Privacy Policy

Effective date: 14 March 2026

1. Introduction

1.1. This Privacy Policy explains how Once Upon a Me ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform at onceuponame.ai and our mobile application (collectively, "the Service").

1.2. Once Upon a Me is a parent-operated service. Parents and legal guardians create accounts and manage the Service on behalf of their children. Children do not create accounts or interact with the Platform directly.

1.3. We are committed to protecting the privacy of both parents and children. This policy has been designed with particular attention to children's data rights under the UK General Data Protection Regulation (UK GDPR), the Children's Online Privacy Protection Act (COPPA), and the ICO Age Appropriate Design Code (Children's Code).

1.4. This policy is effective as of 14 March 2026 and applies to all users of the Service worldwide.

2. Data We Collect

2.1. We collect and process the following categories of personal data:

CategoryData CollectedPurpose
Parent account dataEmail address, password (stored as Argon2 hash), display name, push notification tokenAccount creation, authentication, communication
Child profile dataChild's first name, age, gender, interests, unique friend codePersonalising story content and illustrations
Child photographsPhotos uploaded by parent for avatar generationGenerating a personalised character avatar (see Section 4)
AI-generated contentCharacter avatars, story text, page illustrationsDelivering the personalised storybook experience
Payment dataStripe customer ID or RevenueCat subscriber ID (we do not store card numbers or bank details)Processing payments and managing subscriptions
Analytics dataSession events, feature usage, app interactions via PostHog (no PII tracking)Improving service quality and understanding usage patterns
Household dataHousehold membership, invite codes, parent roles (primary/member)Enabling multi-parent access to shared child profiles and stories

2.2. We do not collect data directly from children. All data relating to children is provided by their parent or legal guardian.

3. How We Use Data

3.1. We use the data we collect strictly for the following purposes:

  • Parent account data: To create and manage your account, authenticate your identity, send transactional emails (story notifications, password resets, payment confirmations), and deliver push notifications.
  • Child profile data: To personalise story content, tailor illustrations to the child's characteristics, apply content controls, and enable the friend feature.
  • Child photographs: Solely to generate a character avatar. Photos are not used for any other purpose (see Section 4).
  • AI-generated content: To deliver, store, and display your personalised storybooks within the Service.
  • Payment data: To process transactions, manage subscriptions, and provide purchase history.
  • Analytics data: To understand how the Service is used, identify issues, and improve the user experience. Analytics data is aggregated and does not identify individual children.
  • Household data: To enable shared access between parents within the same family unit.

3.2. We do not sell, rent, or trade your personal data to third parties. We do not use your data for advertising or marketing by third parties. We do not use children's data for profiling or automated decision-making.

4. Photo Handling

4.1. This section describes how we handle photographs of children. Given the sensitivity of children's images, we have implemented strict safeguards:

Photo Lifecycle

  1. Upload: Parent uploads photographs through the app. Photos are stored securely on our content delivery network with restricted access.
  2. Processing: Photos are sent to our avatar generation provider (OpenAI) via their API. Under their API data usage policy, images submitted through the API are not used to train their models.
  3. Avatar acceptance: Once the parent accepts the generated avatar, photos enter a 24-hour deletion grace period.
  4. Grace period: During the 24-hour window, the parent may choose to regenerate the avatar, which temporarily reactivates the photos.
  5. Permanent deletion: After 24 hours, photos are permanently and irreversibly deleted from both our database and our content delivery network. An automated process runs hourly to ensure timely deletion.

4.2. Parents may request immediate deletion of uploaded photographs at any time by contacting support@onceuponame.ai. We will process such requests within 24 hours.

4.3. The generated avatar is a stylised illustration and does not constitute a photograph or biometric data. Avatars are retained as part of the child profile for as long as the account is active.

5. Third-Party Processors

5.1. We use the following third-party services to operate the Platform. Each processes data only as necessary to provide their specific function:

ServicePurposeData Processed
SupabaseDatabase hostingAll account and content data
UploadcareImage CDN and storageUploaded photos, generated images
StripeWeb payment processingPayment tokens, customer ID
RevenueCatMobile in-app purchase managementSubscriber ID, purchase history
PostHogProduct analyticsAnonymised usage events
ResendTransactional email deliveryEmail address, email content
ExpoPush notification deliveryPush token, notification content
OpenAIAvatar generation from photosChild photographs (API only, not used for training)
AnthropicStory text generationChild name, age, interests, story parameters
Google (Gemini)Story structure planningChild name, age, interests, story parameters
FAL.aiIllustration generationText prompts, character descriptions

5.2. We have reviewed each processor's data handling practices and selected providers that offer appropriate safeguards for personal data. Where available, we use API-level access which typically provides stronger data protection guarantees than consumer-level services.

6. Data Retention

6.1. We retain data only for as long as necessary to provide the Service and fulfil the purposes described in this policy:

Data TypeRetention Period
Parent account dataRetained while your account is active; deleted upon account deletion
Child profile dataRetained while your account is active; deleted upon account deletion
Child photographs24 hours after avatar acceptance, then permanently deleted
Generated stories and illustrationsRetained while your account is active; deleted upon account deletion
Character avatarsRetained while the child profile exists
Password reset tokens1 hour, then automatically expired and deleted
Analytics events12 months from the date of the event
Payment recordsAs required by applicable tax and accounting regulations

6.2. When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records (such as payment records for tax purposes).

7. Children's Privacy

7.1. Protecting children's privacy is central to how we have designed the Service. The following safeguards are built into the Platform:

  • Parent-operated model: Children do not create accounts, log in, or interact with the Platform. All operations are performed by the parent or legal guardian.
  • Verifiable parental consent: Account creation requires an adult (18+) to register with a valid email address and password. The parent provides consent for their child's data to be processed when creating a child profile.
  • No child profiling: We do not create behavioural profiles of children, track their activities, or make automated decisions about them.
  • No advertising: The Service contains no advertisements, no ad networks, and no marketing content targeted at children.
  • No tracking of children: We do not use tracking cookies, browser fingerprinting, or any tracking SDKs that collect data about children. Our analytics (PostHog) track parent usage patterns only, at an aggregate level.
  • Content controls: Parents can configure per-child content controls including excluded themes, bedtime mode, maximum story length, and preferred values or life lessons.
  • Minimal data collection: We collect only the child data necessary to generate personalised stories: first name, age, gender, and optional interests.
  • Photo deletion: Child photographs are permanently deleted within 24 hours of avatar generation (see Section 4).

7.2. If you believe we have inadvertently collected personal data from a child without proper parental consent, please contact us immediately at support@onceuponame.ai. We will investigate and delete any such data promptly.

8. Your Rights

8.1. Under the UK GDPR, EU GDPR, and applicable data protection laws, you have the following rights regarding your personal data and your child's personal data:

  • Right of access: You may request a copy of all personal data we hold about you and your children.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You may request that we delete your personal data and your children's data. You can also delete child profiles and your account directly through the Service.
  • Right to restrict processing: You may request that we limit how we process your data in certain circumstances.
  • Right to data portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to object: You may object to processing of your personal data in certain circumstances, including processing for direct marketing purposes.

8.2. To exercise any of these rights, please contact us at support@onceuponame.ai. We will respond to your request within 30 days. In complex cases, we may extend this period by a further 60 days, in which case we will inform you of the extension and the reasons for it.

8.3. You will not be charged a fee for exercising your rights unless your request is manifestly unfounded or excessive.

9. Cookies & Tracking

9.1. We use a minimal set of cookies and tracking technologies:

  • Authentication cookies: Strictly necessary httpOnly cookies used for session management and keeping you logged in. These cannot be disabled as they are essential for the Service to function.
  • Analytics (PostHog): We use PostHog for product analytics to understand how the Service is used and to identify areas for improvement. PostHog collects anonymised, aggregate usage data. No personally identifiable information about children is tracked.

9.2. We do not use:

  • Advertising or marketing cookies
  • Third-party tracking pixels or beacons
  • Browser fingerprinting
  • Cross-site tracking
  • Social media tracking widgets

10. International Transfers

10.1. Our Service is operated from the United Kingdom. However, some of our third-party processors operate in the United States and the European Union. As a result, your personal data may be transferred to and processed in countries outside the UK.

10.2. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Data processing agreements with each third-party processor
  • Selection of processors that maintain industry-standard security certifications

10.3. You may contact us for more information about the specific safeguards applied to international data transfers.

11. Security

11.1. We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Password security: Passwords are hashed using Argon2, a memory-hard hashing algorithm that is resistant to brute-force and rainbow-table attacks. We never store passwords in plain text.
  • Authentication: JWT-based authentication with secure token management ensures only authorised users can access account data.
  • API security: All API keys and secrets are stored securely as environment variables and are never exposed to client-side code.
  • Access control: Household-based access model ensures parents can only access data belonging to their own household.
  • Automated deletion: Hourly automated processes ensure photos are deleted within the stated timeframes.

11.2. While we take all reasonable precautions, no method of transmission or storage is completely secure. If you become aware of any security breach affecting your account, please contact us immediately at support@onceuponame.ai.

12. Changes to This Policy

12.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.2. For minor changes, we will update the effective date at the top of this page. For material changes that significantly affect how we handle your data or your children's data, we will:

  • Notify you by email at the address associated with your account
  • Display a prominent notice within the Service
  • Where required, seek your renewed consent before continuing to process data under the new terms

12.3. We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

13. Contact

13.1. Once Upon a Me is the data controller responsible for your personal data. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Once Upon a Me

Data Controller

Email: support@onceuponame.ai

Website: onceuponame.ai

13.2. If you are not satisfied with our response to your data protection concern, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113