Privacy Policy

Effective date: April 10, 2026 · Last updated: April 10, 2026

Short version: Your child's name, age, and profile details never leave your device. We only send anonymous bedtime context to generate each story — nothing personally identifiable about your child.

1. Who We Are

HabitStories is an AI-powered bedtime story app designed to help parents guide children through nightly routine habits. The app is operated by HabitStories ("we," "us," or "our"). You can contact us at [email protected].

2. Information We Collect

On your device only (never sent to our servers):

Child's name
Child's age group
Child's favorite animal
Generated stories and playback progress
Subscription status cache

Sent to our servers for story generation:

An anonymous device identifier (clientId) — a random UUID with no link to your identity
The selected bedtime scenario (e.g., "bedtime resistance") and story world (e.g., "forest") — these are fixed category labels, not free-form text
An anonymous age group label (e.g., "4–5 years") used to calibrate story tone
Your child's favorite animal type (e.g., "fox") used only for story personalization

Usage analytics (anonymous, via PostHog):

App events such as scenario selections, story generation outcomes, and playback actions
All events are tied to the anonymous clientId — no name, email, or device identifier that could link back to a real person

Subscription data (via RevenueCat):

If you subscribe, RevenueCat processes the transaction. We receive only a subscription status signal (free/paid tier). We do not receive your payment details.

3. How We Use Your Information

To generate a personalized bedtime story via our AI story generation service
To enforce free-tier story quotas (counted by anonymous clientId, not identity)
To improve the app and fix issues using aggregated, anonymous analytics
To manage your subscription status

4. Children's Privacy (COPPA)

HabitStories is a parent-guided tool. It is intended to be used by a parent or guardian, not independently by a child. We do not knowingly collect personal information from children under 13.

The child profile (name, age, animal) is stored locally on your device and is never transmitted to our servers. The only child-adjacent information we send is an anonymous age group label and a generic animal type, which cannot identify your child.

If you believe we have inadvertently received personal information about a child, please contact us immediately at [email protected] and we will delete it.

5. AI-Generated Content

Stories are generated using third-party AI language and text-to-speech services. Story content is created dynamically and is not pre-screened by humans. We apply guardrails to keep content calm, age-appropriate, and focused on bedtime routines, but AI-generated content may occasionally be imperfect. Parents should listen along, especially for young children.

We do not use your data to train AI models.

6. Data Sharing

We do not sell your data. We share limited anonymous data only with the service providers needed to operate the app:

Cloudflare Workers — hosts our API; processes requests transiently with no persistent user storage
DashScope / Alibaba Cloud — AI text and voice generation; receives anonymous story context only
Cloudflare R2 — stores generated audio files, keyed by anonymous story ID
Supabase — stores anonymous story metadata for quota tracking
PostHog — anonymous usage analytics
RevenueCat — subscription management

7. Data Retention

Anonymous story metadata and quota counters are retained for up to 13 months to support monthly usage tracking, then deleted. Generated audio files are retained for up to 30 days, then deleted. Analytics events are retained per PostHog's default policy.

On-device data (child profile, stories) persists until you delete the app or clear app data.

8. Your Rights

Because we do not collect identifiable personal data, most standard data rights (access, deletion) apply to on-device data — which you can clear by deleting the app. For any concerns about server-side anonymous data, contact us and we will assist.

9. Security

All data in transit is encrypted via HTTPS/TLS. On-device data is protected by iOS device encryption. We apply standard security practices to our server-side infrastructure.

10. Changes to This Policy

We may update this Privacy Policy. Changes will be posted at this URL with an updated effective date. Continued use of the app after changes constitutes acceptance.

11. Contact

Questions or concerns? Email us at [email protected].