Privacy Policy
Effective Date: April 1, 2026 · Last Updated: April 1, 2026
GoodKnight Stories is designed for children ages 6–12. We comply with the Children's Online Privacy Protection Act (COPPA) and are committed to protecting the privacy of children who use our app. This policy explains what information we collect, how we use it, and what rights parents and guardians have.
1. Who We Are
GoodKnight Stories ("we," "us," "our") is an interactive storytelling application for children. The app is operated by GoodKnight Stories. If you have questions about this privacy policy or your child's data, please contact us at:
Email: privacy@goodknight.ai
2. Information We Collect
We collect the minimum amount of information necessary to provide the GoodKnight Stories experience. Here is what we collect and why:
2a. Information Provided by Parents
| Data | Purpose |
|---|---|
| Parent's email address | Account creation, login, parental consent verification, and account-related communications |
| Password (stored as a secure hash) | Account authentication |
| Apple ID (if using Sign In with Apple) | Account authentication (only a unique identifier is stored, not the Apple ID email unless provided) |
2b. Information Generated Through App Use
| Data | Purpose |
|---|---|
| Character names (hero, sidekick, weapon, archenemy) | Personalizing stories. These are fictional names chosen by the child. |
| Story choices | Generating personalized story narratives and tracking character stat progression (Bravery, Wisdom, Leadership, Heart) |
| Story completion data and earned items | Tracking progress, awarding collectible items |
| Story language preference | Delivering stories in the child's preferred language |
| Custom story parameters (theme, tempo, location) | Generating custom stories based on user preferences |
2c. Information We Do NOT Collect
- Child's real name, date of birth, or age
- Physical address or phone number
- Photos, videos, or audio recordings
- Precise geolocation
- Contact lists or social media accounts
- Device identifiers for advertising purposes
- Browsing history or activity outside the app
3. How We Use Information
We use collected information solely to:
- Provide the service: Generate personalized stories, track progress, and manage the child's adventure experience
- Authenticate accounts: Allow parents to create and manage their child's account across devices
- Process subscriptions: Manage premium subscription status and entitlements
- Ensure safety: Filter inappropriate content from user-generated text (custom story choices)
- Improve the service: Understand aggregate usage patterns (e.g., which story worlds are most popular) without identifying individual children
We do not use any information for behavioral advertising, profiling, or selling to third parties.
4. Third-Party Services
We use a limited number of third-party services to operate GoodKnight Stories. We do not share data with any third parties for advertising or marketing purposes.
| Service | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI-powered story generation and content moderation | Story parameters (character names, themes, choices, location). No email or account data is sent. Content is used only for story generation and is not used by OpenAI to train models (per our API agreement). |
| RevenueCat | Subscription and in-app purchase management | Anonymous user identifier and purchase/subscription events. No email, name, or story data is shared. |
| Apple (Sign In with Apple) | Optional authentication method | Only the Apple-provided unique identifier. Apple's own privacy policy governs their handling of Sign In data. |
5. COPPA Compliance
GoodKnight Stories is directed at children ages 6–12, and we comply with the Children's Online Privacy Protection Act (COPPA). Specifically:
- Parental consent: We require verifiable parental consent before creating an account. A parent or legal guardian must provide their email address and confirm their consent during registration.
- Data minimization: We collect only the information necessary to provide the storytelling experience.
- No behavioral advertising: We do not display ads or use data for targeted advertising.
- No social features: The app has no chat, messaging, user-to-user communication, or public profiles.
- Parental access and control: Parents can review their child's information, request changes, or request deletion of their child's account and all associated data at any time by contacting us at privacy@goodknight.ai.
- No conditioning: We do not require a child to disclose more information than is reasonably necessary to use the app.
6. Parental Rights
As a parent or legal guardian, you have the right to:
- Review the personal information we have collected about your child
- Request deletion of your child's account and all associated data
- Refuse further collection or use of your child's information (which may require closing the account)
- Withdraw consent at any time
To exercise any of these rights, email us at privacy@goodknight.ai. We will verify your identity as the account holder before processing your request and respond within 30 days.
7. Data Storage and Security
- Where data is stored: All account and story data is stored in a PostgreSQL database hosted on a dedicated server located in Germany (Hetzner). Data is not stored on or transferred to any shared cloud platform.
- Encryption: All data in transit is encrypted using TLS (HTTPS). Passwords are hashed using bcrypt and cannot be read or recovered. Authentication tokens are stored in the device's encrypted secure storage.
- Access control: The database is accessible only from the server itself (no remote database connections). API endpoints are protected by JWT authentication and rate limiting.
8. Data Retention and Deletion
- We retain account and story data for as long as the account is active.
- Parents may request deletion of their child's account and all associated data at any time by emailing privacy@goodknight.ai.
- Upon receiving a verified deletion request, we will permanently delete all account data, profile data, story history, and earned items within 30 days.
- Database backups that may contain deleted data are automatically purged after 7 days.
9. Changes to This Policy
If we make material changes to this privacy policy, we will notify parents via the email address on file before the changes take effect. We will not retroactively change how we use data already collected without obtaining new parental consent.
10. Contact Us
If you have any questions about this privacy policy, your child's data, or wish to exercise your parental rights, please contact us:
GoodKnight Stories — Privacy
Email: privacy@goodknight.ai