Privacy Policy

When you create or access an account, we collect identifiers such as your email address. You may sign in with email and password or with Google (OAuth). If you use Google, we receive profile information that Google shares with us (for example, name and profile image) as permitted by your Google account settings. Authentication and credential handling are provided by Supabase; we do not store your password in plaintext in our application code.

You may provide a display name, avatar, and similar profile details. Adults may create child profiles to organize content (for example, a first name or nickname and age information as the product prompts you to enter). Please do not submit more information about a child than the Service requests.

When you record or upload stories, audio and related assets are stored using our infrastructure (including Cloudflare R2). Recordings are private to your family space and are delivered through access-controlled, time-limited links where technically enforced. We do not make your family recordings publicly searchable.

Purchases are processed by Stripe. We receive limited transaction metadata (for example, subscription status) but do not store full payment card numbers on our servers.

If you contact us or receive transactional messages (invitations, receipts, product notices), we process the content of those communications and related metadata. Transactional email is sent through providers such as Resend.

If you use features that generate story text, cover art, or transcripts, our systems send the inputs required to perform those tasks to Google AI services (for example, Gemini) as configured in our environment. Story-generation prompts may include a child's first name or nickname and approximate age when you provide them to tailor content. Those features are invoked by the adult account holder; we do not offer a separate child-facing "generate" flow. We do not send your raw story audio to AI providers for script generation in the architecture described in this policy; separate features may process audio for transcription or cover generation when you invoke those features. We do not use your audio recordings, story content, or other family data to train our own AI models. Google's terms and privacy notice apply to their processing of inputs you submit through our Service.

If you link Ember to an Amazon Alexa skill, Amazon processes voice interactions and skill requests under Amazon's policies. We receive information necessary to authenticate you, fulfill playback requests, and maintain the integration (for example, tokens or identifiers required for linking). Please review Amazon's privacy notice for how Alexa data is handled.

We use analytics and product instrumentation to understand how the Service is used and to improve reliability. Depending on your device and settings, this may include page views, feature usage events, and error reports. Providers include PostHog, Vercel Web Analytics, and Vercel Speed Insights. Child-designated listening pages under /kids do not load Vercel Web Analytics or Speed Insights, and we configure PostHog to opt out of event capture on those routes while a child listening session is active there. For more detail on cookies and similar technologies, see our Cookie Policy.

Features that help you discover books may query public metadata sources (for example, Google Books API) or display cover art hosted by third parties (for example, Open Library). Those requests may transmit search terms or identifiers needed to retrieve metadata.

Like most online services, we and our vendors may log technical information such as IP addresses, device/browser type, and timestamps for security, debugging, and compliance. Our content delivery and hosting providers may process similar data in connection with delivering the Service.

Depending on how you use the Service, information relating to a child may include: a first name or nickname; age information you provide when creating a child profile (for example, an age value or band as implemented in the product); preferences you choose to associate with a child profile; and technical identifiers used to maintain a child listening session (for example, a secure browser cookie scoped to child routes) so a parent-authorized device can play approved stories. Adult-recorded story audio is not recorded by the child, but may be organized under a child profile at your direction.

We use this information to provide the family features you request (for example, organizing a library, playing stories on an approved device, and improving reliability and security). We do not use children's personal information for behavioral advertising, and we do not sell children's personal information.

We disclose information to service providers who help us run the Service, as listed under How we share information above. Where COPPA requires separate consent for a disclosure that is not integral to providing the Service, we will obtain that consent. Unless disclosure is integral to the Service, parents may be able to consent to our collection and internal use of a child's information without consenting to certain third-party disclosures. Where the Rule requires a separate choice, we will provide it through notice and consent mechanisms appropriate to the Service at that time.

Where we rely on session cookies or similar technologies for child-designated listening, we use them for internal operations such as authentication of the child session, fraud prevention, and service functionality. We maintain administrative, technical, and organizational safeguards (including access controls and segregation of child-facing experiences from unrelated uses) designed to prevent using those identifiers to contact a specific child for marketing, to build cross-site behavioral profiles for advertising, or for other purposes inconsistent with COPPA.

We retain personal information relating to children only as long as needed to provide the Service or as permitted by law. When a parent deletes a child profile or the family account, or when we receive and honor a verified deletion request, we delete or de-identify associated personal information within a reasonable period, subject to limited legal, security, and backup exceptions described under Retention.

COPPA requires direct notice to parents in specific situations (for example, before certain collections or when practices materially change). That notice may be delivered by email, in-product prompts, or other reasonable methods. This Privacy Policy serves as the online notice of our information practices and is supplemented by direct notices when the Rule requires them. For the regulatory text, see 16 C.F.R. Part 312.