Privacy Policy

Loomling (“we”, “us”, “our”) makes personalised, illustrated, narrated bedtime stories for children. The service is Pixelite SL. We are the data controller for the personal information described here. For any privacy question or request, contact hi@loomling.com.

Every account is created and controlled by a parent or legal guardian. We designed Loomling to be parent-managed, ad-free, and free of behavioural tracking. We do not sell your data, and we do not sell or share your child’s data with anyone for advertising.

Loomling is intended to be set up and operated by an adult. Accounts are parent-managed: the parent or guardian provides verifiable consent, adds any child details, and controls the experience. We take a stance aligned with the U.S. Children’s Online Privacy Protection Act (COPPA) and the “child” provisions of the EU/UK GDPR (GDPR-K), which means:

• ✦A parent or guardian must create and manage the account; children do not sign up themselves.
• ✦We obtain verifiable parental consent before collecting a child’s details — the card-on-file at signup serves as a recognised consent method, and we record each consent with a timestamp and policy version.
• ✦We collect the minimum information needed to generate stories — nothing more.
• ✦We never serve behavioural advertising and we do not build advertising profiles of children.
• ✦We do not sell children’s personal information.
• ✦A parent can review, export, or delete their child’s data at any time from the account page.

If you believe a child has provided us information without a parent’s involvement, contact hi@loomling.com and we will delete it promptly.

We collect only what we need to provide the service:

• ✦Parent account details — your email address and authentication credentials.
• ✦Child details you choose to add — a first name, age or reading level, an avatar, interests, and preferred language. You decide what to provide.
• ✦Story content — the stories, illustrations, and choices created on your account.
• ✦Voice-chat input — when you use the optional spoken “let’s dream up a story” chat, your child’s short audio clips are transcribed to text by a speech-to-text provider (Groq). We keep the resulting transcript with the conversation; we do not retain the raw audio long-term.
• ✦Basic technical & billing data — limited operational logs (including IP address) to keep the service secure and reliable, and subscription/payment status. Payment card details are handled by our payment providers, not stored by us.
• ✦Consent records — a timestamped record of the Terms/Privacy acceptance and any marketing opt-in, with the policy version, for our accountability obligations.

Stories, illustrations, and narration are generated using AI. The prompts and details you provide — and, for the voice chat, the transcribed text of what your child says — are sent to the AI providers listed on our Subprocessors page solely to produce your story. We apply kid-safe content filtering, but AI output can occasionally be imperfect, so a parent should remain involved. We do not use your family’s content to train third-party advertising models.

• ✦To generate, illustrate, narrate, and store your personalised stories.
• ✦To operate your account, including authentication and billing.
• ✦To keep the service safe — kid-safe content filtering and abuse prevention.
• ✦To respond to your support requests and improve reliability.
• ✦To send essential service emails; marketing emails only if you opt in (you can opt out anytime).

We do not use your or your child’s data to serve ads, and we do not sell it.

We rely on a small set of trusted providers strictly to deliver the service — including database & hosting, AI story generation, voice transcription, illustration & narration, email, and payments. The full, current list (with what each one processes and where) is on our Subprocessors page. We do not permit these providers to use your family’s data for their own advertising.

We use only strictly-necessary cookies to keep you signed in — no advertising or tracking cookies. See our Cookie Policy for details.

We keep data only as long as it’s needed, then delete it:

• ✦Account, child profiles and saved stories — kept while your account is active; deleted when you delete your account (immediately and irreversibly).
• ✦Voice-chat transcripts — the chat is ephemeral; transcripts are retained briefly to build the story and are routinely purged.
• ✦Operational & security logs — retained for a short period for reliability and abuse prevention.
• ✦Limited billing/transaction records — retained as required for legal, tax and accounting obligations.
• ✦Consent records — retained for as long as needed to demonstrate compliance.

Depending on where you live, you may have rights to access, correct, export, delete, or restrict the processing of personal data, and to withdraw consent. As the parent or guardian, you can exercise these on behalf of your child. You can do the most common ones yourself, right now:

• ✦Export your data — “Export my data” on your account page produces a complete JSON copy.
• ✦Delete your account & data — “Delete account” on your account page erases everything (and you can also email us).
• ✦Update your email, name, password, and marketing preferences from your account page.

For anything else, email hi@loomling.com. We aim to respond to verified requests within 30 days.

If you are a California resident, you have the right to know the categories of personal information we collect (account identifiers, child profile details, story content, voice-chat transcripts, and limited technical/billing data), to access and delete it, and to correct it. We do not “sell” or “share” personal information as those terms are defined under the CPRA, and we do not sell or share the personal information of minors. We do not discriminate against you for exercising these rights. To make a request, email hi@loomling.com.

We store stories and account information using access controls (row-level security) and reputable infrastructure. Payment details are handled by our payment providers and never stored on our servers. No system is perfectly secure, but we work to protect your family’s information and to limit who can access it.

We may process data in countries other than your own (see the regions on our Subprocessors page); where required, we use appropriate safeguards. If we make material changes to this policy, we’ll update the “Last updated” date and policy version and, where appropriate, notify you.

Questions about privacy, or want to access or delete data? Reach us at hi@loomling.com.