Who We Are
Calm Tales is operated by Greyalytics, LLC, a limited liability company based in the United States.
We provide personalized, therapeutic bedtime stories for children through our mobile application (iOS and Android) and web platform at mycalmtales.com and calmtales.ai.
For data protection purposes, Greyalytics, LLC is the "data controller" of your personal information.
Information Collection
Calm Tales is designed with privacy at its core. We collect only the minimum information necessary to provide our personalized bedtime story service:
- First Names Only: We never collect last names or full names. Only first names or nicknames are used for personalization in stories.
- Parent/Guardian Email: Required for account authentication and essential service communications only.
- Child Profile Information: Age, favorite colors, interests, sensory preferences, and story themes to personalize content. No personally identifiable information is collected about children beyond their first name/nickname.
- Generated Stories: Stories you create are saved privately to your account.
- Optional Story Images: AI-generated illustrations created for your stories are stored in your account.
Mobile App Additional Data
The mobile app (iOS and Android) collects minimal technical information for functionality:
- Device Information: OS version, device type, and model (used only for crash reporting and app compatibility)
- App Interactions: Feature usage and button taps (used to improve user experience)
- Authentication Method: Whether you signed in with email, Google, or Apple (for account management only)
Subscription and Payment Information
If you subscribe to CalmTales premium features:
- Subscription Status: Active subscription type (monthly/annual), expiration date, and trial status
- Transaction Identifiers: Anonymous purchase IDs for subscription management
- Entitlement Information: Which premium features you have access to
We do NOT collect or store: Your credit card number, bank account information, billing address, or other payment credentials. All payment processing is handled securely by Apple (for iOS) and RevenueCat. Your financial information never touches our servers.
We do NOT collect: addresses, phone numbers, last names, photos of real people, Social Security numbers, financial information, precise geolocation data, or advertising identifiers (IDFA/AAID).
How We Use Data
Your information is used exclusively to:
- Generate personalized bedtime stories tailored to your child's preferences and needs
- Create optional watercolor-style illustrations for your stories
- Authenticate your account and maintain secure access
- Save your stories, images, and preferences for future use
- Send essential service notifications (account-related only, never marketing)
- Improve our service quality and user experience
- Comply with legal obligations and enforce our Terms of Service
We use Google Gemini AI to generate therapeutic story content and illustrations. Your data is processed securely and is never used to train AI models or shared with third parties for their own purposes.
Data Storage
All user data is securely stored using Firebase (Google Cloud Platform), which provides:
- Enterprise-grade security with encryption in transit and at rest
- Secure authentication services using industry best practices
- GDPR and COPPA compliant infrastructure
- Regular security audits and updates by Google
- 99.99% uptime reliability
Your data is stored on servers located in the United States and is protected by physical, electronic, and procedural safeguards.
Third-Party Services
To provide our service, we work with the following trusted third-party providers:
- Google Cloud Platform / Firebase: Authentication, database storage, and file storage
- Google Gemini AI API: Story generation and image creation (data is not used for model training)
- Expo: Mobile app development and deployment platform (for iOS and Android apps)
- Google Sign-In: Authentication provider (data is not shared with Google beyond authentication)
- Apple Sign-In: Authentication provider for iOS users (data is not shared with Apple beyond authentication)
- Firebase Crashlytics (when implemented): Crash reporting and error tracking for mobile apps
- RevenueCat: Subscription management and in-app purchase processing. RevenueCat processes subscription status, purchase history, and entitlement information to manage your premium features. They do NOT receive your payment card details (those are handled by Apple). For more information, see RevenueCat's Privacy Policy.
- Apple App Store: Payment processing for iOS subscriptions. Apple processes all payment transactions securely according to their privacy practices. See Apple's Privacy Policy.
We do NOT sell, rent, or trade your personal information to third parties. We do NOT share your data with advertisers or data brokers.
Third-party services process data only as necessary to provide our service and are bound by strict data protection agreements.
Cookies and Tracking
Calm Tales uses minimal, essential cookies and local storage only:
- Authentication Cookies: To keep you securely logged into your account
- Essential Functionality: To remember your preferences and maintain your session
Mobile App Storage
The mobile app uses local device storage (AsyncStorage on iOS/Android) to:
- Keep you logged in securely
- Cache stories for offline reading
- Remember your app preferences (text size, night mode, etc.)
This data stays on your device and is deleted when you log out or uninstall the app.
We do NOT use:
- Advertising cookies or tracking pixels
- Third-party analytics or marketing trackers
- Cross-site tracking technologies
- Social media tracking
Children's Privacy (COPPA Compliance)
Calm Tales is committed to protecting children's privacy in full compliance with the Children's Online Privacy Protection Act (COPPA):
Parental Consent
- Only parents or legal guardians (ages 18 and older) can create accounts
- By creating an account, you certify that you are the parent or legal guardian of the child(ren) for whom you create profiles
- Children cannot register for accounts or use the service directly
Information We Collect About Children
With parental consent through account creation, we collect only:
- First name or nickname (never last names)
- Age (to ensure age-appropriate content)
- Interests, favorite colors, and story preferences
- Sensory preferences (for therapeutic personalization)
Parental Rights
As a parent or guardian, you have the right to:
- Review: Access all information collected about your child
- Delete: Request deletion of your child's information at any time
- Refuse: Refuse further collection or use of your child's information
- Control: Manage all child profiles through your parent dashboard
Our Commitments
- No direct communication with children
- No advertising or marketing to children
- No collection of more information than necessary
- No public sharing or display of children's information
- Parents maintain full control over all child data
Data Retention
We retain your data according to the following policies:
- Active Accounts: Data is retained indefinitely while your account remains active to provide continuous service
- Deleted Accounts: When you request account deletion, all data is permanently removed within 30 days
- Individual Stories/Profiles: Deleted immediately upon request from your dashboard
- Inactive Accounts: Accounts inactive for 3+ years may be deleted after email notification
You can export your data at any time before deletion by contacting us at privacy@mycalmtales.com.
Security
We implement industry-standard security practices to protect your information:
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
- Authentication: Secure email/password authentication with Firebase Auth
- Access Controls: Strict access limitations to customer data
- Regular Updates: Continuous security patches and monitoring
- Secure Infrastructure: Google Cloud Platform's enterprise-grade security
Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify affected users via email within 72 hours
- Describe the nature of the breach and data affected
- Explain steps we're taking to address the breach
- Provide recommendations to protect your information
While we use industry best practices, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.
Your Privacy Rights
Depending on your location, you may have specific rights under privacy laws including GDPR (EU), CCPA (California), and other state privacy laws:
Rights for All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Data Portability: Request your data in a portable format
- Objection: Object to certain processing of your data
California Residents (CCPA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed (we do NOT sell data)
- Right to opt-out of the sale of personal information (not applicable as we don't sell data)
- Right to non-discrimination for exercising privacy rights
EU Residents (GDPR)
EU residents have additional rights:
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
- Right to restriction of processing in certain circumstances
How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@mycalmtales.com. We will respond within 30 days.
Contact Information
For privacy concerns, questions, or requests regarding your data, please contact us:
Response Times
- General privacy inquiries: Within 48 hours
- Data access/deletion requests: Within 30 days
- COPPA parental requests: Within 48 hours
We take all privacy concerns seriously and are committed to resolving your questions and requests promptly and thoroughly.