Privacy Policy

1. Introduction

Bairn, LLC ("Bairn," "we," "us," or "our") is committed to protecting the privacy and safety of families using our AI-powered storytelling platform. This Privacy Policy explains how we collect, use, protect, and share information when you use the Bairn mobile application and related services (collectively, the "Service").

1.1 Our Commitment to Children's Privacy

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA). This Privacy Policy describes our practices regarding children's personal information and the additional protections we provide.

1.2 Company Information

Bairn, LLC
A Delaware Limited Liability Company
2261 Market Street STE 85719
San Francisco, CA 94114
Phone: (415) 683-0504
Email: [email protected]

1.3 Scope

This Privacy Policy applies to all users of our Service, including parents, guardians, and children who use Bairn under parental supervision.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (for account access and notifications)
• Account credentials and authentication data

Child Profile Information:

• Child's first name (for story personalization)
• Age group (Toddler, Preschool, Elementary, or Tween)
• Selected avatar or profile picture
• Child's interests and preferences
• Birth date (optional, for more precise age-based content)

Content Preferences:

• Favorite story genres and characters
• Preferred story length (short, medium, long)
• Voice preferences and speech speed settings
• Content filtering preferences

Voice Conversations:

• Audio recordings when using voice features (automatically deleted after processing)
• Text transcriptions of voice interactions
• Voice conversation metadata

2.2 Information We Collect Automatically

Usage Data:

• Stories and podcasts created, accessed, and completed
• Content listening history and completion rates
• App navigation patterns and feature usage
• Time spent using different features
• User interaction patterns with generated content

Device Information:

• iOS device type and model
• Operating system version
• App version and build number
• Device settings relevant to app functionality
• Network connection information

Technical Data:

• App performance metrics
• Error logs and diagnostic information
• Feature usage analytics
• Content generation success rates

2.3 Information from Third Parties

Apple App Store:

• Subscription status and payment information
• App Store transaction records
• Device and account verification data

Authentication Providers:

• Basic profile information from Clerk authentication service
• Account verification status

2.4 Information We Do NOT Collect

We specifically do not collect:

• Children's full names or surnames
• Physical addresses or precise location data
• Social security numbers or government identifiers
• Photos or videos of children
• Information about other family members
• Financial information (processed by Apple)
• Biometric information
• Health information

3. How We Use Your Information

3.1 Primary Purposes

Content Generation and Personalization:

• Create personalized stories and podcasts tailored to your child
• Generate age-appropriate content based on developmental stage
• Customize voice narration and audio settings
• Personalize story characters and themes
• Adapt content complexity to reading level

Service Provision:

• Maintain and operate the Bairn platform
• Authenticate user accounts and prevent unauthorized access
• Process subscription management through Apple's systems
• Provide customer support and technical assistance
• Deliver notifications about account and service updates

Safety and Content Filtering:

• Apply age-appropriate content filters
• Monitor content generation for safety compliance
• Implement parental controls and safety settings
• Detect and prevent inappropriate content requests
• Maintain child safety protocols

3.2 Service Improvement

Product Development:

• Analyze usage patterns to improve features (using anonymized data)
• Enhance AI generation quality and accuracy
• Develop new story archetypes and content formats
• Optimize app performance and user experience
• Research child development and educational effectiveness

Quality Assurance:

• Monitor content generation success rates
• Identify and fix technical issues
• Test new features and improvements
• Validate content safety measures
• Ensure compliance with child safety standards

3.3 Communication

Service-Related Communications:

• Send account verification and security notifications
• Provide subscription and billing updates
• Deliver customer support responses
• Share important service announcements
• Notify about privacy policy or terms updates

Optional Communications:

• Educational content and parenting tips (with explicit consent)
• New feature announcements and updates
• Safety and privacy best practices

3.4 Legal and Compliance

Legal Requirements:

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect against fraud and abuse
• Enforce our Terms of Service
• Maintain business records as required

4. How We Share Your Information

4.1 We Do NOT Sell Personal Information

We do not sell, rent, or trade personal information about you or your children to third parties for marketing purposes.

4.2 Service Providers and Business Partners

We share information with trusted third-party service providers who help us operate our Service:

AI and Content Generation:

• OpenAI: We send story and podcast prompts (which may include your child's first name, age group, selected interests, and creative inputs) to OpenAI for text generation. OpenAI processes this data solely to generate content and does not use it to train its models under our data processing agreement.
• Cartesia (Text-to-Speech): We send generated story and podcast text to Cartesia for audio narration. Only the text content is transmitted — no personal identifiers are included.

Infrastructure and Storage:

• Cloudflare R2: Secure storage of generated audio and images
• Apple: App Store services, authentication, and payment processing

Authentication and Security:

• Clerk: User authentication and account management

Analytics and Performance (Anonymized Data Only):

• App performance monitoring services
• Anonymized usage analytics for service improvement

4.3 Legal Disclosures

We may disclose information when required by law or when we believe disclosure is necessary to comply with legal process or government requests, protect the rights, property, or safety of Bairn, our users, or the public, prevent fraud or abuse of our Service, or enforce our Terms of Service.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to equivalent privacy protections.

4.5 Consent-Based Sharing

We may share information in other circumstances with your explicit consent.

5. Children's Privacy (COPPA Compliance)

5.1 Age Restrictions

• Parents must be 18 or older to create accounts
• Children using the Service must be between ages 2-12
• All child-related data collection requires verifiable parental consent

5.2 Parental Consent and Control

Verifiable Parental Consent:

• Required before collecting personal information from children under 13
• Obtained through email verification and account creation process
• Documented and maintained for compliance purposes

Parental Rights:

• Review all information collected about your child
• Modify or delete child profile information at any time
• Control privacy settings and content filtering options
• Request complete account deletion
• Receive detailed explanations of our practices

5.3 Limited Collection from Children

We only collect information from children that is necessary for creating personalized content, ensuring age-appropriate experiences, providing basic app functionality, and maintaining safety and security.

5.4 Enhanced Protection Measures

Special Safeguards for Children:

• Enhanced encryption for all children's data
• Restricted access controls for employees
• Regular safety audits and assessments
• Immediate deletion of voice recordings after processing
• No behavioral advertising targeted at children
• No sharing of children's personal information for commercial purposes

6. Data Security and Protection

6.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards:

• Industry-standard encryption for data in transit and at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Automated monitoring for security threats
• Secure cloud infrastructure with redundant backups

Administrative Safeguards:

• Employee security training and background checks
• Strict access controls and need-to-know basis
• Regular privacy and security policy updates
• Incident response procedures
• Compliance monitoring and reporting

Physical Safeguards:

• Secure data centers with restricted access
• Environmental and fire protection systems
• Surveillance and monitoring systems

6.2 Data Breach Response

In the event of a data breach involving personal information:

• Immediate investigation and containment
• Notification to affected users within 72 hours
• Cooperation with law enforcement when appropriate
• Implementation of additional security measures
• Regular updates on investigation progress

6.3 Data Minimization

We practice data minimization by:

• Collecting only necessary information
• Limiting data retention periods
• Regularly purging unnecessary data
• Anonymizing data when possible
• Implementing purpose limitation principles

7. Your Privacy Rights and Choices

7.1 Access and Control

You have the right to:

• Access: View all personal information we hold about you and your children
• Correct: Update or correct inaccurate information
• Delete: Request deletion of personal information (subject to legal requirements)
• Port: Receive your data in a portable format
• Object: Object to certain processing activities

7.2 Account Management

Child Profile Management:

• Create, modify, or delete child profiles
• Update interests, preferences, and settings
• Control content filtering and safety settings
• Manage voice and audio preferences

Content Management:

• View all generated stories and podcasts
• Delete specific content items
• Control content sharing within your family
• Manage offline downloads and storage

7.3 Communication Preferences

You can control:

• Email notification settings
• In-app notification preferences
• Marketing communication opt-outs
• Customer support communication channels

7.4 How to Exercise Your Rights

Contact us at [email protected] or use the in-app privacy controls to submit privacy requests, access your information, request deletions or corrections, and update preferences and settings.

We will respond to privacy requests within 30 days and verify your identity before processing requests.

8. Data Retention and Deletion

8.1 Retention Periods

We retain information for the following periods:

Account Information:

• Retained while your account is active
• Deleted within 30 days of account closure

Child Profile Information:

• Retained while profiles are active
• Deleted within 30 days of profile deletion

Generated Content:

• Retained while your account is active
• Available for 30 days after account deletion
• Permanently deleted after 30-day grace period

Usage and Analytics Data:

• Anonymized and aggregated after 12 months
• Anonymized data may be retained for research purposes
• Individual usage data deleted with account closure

Voice Recordings:

• Automatically deleted immediately after processing
• No permanent storage of voice data
• Transcriptions deleted with content deletion

8.2 Deletion Process

Complete Account Deletion:

1. User requests account deletion
2. 30-day grace period for data recovery
3. Permanent deletion of all personal information
4. Retention of anonymized analytics data only
5. Confirmation of deletion provided to user

Automatic Deletion:

• Voice recordings deleted immediately after processing
• Temporary files and cache data deleted regularly
• Failed content generation attempts deleted immediately
• Session data deleted after logout

9. International Data Transfers

9.1 Data Processing Locations

Your information may be processed in:

• United States (primary processing location)
• Locations where our service providers operate
• Countries with equivalent privacy protections

9.2 Transfer Safeguards

We ensure adequate protection through:

• Contractual protections with service providers
• Adherence to international privacy frameworks
• Data processing agreements with third parties
• Regular compliance assessments

9.3 North American Focus

Our primary operations and user base are in North America, and we implement appropriate safeguards for any international data transfers.

10. California Privacy Rights

10.1 California Consumer Privacy Act (CCPA)

California residents have additional rights under the CCPA:

Right to Know:

• Categories of personal information collected
• Purposes for collecting personal information
• Categories of third parties who receive information
• Specific pieces of personal information collected

Right to Delete:

• Request deletion of personal information
• Exceptions for legal requirements or legitimate business needs

Right to Opt-Out:

• Opt-out of sale of personal information (Note: We do not sell personal information)

Right to Non-Discrimination:

• Equal service and pricing regardless of privacy choices

10.2 How to Exercise California Rights

California residents can exercise these rights by:

• Emailing [email protected]
• Using in-app privacy controls
• Calling (415) 683-0504

We will verify your identity and respond within 45 days.

11. Updates to This Privacy Policy

11.1 Policy Changes

We may update this Privacy Policy to reflect:

• Changes in our practices or services
• Legal or regulatory requirements
• Technological improvements
• User feedback and suggestions

11.2 Notification of Changes

Significant Changes:

• Email notification to all users
• In-app notification upon next login
• 30-day advance notice when possible
• Prominent posting on our website

Minor Changes:

• Update of "Last Updated" date
• Notice through normal communication channels

11.3 Continued Use

Continued use of our Service after policy updates constitutes acceptance of the revised Privacy Policy.

12. Contact Information

12.1 Privacy Questions and Requests

Privacy Officer
Bairn, LLC
Email: [email protected]
Phone: (415) 683-0504
Address: 2261 Market Street STE 85719, San Francisco, CA 94114

12.2 Specific Inquiries

• General Privacy Questions: [email protected]
• Child Safety Concerns: [email protected]
• Data Access Requests: [email protected]
• Legal Matters: [email protected]
• Technical Support: [email protected]

12.3 Response Times

• Privacy requests: Within 30 days
• Safety concerns: Within 24 hours
• General inquiries: Within 48 hours
• Urgent matters: Immediate response during business hours

13. Additional Resources

13.1 Educational Resources

We provide resources to help families understand:

• Digital privacy best practices
• Child safety online
• How AI content generation works
• Parental control features

13.2 Transparency Reports

We publish annual transparency reports including:

• Privacy request statistics
• Data security measures implemented
• Content safety metrics
• Compliance audit results

13.3 Industry Partnerships

We participate in:

• Child safety organizations and initiatives
• Privacy and security industry groups
• Educational technology associations
• Family-focused technology coalitions