Account details (about you): your display name, email address, and a hashed password (we never store the plaintext). If you sign in with Google, we receive a stable Google account identifier and your email — not your password. If you sign in with Apple, we receive a stable Apple identifier and an email address — which may be Apple's private-relay forwarding address if you choose to hide your real one — again, never your password.
Avatar photos (optional): if you choose to create an avatar — of yourself, or of your child — you upload a photo. We use it once to generate a stylized, cartoon-style avatar (not a realistic likeness), then delete the original photo — we keep only the generated avatar, which you can remove at any time. Uploading a photo is entirely optional and parent-initiated, and the act of uploading is your consent to this processing. See section 7 for how this applies to a child's photo.
Child profile details (about your child): first name (or a chosen nickname), age, gender, English fluency, optional interests, and any free-text notes you choose to add. You decide what to share; no field other than name + age is required.
Stories you generate: the prompt you submit (theme, length, tone, parent notes), the generated narrative, the cover image, any narrated audio files, and the linked verse/hadith references.
Billing information: if you subscribe to a paid plan on the web, your payment details are handled by Stripe; if you subscribe inside our iOS app, the purchase is processed by Apple's App Store (In-App Purchase) and managed through RevenueCat. In either case we never see or store your full card number — we store only the opaque customer and subscription identifiers needed to keep your plan in sync.
Technical data: a session cookie (HTTP-only, SameSite=Lax) so you stay signed in; your IP address (used for per-IP rate limiting and abuse prevention); and basic server logs (request path, timestamp, status code) for operational debugging.
Usage activity: a lightweight behavioural log of how the Service is used — pages visited, key actions taken (e.g. a story generated, a checkout started), and a random per-browser visitor id used to group activity before you sign in. This log is structural only: it records event types, page paths, and small identifiers (such as a topic or story id) — never your child's name, the story text, scripture, your email, or your password. We use it for product analytics and abuse prevention, and it is automatically deleted after 90 days.