Privacy Policy

1. Who We Are

Labeebee is a sleep science-informed app for parents and guardians to create personalized bedtime stories for the children in their care, using AI technology. The parent or guardian is the account holder and controls all content, settings, and purchases. We are committed to protecting your family's privacy and apply Children's Online Privacy Protection Act (COPPA)-aligned safeguards to any information relating to a child.

Operator Information:

• Legal Name: A.C.N. 640 377 457 PTY LTD
• Physical Address: PO Box 95 TAMBORINE, QLD 4270
• Email: [email protected]
• Phone: 02 8000 0269
• Website: https://labeebee.app

This Privacy Policy describes how we collect, use, and protect personal information when you use Labeebee. By creating an account or using our app, you agree to this Privacy Policy.

2. Information We Collect

We collect only the minimum information necessary to provide our personalized bedtime story service. We distinguish between data we collect about parents (account holders) and data about children.

Child Data

• Nickname: Text input entered by parent (never legal name or full name)
• Age Bracket: Selected from ranges (3-5, 6-8, 9-10) - we do NOT collect date of birth
• Gender: Optional, used only for pronoun selection in stories (he/him, she/her, they/them)
• Avatar Emoji: Emoji character selected for profile picture
• Story Preferences: Ratings (love/like/not-for-me) on reference stories to personalize future story generation
• Cultural Preferences: Skin tone, family structure, and character appearance options for diverse representation in stories
• Character Creations: Custom characters created by parent including name, type (person/animal/magical), traits, gender, role, and appearance
• Character Appearance Details: Skin tone, hair style/color, cultural markers for diverse representation
• Generated Story Metadata: Title, theme, structure type, language, and timestamp of stories we create for your child
• Multi-Chapter Story Metadata: Series ID, chapter numbers, completion status, "Previously on..." recap data
• Audio Playback Progress: Resume position for story playback
• Story Ratings: 1-5 star ratings to improve future recommendations
• Voice Recordings: Parent voice recordings for voice cloning (Premium/Family tier only)
• Demo Story Access: No personal data collected for 5 pre-generated demo stories

Parent Data

• Email Address: For authentication and account recovery
• Authentication Identifier: Firebase UID (pseudonymous identifier, not personally identifiable)
• Subscription Status: Trial status, premium/family plan status, trial extension history
• Payment Transaction IDs: Processed by Apple/Google (not stored by Labeebee directly)
• Free Tier Usage: Counter tracking stories remaining this month (for free tier users)

Technical Data

• IP Address: Temporary, collected only for authentication security (not stored long-term)
• Device Information: Device type and operating system version (for app functionality and compatibility)
• App Version: Version number of Labeebee installed
• Error Logs: Aggregated crash reports and error logs (no personal identifiers included)
• Install Attribution Metadata (Android Only): Non-personal install-time campaign data captured via Google's Play Install Referrer Library. This includes UTM parameters (source, medium, campaign, content) and ad-network click identifiers (e.g., fbclid for Meta, ttclid for TikTok). This is server-side metadata about the install event — not user behavior — and is used solely to measure ad campaign effectiveness. iOS install attribution is handled by Apple's SKAdNetwork framework (operating system level, no app-level data collected).
• Google Advertising ID (GAID, Android only): Device-level advertising identifier provided by Google Play Services. Collected for ad campaign attribution measurement only (matching installs to ad clicks). We send it to Meta via the Meta SDK only, with the Limited Data Use (LDU) flag set, which restricts how Meta can use it. The GAID is not sent to the server-side Meta Conversions API (which carries no advertising IDs). We never use the GAID for behavioral profiling, ad targeting, cross-app tracking, or any purpose other than install/event attribution. Android users can reset their GAID at any time in Google Play Services settings.
• Apple Identifier for Advertisers (IDFA, iOS only — consent required): Device-level advertising identifier provided by iOS. Only collected if you grant permission via the Apple App Tracking Transparency (ATT) prompt shown shortly after signup. If you decline, no IDFA is collected and ad attribution operates probabilistically via Apple's SKAdNetwork framework instead. When collected, sent to Meta via the Meta SDK only (with the same Limited Data Use restrictions as GAID); the server-side Meta Conversions API carries no advertising IDs. iOS users can revoke ATT consent at any time in iOS Settings → Privacy & Security → Tracking.
• Mobile App SDK Events (Parent Account Only): The Meta SDK fires app-level events (install, paywall viewed, trial started, subscription started) for ad campaign attribution. Events are configured with Limited Data Use, fire only from parent-account contexts (never from child profile contexts such as story playback or character creation), and contain only the parent's Firebase UID plus purchase metadata — no child data and no PII.

What We Do NOT Collect:

• Child's legal name or full name
• Date of birth (only age bracket)
• Home address or physical location
• Photos or images of children
• Precise geolocation data
• Contact lists or social connections
• Cross-app behavioral profiles (advertising identifiers are used for install attribution measurement only, not for profiling)
• Child-context analytics events (story playback, character creation, voice cloning recording, child profile creation do NOT fire Meta SDK events)

3. How We Use Information

We use the collected information solely to provide and improve the Labeebee service. Here's how each type of data is used:

Additional Uses:

• Anti-Repetition Tracking: Story structures used in last 30 days to prevent repetitive narratives
• Offline Audio Caching: Audio files stored locally on device (user-controlled via Settings → Clear Cache)
• Multi-Chapter Story Generation: Lazy chapter generation with recap data from previous chapters

Important: We do NOT use your child's information for:

• Third-party advertising or behavioral tracking
• Selling or renting data to data brokers
• Building user profiles for marketing purposes
• Sharing with social media platforms

4. Third-Party Services

To provide our personalized bedtime story service, we use the following trusted third-party services. Each has been vetted for COPPA compliance and data protection.

1. Firebase (Google LLC)

• Purpose: Secure authentication for parent accounts
• Data Shared: Parent email address, authentication UID
• Privacy Policy: firebase.google.com/support/privacy
• COPPA Compliance: Yes (no child data processed by Firebase)
• Data Location: Google Cloud (multi-region)

2. Supabase (Supabase Inc.)

• Purpose: Encrypted database and cloud storage for all user data
• Data Shared: All user data listed in Section 2
• Privacy Policy: supabase.com/privacy
• COPPA Compliance: Yes (Data Processing Agreement in place)
• Data Location: US-based servers (AWS us-east-1)

3. Anthropic Claude API (Anthropic PBC)

• Purpose: AI-powered personalized story generation
• Data Shared: Child's nickname, age bracket, character details, story preferences, cultural preferences
• Privacy Policy: anthropic.com/privacy
• COPPA Compliance: Yes
• Data Retention: Story prompts are NOT used for model training per Anthropic's commercial API policy
• Important: Your child's nickname appears in story text sent to Anthropic for generation

4. OpenAI (OpenAI, L.L.C.) and MiniMax

• Purpose: Text-to-speech voice narration and voice cloning
• Data Shared: Story text (may contain child's nickname), parent voice recordings (Premium/Family tier only)
• Privacy Policy: openai.com/privacy and minimaxi.com/privacy-policy
• COPPA Compliance: Yes
• Data Retention: Input text is NOT retained after audio generation
• Voice Cloning (NOW AVAILABLE): Premium and Family subscribers can clone parent voices. 25 professional stock voices available for all tiers (diverse ages, genders, accents). Voice invitation portal allows family members to record remotely.

5. RevenueCat (RevenueCat Inc.)

• Purpose: Subscription and payment management
• Data Shared: Firebase UID (pseudonymous), subscription status, transaction IDs
• Privacy Policy: revenuecat.com/privacy
• COPPA Compliance: Yes (no child data, parent account only)

6. Meta Platforms (Meta SDK + Meta Conversions API)

• Purpose: Ad campaign attribution measurement (both client-side via the Meta SDK and server-to-server via the Meta Conversions API). The two paths share a deduplication identifier so each event is counted once by Meta.
• Data Shared:
  • Firebase UID (pseudonymous parent identifier)
  • Install referrer metadata (UTM parameters, fbclid, encrypted Meta campaign blob) — Android only
  • Google Advertising ID (GAID) — Android, when available from Google Play Services
  • Apple Identifier for Advertisers (IDFA) — iOS, only when the user grants Apple App Tracking Transparency (ATT) consent
  • Conversion event metadata: install, paywall viewed, trial started, subscription started — parent-account events only
  • Platform (iOS / Android) and app version
• Privacy Policy: facebook.com/privacy/policy
• COPPA Compliance: Yes — the Meta SDK is initialized with the Limited Data Use (LDU) flag. Server-side Meta CAPI events do not carry LDU; the server payload contains no advertising IDs or PII (only the parent's pseudonymous Firebase UID and event metadata). The Meta SDK is initialized with advertising-ID collection enabled but is configured for measurement only, not behavioral profiling or third-party ad targeting. Child-profile contexts (story playback, character creation, voice cloning recording, child profile creation) are explicitly excluded from event firing. No child PII is ever passed to Meta.
• iOS App Tracking Transparency: Shortly after parent signup we display Apple's ATT prompt asking permission to track activity across other companies' apps and websites. If you grant permission, IDFA is sent with Meta events to improve attribution match quality. If you decline, IDFA is not collected and Meta receives only the Firebase UID + non-personal event metadata; iOS attribution then operates probabilistically via Apple's SKAdNetwork framework. You can revoke ATT consent at any time in iOS Settings → Privacy & Security → Tracking.
• Data Sent For: Install, paywall view, trial start, and subscription events (parent account-level only — never from child profile contexts).

7. TikTok (TikTok Events API)

• Purpose: Ad campaign attribution measurement (server-to-server, no TikTok SDK in app)
• Data Shared: Firebase UID (pseudonymous), install referrer metadata (UTM parameters, ttclid), platform, app version
• Privacy Policy: tiktok.com/legal/privacy-policy
• COPPA Compliance: Yes — no advertising IDs, no behavioral tracking, no TikTok SDK in app
• Data Sent For: Install, trial, and subscription events (parent account-level only)

We Do NOT Share Data With:

• Advertising networks for ad targeting purposes (we never show third-party ads; server-side install attribution to Meta CAPI and TikTok Events API is for campaign measurement only, with no advertising IDs or PII in the server payload — only the parent's pseudonymous Firebase UID and event metadata)
• Analytics services (basic page-view analytics only via Google Analytics with IP anonymization, no user-level tracking or demographics)
• Data brokers (we never sell data)
• Social media platforms

5. Parental Rights Under COPPA

As a parent or legal guardian, you have full control over your child's personal information. Under COPPA, you have the right to:

1. Review Child's Personal Information

You can request a copy of all personal information we hold for your child at any time:

Email Request:

• Send email to [email protected] with "Data Access Request" in the subject
• Include your registered email address
• Response time: Within 10 business days
• Format: JSON export or human-readable PDF

2. Delete Child's Personal Information

In-App Deletion (Recommended):

1. Open Labeebee app
2. Choose what to delete:
   • Delete a single child profile: on the Home screen, tap the child's name/avatar to open the profile switcher, tap the ⋯ menu, then Delete Profile (see Delete Specific Data)
   • Delete your entire account: in Settings, scroll to the Danger Zone and tap Delete Account (deletes all child profiles and all data)
3. Complete parent gate verification (math problem)
4. Review first warning:
   • ⚠️ If you have an active subscription, cancel it in the App Store/Play Store first
   • Deletion is permanent and cannot be undone
5. Confirm deletion by tapping "Delete Account"
6. Review final confirmation showing what will be deleted:
   • All child profiles and characters
   • All generated stories and audio files
   • All preferences and Story DNA data
   • Your account credentials (cannot be recovered)
7. Tap "Delete Forever" to confirm
8. Deletion completes immediately (typically within 30 seconds)
9. You will be automatically signed out

Email Request:

• Send email to [email protected] with "Data Deletion Request" in subject
• Include your registered email address
• Response time: Confirmation within 10 business days

What Happens After Deletion:

• ✅ Immediate: Database records deleted (all child profiles, stories, characters, preferences)
• ✅ Immediate: Storage files deleted (story audio, voice clone samples)
• ✅ Immediate: Voice clone recordings and models deleted from voice AI providers
• ✅ Immediate: Offline cached audio cleared from device storage
• ✅ Immediate: Firebase authentication account deleted
• ✅ Immediate: Automatic sign-out from the app
• ⚠️ Not Deleted: Previously generated story prompts sent to Anthropic API (retained per their commercial policy)
• ⚠️ Not Deleted: Audio generation logs sent to OpenAI/MiniMax (retained per their policies)
• 💳 Important: Active subscriptions are NOT cancelled automatically - you must cancel separately through App Store/Play Store to stop future charges
• 📧 RevenueCat: We attempt to notify RevenueCat of account deletion, but webhook failures are expected (you lose access even if subscription remains active)

GDPR/CCPA Compliance:

• Account deletion satisfies GDPR Article 17 "Right to be Forgotten" requirements
• Account deletion satisfies CCPA data deletion requirements
• All user data is permanently removed from Labeebee systems
• Third-party data retention (Anthropic, OpenAI, MiniMax) is governed by their respective privacy policies

3. Refuse Further Collection

• Stop using the app (no background data collection occurs when app is closed)
• Delete child profile to stop personalized story generation
• Downgrade to demo stories only (5 pre-generated stories, no child data required)

4. Modify Consent

• Edit child profile settings anytime in-app
• Reset Story DNA preferences: see Reset Story Preferences (Story DNA also adjusts automatically as you rate stories)
• Change or remove characters at any time

6. Data Retention Policy

• Active Accounts: Data retained indefinitely while account remains active and in use
• Inactive Accounts: Automatically deleted after 24 months of no login activity
• Deleted Accounts:
  • Live database deletion: Immediate
  • Backup retention: 90 days (disaster recovery only)
  • Permanent deletion: After 90 days
• Generated Stories: Retained until parent deletes or account is deleted
• Audio Files: Cached for 30 days after last playback, then auto-deleted (unless saved offline by user)
• Offline Cached Audio: Stored locally on device, cleared via Settings → Clear Cache
• Error Logs: 90 days retention, aggregated only (no personal identifiers)

To request immediate deletion at any time, see our Delete Your Account page, our Delete Specific Data page, email [email protected], or use in-app deletion as described in Section 5.

7. Security Measures

We implement industry-standard security measures to protect your family's data:

• Encryption in Transit: All data transmitted over HTTPS with TLS 1.3 encryption
• Encryption at Rest: AES-256 encryption for all data stored in Supabase database
• Authentication Security: Firebase Auth with secure token verification
• Access Control: Parental authentication required for all child data access
• Employee Access: Restricted to authorized personnel only; all access is logged and audited
• Third-Party Agreements: Data Processing Agreements with all service providers (Firebase, Supabase, Anthropic, OpenAI, MiniMax, RevenueCat)
• Incident Response: Parents notified within 72 hours of any data breach affecting their account
• COPPA Compliance: We maintain a written information security program and written data retention policy as required by COPPA

Important: No security system is perfect. While we implement industry-standard protections, we cannot guarantee absolute security. If you suspect your account has been compromised, contact [email protected] immediately.

8. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. All updates will be posted at https://labeebee.app/privacy-policy with an updated "Last Updated" date.

For Material Changes Affecting Children's Data Collection:

• Email notification to parent account 30 days before changes take effect
• In-app notification banner upon next login
• Option to delete account if you disagree with changes

Continued use of Labeebee after changes take effect constitutes acceptance of the updated Privacy Policy.

9. Subscription Tiers & Features

Labeebee offers four subscription tiers to meet your family's needs:

Free Tier (Post-Trial)

• Price: $0
• Stories per month: 2 personalized stories
• Child profiles: 1
• Voice catalog: 5 basic voices
• Demo stories: 5 pre-generated stories (no account needed)

Standard Tier

• Price: $4.99/month or $39.99/year
• Stories per month: 140 minutes total listening time
• Child profiles: Up to 2
• Voice catalog: 20 voices
• Features: Custom characters, karaoke mode, offline downloads, 1 voice clone

Premium Tier

• Price: $9.99/month or $79.99/year
• Stories per month: Unlimited
• Child profiles: Up to 4
• Voice catalog: All voices
• Features: Everything in Standard, plus multi-chapter stories, 5 voice clones, priority generation

Family Tier

• Price: $14.99/month or $119.99/year
• Stories per month: Unlimited
• Child profiles: Up to 20
• Voice catalog: All voices
• Features: Everything in Premium, plus up to 20 child profiles and 20 voice clones

7-Day Free Trial: Triggered when you create your first child profile. Full Premium access during trial. Optional 7-day extension for low-engagement users.

11. Demo Stories

Labeebee offers 5 pre-generated demo stories accessible without creating an account:

• No personal data collected: Demo stories feature generic characters ("Luna the Explorer", "Max the Brave")
• No authentication required: Accessible from welcome screen before signup
• Served from public endpoint: No child profile or parent account needed
• Purpose: Allow parents to evaluate story quality and experience before creating an account

12. Multi-Chapter Stories

Premium and Family tier subscribers can generate multi-chapter story series (3-7 chapters):

• Lazy generation: Chapters generated on-demand as child progresses through series
• Data handling: Same privacy protections as single stories
• Metadata collected: Series ID, chapter numbers, completion status, "Previously on..." recap data
• Offline access: Downloaded chapters cached locally (Premium/Family only)

13. Contact Us