Privacy Policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Magical Stories.
• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• Country refers to: California, United States
• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Website.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to Magical Stories, accessible from https://magicalstories.ai/
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
• Child or Children means individuals under 13 years of age.
• Parent or Guardian means a parent or legal guardian of a Child.
• Verifiable Parental Consent means reasonable effort to ensure that a parent or guardian of a Child authorizes the collection, use, and disclosure of personal information from that Child.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. For users under 13, tracking technologies are limited and require verifiable parental consent before implementation.

Children's Privacy and COPPA Compliance

1. Information We Collect from Children

For children under 13, we may collect the following types of information only with verifiable parental consent:

• Account Information: Child's first name (no last name required), birth date, and parent/guardian email address
• Created Content: Stories, characters, and locations created by the child within our Service
• Account Activity: Stories read, characters created, and interactions within the Service
• Technical Information: Limited to what is necessary for Service functionality (device type, browser information)
• Comments and Messages: For children under 13, we limit comments to pre-approved messages only

2. How We Use Children's Information

Information collected from children is used solely for the following purposes:

• To provide the story creation and character building features of our Service
• To save and display the child's created content
• To send service-related notifications to the parent/guardian
• To improve and personalize the child's experience on our Service
• To comply with legal obligations and protect safety

We do NOT use children's information for marketing purposes or share it with third parties for their marketing use.

3. Verifiable Parental Consent

Before collecting any personal information from a child under 13, we require verifiable parental consent through the following process:

1. The child provides their birth date during account creation
2. If the child is under 13, we request a parent or guardian's email address
3. We send a detailed notice to the parent explaining what information we collect, how we use it, and our disclosure practices
4. The parent must click a unique verification link and provide explicit consent before the child can use the Service
5. Parents receive annual reminders to review and renew their consent

4. Parental Rights and Controls

Parents and guardians have the following rights regarding their child's information:

• Review: Request to review all personal information collected from your child
• Deletion: Request deletion of your child's personal information at any time
• Stop Collection: Refuse to permit further collection or use of your child's information
• Access Controls: Manage your child's privacy settings and social features through the Parent Dashboard
• Data Export: Download a complete copy of your child's data in a portable format
• Revoke Consent: Withdraw your consent at any time, which will result in deletion of the child's account

Note: If you revoke consent or request deletion, your child will no longer be able to use our Service, and all their data will be permanently deleted within 30 days.

5. Social Features and Restrictions for Children

To protect children's safety and privacy:

• Children under 13 cannot make their stories or characters publicly visible by default
• Comments from children are limited to pre-approved, positive messages only (no free-text comments)
• Friend connections require explicit parental approval for each connection
• Sharing of characters or stories with friends requires parental permission
• Children cannot provide personal contact information in any user-generated content
• All content involving children is monitored for safety and appropriateness

6. Third-Party Services and Children's Data

We use the following third-party services that may process children's information:

• OpenAI API: Used to generate story content. Only the child's story prompts and character information are sent; no personally identifiable information is shared. OpenAI's API does not retain user data.
• Supabase (Database & Authentication): Stores account and content data with enterprise-grade security and encryption.
• Image Generation Service: Creates character and location images based on child's creative inputs. No personal information is included in image prompts.
• Stripe (Payment Processing): Processes subscription payments from parents only. Children cannot make purchases.

We have ensured that all third-party service providers implement appropriate safeguards for children's data and do not use children's information for their own purposes.

7. Data Security for Children

We implement enhanced security measures for children's accounts:

• Encryption of all personal data in transit and at rest
• Strict access controls limiting who can view children's information
• Regular security audits and vulnerability assessments
• Automatic data retention limits (30 days for inactive child accounts)
• Separate database security policies for children's data
• Enhanced monitoring for suspicious activity on children's accounts

8. Data Retention for Children

Children's personal information is retained only as long as necessary to provide the Service or as required by law:

• Active accounts: Information retained while account is active and parental consent is valid
• Deleted accounts: All personal information permanently deleted within 30 days of deletion request
• Inactive accounts: Accounts inactive for more than 12 months will be automatically deleted after parent notification
• Expired consent: If parental consent is not renewed annually, the account will be suspended and then deleted after 90 days

9. How to Exercise Parental Rights

Parents and guardians can exercise their rights through:

• Parent Dashboard: Log in to your parent account to view and manage your child's information, privacy settings, and social features
• Email Contact: Send your request to info@magicalstories.ai
• Account Deletion: Delete your child's account directly from the Parent Dashboard or by contacting us

We will respond to all parental requests within 5 business days.

10. Updates to Children's Privacy Practices

If we make material changes to how we collect, use, or share children's personal information, we will:

• Notify parents via email at least 30 days before the changes take effect
• Request new parental consent if the changes expand the types of information collected or how it's used
• Provide parents the option to delete their child's account if they do not agree to the changes
• Update this Privacy Policy with a new "Last Updated" date

Data Security

We implement appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. For children's accounts, we apply enhanced security controls as detailed in the COPPA section above.

Contact Information

Mailing Address:
Magical Stories - Privacy Team
[Your Company Address]
[City, State ZIP Code]