracking technologies:

• Firebase Analytics SDK — collects anonymised usage data using an installation ID (not linked to your personal identity). You can opt out by contacting us.
• Firebase Crashlytics SDK — collects device information and stack traces when the app crashes. This data is used only for debugging and contains no personally identifying information.

• Advertising tracking identifiers (IDFA)
• Cross-app tracking
• Third-party advertising SDKs
• Social media tracking pixels

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Display an in-app notification the next time you open MakeMyTale
• Update the "Last Updated" date at the top of this policy
• For changes that materially affect how we process children's data, we will seek fresh parental consent where required by COPPA

Your continued use of MakeMyTale after a policy update constitutes acceptance of the revised terms. If you do not agree to the updated policy, you may delete your account as described in Section 12.

We encourage you to review this policy periodically. Previous versions are available upon request.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: privacy@makemytale.com
• Subject line for data requests: "Privacy Request"
• Subject line for parental requests: "Parental Request"
• Subject line for account deletion: "Delete My Account"

We aim to respond to all privacy-related inquiries within 48 hours and to complete all data requests within 30 days.

If you are located in the European Union and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.