Story-Weaver

Legal

Privacy Policy

Last updated: 17 May 2026

1. What we collect

When you create an account, we collect your email address, a password (stored as a hashed value — we never see the plain text), and the first names you give to child profiles on your account.

As you use the app, we store listening progress per profile — which story you're on, which scene you last heard. This is how the app picks up where you left off.

2. What we do not collect

  • Contact information from children (no child email, phone, or address)
  • Payment details from or about minors
  • Your precise location or device location
  • Advertising identifiers or cross-site tracking data
  • Any data used for profiling or selling to third parties

3. Cookies

We use a small number of cookies: one to remember your language preference, one to remember your chosen colour theme (dark or light), and a session cookie for your logged-in state. We do not use advertising cookies or third-party tracking cookies. See our Cookie Policy for details.

4. Third parties

We use the following third-party services:

  • Cloudflare — hosting, DDoS protection, and Workers runtime
  • BytePlus (Volcengine) — image generation used in our production story catalog only. We do not send user content or personal data to BytePlus.
  • Apple and Google — in-app purchase on iOS and Android. Payments are handled entirely by Apple/Google; we receive a transaction confirmation but never your card details.
  • Moyasar — card payments on the web for users in Saudi Arabia. Subject to Moyasar's own PCI-DSS-compliant privacy practices.

5. Children's privacy

Story-Weaver is a service for families. Accounts must be created by a parent or guardian aged 18 or over. Child profiles contain only a first name and listening progress — no email address, no password, no contact details. Parents control all child profile data and can delete any profile at any time from account settings.

We do not knowingly collect personal information directly from children. If you believe a child has submitted personal information to us, contact us and we will delete it promptly.

6. Data retention

If you delete your account, we permanently delete your email address, child profiles, and listening progress within 90 days. Anonymised aggregate statistics (e.g. "story X was played 500 times") may be retained indefinitely.

7. Your rights

You have the right to:

  • Export — request a copy of your account data
  • Correct — update your email address or child profile names from account settings
  • Delete — delete your account and all associated data from account settings

To exercise any of these rights, email privacy@nighttales.app.

8. Contact

For privacy-related questions, email privacy@nighttales.app. For general enquiries, email hello@nighttales.app.