Endless StorytimeBack to home

Privacy Policy

Last updated: March 28, 2026

Our commitment to your family

Endless Storytime ("we," "us," "our") builds personalized storybooks for children ages 2-8. We understand that when a product involves children, privacy is not optional — it is foundational. This policy explains what information we collect, how we use it, and how we protect it.

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 without verified parental consent.

Who uses our service

Endless Storytime is a service for parents and legal guardians. Only adults (18+) may create accounts, subscribe, and manage their family's stories. Children are the end users of the content we create, but they do not interact with our service directly or have their own accounts.

What information we collect

From parents (account holders)

  • Email address — for account creation, authentication, and story delivery.
  • Payment information — processed and stored by our payment processor. We never see or store your full card number.
  • Communication preferences — whether you opted into product updates.

About children (provided by parents)

  • First name — used to personalize stories. Encrypted at rest in our database.
  • Age or age range — used to tailor story content and reading level to developmental stage.
  • Physical appearance descriptors — skin tone, hair color, eye color, etc. Used only for illustration generation.
  • Preferences and interests — favorite things, situations they are navigating. Used to personalize story content.
  • Photos (optional) — if a parent uploads a photo, it is sent to an AI vision service exclusively for face detection and appearance feature extraction. Photos are never stored on our servers and are not retained after processing. The extracted appearance descriptions (not the photo itself) are then used for illustration generation.

How we use AI

Stories, illustrations, and audio narration are created with the assistance of artificial intelligence. We use services from Anthropic, Google, and OpenAI.

Before most external service touches a story, we replace your child's real name with a placeholder. The story is generated with the placeholder, then we swap the real name back on our servers. External services only see contextual details (pronouns, appearance descriptors, preferences) that are not personally identifiable on their own.

The one exception is audio narration: for the voice engine to say your child's name out loud, the text-to-speech service needs to see the first name. A first name alone, without any other identifying detail, does not constitute personally identifiable information under COPPA.

None of these providers use your child's data for training their AI models. Data is transmitted securely via HTTPS and processed only as needed to create your child's stories. We review our provider agreements regularly to ensure this protection.

What we do NOT do

  • We do not display any advertising to children or adults.
  • We do not sell, rent, or share personal information with third parties for marketing purposes.
  • We do not use behavioral tracking, analytics cookies, or fingerprinting on children.
  • We do not store photos of children on our servers. Photos are processed briefly for appearance extraction and are not retained in our systems.
  • We do not allow children to create accounts, post content, or communicate with other users.
  • We do not require children to provide more information than is reasonably necessary to participate in the service.

Data storage and security

  • All data is stored in encrypted databases.
  • Child names are encrypted at rest, used only to personalize stories, and are never shared or sold. We audit all usages of child names within our systems.
  • Story PDFs and audio files are stored in encrypted cloud storage and accessible only through authenticated access.
  • All connections use TLS/HTTPS encryption in transit.
  • Access controls ensure parents can only access their own family's data.

Data retention and deletion

We retain account and story data for as long as your account is active.

  • After cancellation, your story library remains accessible through the end of your billing period.
  • You may delete your child's profile or your entire account at any time directly from the app.
  • When you delete your account, all associated data is permanently removed from our systems. No waiting period.
  • You may also request deletion by emailing hello@EndlessStorytime.com.

Parental consent

Only parents or legal guardians may create accounts and provide information about their children. By creating an account and adding a child's profile, you represent that you are the child's parent or legal guardian and that you consent to the collection and use of their information as described in this policy.

You may withdraw consent at any time by deleting the child's profile directly in the app or by contacting us at hello@EndlessStorytime.com.

Third-party services

We use third-party services for payment processing, infrastructure, and AI-powered story creation. Each service receives only the minimum data necessary to perform its function. None are authorized to use your data for their own purposes.

Payment processing is handled by Stripe (web) and Apple (iOS), subject to their respective privacy policies. AI services are provided by Anthropic, Google, and OpenAI, as described in the “How we use AI” section above.

Changes to this policy

We may update this policy from time to time. If we make material changes — especially changes that affect how we handle children's information — we will notify you by email before the changes take effect.

Contact us

If you have questions about this privacy policy or want to exercise your data rights, contact us: