Privacy Policy

Last updated: March 9, 2026

Pipa ("we", "our", "us") is a bedtime story app for parents and guardians. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. What We Collect

• Account information: Your Apple sign-in account identifier and any profile details you choose to save with us, such as your child profile.
• Voice recording: A short audio sample you voluntarily provide if you use voice cloning features.
• Usage analytics: Screen views, story views, story playback, pause/resume/completion events, queue navigation, session timing, and app lifecycle events. This data may be linked to your account when you are signed in, or to an anonymous session when you are not.
• Support messages: If you send us a message from the in-app support form, we collect the message you type and the account context needed to respond and investigate issues.
• Device information: Device platform and app version for debugging, playback reliability, and compatibility.

We do not collect location data, contacts, photos, browsing history, or any data from device sensors beyond the microphone (used only during voluntary voice recording).

2. How We Use Your Data

• Voice synthesis: Your voice recording is sent to our text-to-speech provider (ElevenLabs) to generate story narration that sounds like your voice. The recording is used solely for this purpose.
• Account management: To authenticate your account, save your profile, and sync your library and playback experience.
• Product analytics: To understand which screens are visited, which stories are played, and how the app is used so we can improve story selection, playback reliability, and onboarding.
• Support handling: To review bug reports, feature requests, and support questions you send us from inside the app.
• Operational alerts: We may send internal notifications about important app activity and support requests to our team notification channel so we can monitor the service and respond to issues.

3. Data Sharing

We share data only with the following service providers, strictly for the purposes described:

• ElevenLabs (text-to-speech): Receives your voice recording to generate audio. See their privacy policy.
• Supabase (hosting): Stores your account data and generated audio files securely on AWS (US-West). See their privacy policy.
• Telegram (operational notifications and support inbox): May receive internal service alerts and support messages, including event summaries, story titles, screen names, message content you submit, your account identifier, and limited technical metadata such as IP address, so our team can monitor the product and respond to issues.
• Apple / Google (distribution): Handle app downloads, platform services, and account services we rely on.

We do not sell, rent, or share your personal data with advertisers or data brokers. We do not serve ads. We do not use cross-app tracking or advertising identifiers.

4. Data Storage & Security

• Account data is stored on Supabase (AWS US-West) with encryption at rest and in transit.
• Generated audio files are stored in Supabase Storage with public URLs for playback.
• Voice recordings are transmitted via HTTPS to ElevenLabs for processing.
• Support messages may be forwarded to our internal Telegram support inbox for operational handling.
• We use industry-standard security practices including TLS encryption, secure authentication tokens, and access controls.

5. Data Retention

• Account data is retained for as long as your account is active.
• Voice recordings and generated audio are retained until you delete your voice or your account.
• Raw usage analytics may be retained for internal product and reliability analysis.
• Support messages may be retained for customer support, debugging, and product improvement.
• Aggregated analytics and counters may be retained indefinitely in de-identified or aggregated form.
• Upon account deletion, all personal data (including voice recordings and generated audio) is permanently deleted within 30 days.

6. Children's Privacy (COPPA Compliance)

Pipa is designed for parents and guardians to use with their children. We take children's privacy seriously:

• We do not knowingly collect personal information from children under 13 (or under 16 in the EU).
• Only parents or legal guardians may create accounts, record voices, and operate the app.
• Children are listeners only — they do not interact with the app directly, create accounts, or provide any personal data.
• No behavioral advertising is present in the app.
• We do use first-party product analytics inside the app to understand screen visits, playback, and app usage by the parent or guardian account.
• If we learn that we have inadvertently collected personal information from a child under 13, we will delete it immediately. If you believe this has occurred, please contact us at privacy@lullame.app.

7. Your Rights

All Users

• Access: Request a copy of all personal data we hold about you.
• Deletion: Delete your account and all associated data (voice recordings, generated audio, profile). You can delete your cloned voice directly in the app, or email us to delete your entire account.
• Correction: Update or correct your account information at any time.
• Portability: Request your data in a machine-readable format.

EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation:

• Right to restrict processing of your personal data.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time (for voice recording processing).
• Right to lodge a complaint with your local data protection authority.

Our legal basis for processing: consent (voice recording), contract performance (account services), and legitimate interest (service improvement with anonymous data).

California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used.
• Request deletion of your personal information.
• Opt out of the sale of personal information. We do not sell personal information.
• Non-discrimination for exercising your privacy rights.

8. App Tracking

Pipa does not track you across other apps or websites. We do not use Apple's App Tracking Transparency framework because we do not engage in cross-app tracking, and we do not use advertising identifiers (IDFA). We do use first-party in-app analytics about screens visited, stories played, playback events, support activity, and app lifecycle events to operate and improve Pipa.

9. Third-Party Links

Our app may contain links to external websites (such as our landing page). These sites have their own privacy policies, and we are not responsible for their practices.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through an in-app notification. The "Last updated" date at the top indicates the most recent revision.

11. Contact Us

If you have questions about this privacy policy, your data, or wish to exercise any of your rights, contact us at:

Email: privacy@lullame.app