Privacy Policy

Last Updated: February 19, 2026

1. Introduction

Welcome to HeroTales ("we," "our," or "us"). This Privacy Policy explains how we handle information when you use our mobile application that creates personalized AI-generated stories for children.

2. Information We Collect

2.1 Information Stored Locally on Your Device

The following information is stored locally on your device:

• Child's Name: Used to personalize stories
• Child's Age: Used to adjust story complexity (ages 3-12)
• Generated Stories: All created stories are saved only on your device
• Story Prompts: Your story ideas and themes are stored locally
• Character Description: Physical traits extracted from your child's photo (hair color, skin tone, eye color) are stored with each story to maintain visual consistency across illustrations

2.2 How Child Photos Are Used

If you choose to use a photo for story personalization, here is exactly what happens:

1. Analysis: Your child's photo is sent securely to OpenAI's Vision API (GPT-4o) to extract physical traits such as hair color, skin tone, and eye color for story character consistency.
2. Immediate Deletion: The original photo is deleted from your device immediately after the analysis is complete. It is not stored in the app or retained anywhere.
3. Character Description Stored: A text description of the extracted traits (e.g., "brown hair, light skin, blue eyes") is saved with your story. No image is retained.
4. Illustration Generation: DALL-E 3 (OpenAI) uses this character description — not the original photo — to generate all story illustrations.

2.3 Information Sent to Third-Party AI Services

To generate stories and illustrations, we send the following information to third-party AI providers:

• To xAI (Grok API) for story text: Story theme/prompt, child's name, child's age range, and character description
• To OpenAI (Vision API) for photo analysis: Your child's photo as a secure API request (photo is not retained by OpenAI per their API policies)
• To OpenAI (DALL-E 3) for illustrations: Character description and scene descriptions (no photos, no identifying information)

2.4 Subscription and Purchase Information

HeroTales offers optional in-app subscriptions (weekly and lifetime) managed through RevenueCat and Apple's App Store. When you make a purchase:

• Payment is processed entirely by Apple — we never see your payment details
• RevenueCat receives a purchase receipt to verify and manage your subscription entitlement
• No personal financial information is shared with us

2.5 Information We Do NOT Collect

• No account registration or email addresses
• No location data
• No analytics or tracking
• No advertising identifiers
• No contact information beyond what you choose to provide for support
• No behavioral data or usage patterns

3. How We Use Information

Information is used solely for the following purposes:

• Story Generation: To create personalized, age-appropriate stories using AI
• Illustration Generation: To create story illustrations matching the child's appearance using DALL-E 3
• App Functionality: To remember your child's name and age for future story creation
• Content Adjustment: To ensure vocabulary and themes match your child's age (3-12)
• Subscription Management: To verify and manage premium subscription access via RevenueCat

We do NOT use any information for:

• Advertising or marketing
• Selling or sharing with third parties (except the AI and subscription providers described above)
• Profiling or behavioral targeting
• Analytics or tracking

4. Data Storage and Security

4.1 Local Storage

All personal data (name, age, character descriptions, generated stories) is stored securely on your device using industry-standard local storage mechanisms (AsyncStorage). This data is protected by your device's security features (passcode, Face ID, Touch ID).

4.2 Third-Party AI Services

Story prompts and character descriptions are sent over secure HTTPS connections to:

• xAI (Grok API) for story text generation — xAI Privacy Policy
• OpenAI Vision API for photo analysis — OpenAI Privacy Policy
• OpenAI DALL-E 3 for story illustration generation — OpenAI Privacy Policy

Per OpenAI's API data usage policies, data sent via the API is not used to train their models by default.

4.3 Subscription Service

Subscription management is handled by RevenueCat. RevenueCat receives purchase receipts to verify subscription status. See RevenueCat's Privacy Policy for details.

4.4 Data Retention

Data remains on your device until you:

• Delete the app
• Use the "Delete All Data" feature in app settings
• Clear app data through your device settings

Child photos are automatically deleted from your device immediately after the character analysis step is complete — you do not need to take any action.

5. Parental Rights and Controls

As a parent or guardian, you have complete control over your child's data:

• Review: All data is stored on your device and accessible through the app
• Delete: You can delete all stories and data at any time through app settings
• Control: You control what photos are selected and what prompts are entered
• Opt-Out: You can stop using the app at any time by deleting it

6. COPPA Compliance

HeroTales is designed for children under 13 and complies with the Children's Online Privacy Protection Act (COPPA):

• We require parental consent before any data collection (during onboarding)
• We collect only the minimum information necessary for app functionality
• Parents have full control to review and delete data
• We do not enable children to make personal information publicly available
• We do not condition participation on providing more information than necessary
• Child photos are deleted immediately after use — they are not retained

7. GDPR Compliance (European Users)

For users in the European Union, we comply with GDPR Article 8:

• Processing is lawful only with parental consent for children under 16
• We make reasonable efforts to verify parental consent through the onboarding process
• Parents can access, rectify, or erase their child's data at any time
• Photos sent to OpenAI for analysis are deleted immediately after processing
• Right to data portability: All stories are stored as readable text on your device

8. Third-Party Services

We use the following third-party services:

• xAI (Grok API): For AI-powered story text generation. Story prompts (theme, child's name, age, character description) are sent securely. xAI Privacy Policy
• OpenAI Vision API: For analyzing child photos to extract character traits (hair color, skin tone, eye color). Photos are sent securely and deleted from your device immediately after analysis. OpenAI Privacy Policy
• OpenAI DALL-E 3: For generating story illustrations using the extracted character description. No photos or personally identifying images are sent. OpenAI Privacy Policy
• RevenueCat: For managing in-app subscriptions (weekly and lifetime plans). Receives purchase receipts from Apple to verify subscription status. RevenueCat Privacy Policy

We do NOT use:

• Analytics services (no Google Analytics, Firebase, etc.)
• Advertising networks
• Social media integrations
• Cloud storage or backup services

9. Children's Safety

We are committed to children's online safety:

• All generated content is filtered for age-appropriateness
• No chat features or communication with other users
• No social sharing features
• Child photos are used only for the moment of character analysis, then permanently deleted
• Content safety rules prevent inappropriate topics (violence, adult content, etc.)
• Optional premium subscriptions are managed entirely through Apple's App Store with parental controls support

10. In-App Purchases

HeroTales offers a free tier (up to 4 stories) and optional premium subscriptions:

• Weekly subscription: Unlimited story creation billed weekly
• Lifetime access: One-time purchase for unlimited story creation

All purchases are processed by Apple through the App Store. We recommend parents use Screen Time or Family Sharing controls to manage in-app purchase permissions for children.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make changes:

• We will update the "Last Updated" date at the top
• We will notify you through the app if changes are material
• Continued use of the app after changes constitutes acceptance

12. Your Rights

You have the right to:

• Access all data stored on your device through the app
• Delete all data at any time through app settings
• Stop using the app and remove all data by deleting it
• Contact us with privacy questions or concerns
• File a complaint with your local data protection authority (GDPR users)

13. International Users

HeroTales is designed for use worldwide. Story data is stored on your device. Story prompts and character descriptions are processed by xAI (US-based) and OpenAI (US-based). Child photos are temporarily processed by OpenAI and immediately deleted after analysis. Subscription receipts are processed by RevenueCat.

---

Summary for Parents: HeroTales keeps your child's data private and secure. If you add a photo, it is sent to OpenAI to identify hair color, skin tone, and eye color — then deleted from your device immediately. Only a text description of these traits is saved. Story text is generated by xAI (Grok) and illustrations by OpenAI (DALL-E 3). No tracking, no ads. Optional premium subscriptions are managed through Apple's App Store. You're in complete control.

← Back to Home | Terms of Use →