Now 40% off the yearly subscription: Best deal of the year →

Privacy Policy

Welcome to KinderStories!
Protecting your data — especially the data of children — is very important to us. Below you will find the full, legally binding privacy policy for the KinderStories app.

1. Data Controller and Contact

The data controller responsible for processing personal data within the "KinderStories" app is:

S3P Studios UG (haftungsbeschränkt)
Egartenweg 4
72336 Balingen
Germany
Represented by: Savo Asanin and Sascha Zimmermann
Email: privacy@kinderstories.app

If you have any questions about data protection or wish to exercise your rights, you may contact us at any time using the email address above. We have not appointed a separate data protection officer.

2. Definitions

To make this notice understandable without prior knowledge, we briefly explain the most important terms:

3. Categories of Personal Data

When using KinderStories, we process the following categories of personal data:

We do not actively collect real personal data about children (e.g., children's real names or photos). We explicitly recommend using freely invented names when personalizing stories.

4. Purposes of Processing

We process personal data for the following purposes:

5. Place, Duration, and Legal Bases of Processing

5.1 Place of Processing (EU/USA)

Depending on the service used, your data is processed within the European Union and in the USA (see Section 6).

5.2 Transfers to Third Countries

Where data is transferred to countries outside the EU or EEA, we ensure an adequate level of data protection through appropriate safeguards — such as EU Standard Contractual Clauses or an adequacy decision of the European Commission, where the respective provider participates in such a framework.

5.3 Retention Period

We store personal data only for as long as necessary for the respective processing purpose, or as long as we are legally required to do so. The exact duration depends on the legal basis of the processing concerned (see Section 5.4):

Longer storage remains possible where we are subject to statutory retention obligations or where required by an official or judicial order. Details on deleting your user account can be found in Section 7.7.

5.4 Legal Bases of Processing

For the purposes described in Section 4, we rely on the following legal bases under Art. 6(1) GDPR, depending on the processing activity:

Where we rely on a legitimate interest, we have weighed that interest against your interests and fundamental rights in each case.

6. Services and Third-Party Providers Used in Detail

Below, we inform you about the services we use, their purpose, the place of processing, and the categories of data affected.

6.1 Authentication (Firebase Authentication, Sign in with Apple/Google, Facebook/Meta Login)

For app sign-in, we use Firebase Authentication (Google LLC, USA) as well as the login services "Sign in with Apple" (Apple Inc., USA), "Sign in with Google" (Google OAuth, Google LLC, USA), and Facebook/Meta Login (Meta Platforms, Inc., USA). This involves processing account data such as your email address and a unique account identifier; for Facebook/Meta Login, your account identifier on that platform is also processed.

6.2 Analytics and Statistics (Google Analytics for Firebase, Google Looker Studio)

To analyze app usage, we use Google Analytics for Firebase and Google Looker Studio (both Google LLC, USA). Usage and device information is processed to further develop and improve the app.

6.3 Hosting and Infrastructure (incl. CDN, Infrastructure Monitoring)

For hosting our databases and backend functions, we use various Firebase services (Cloud Firestore, Cloud Functions, Cloud Storage, Realtime Database) as well as Google BigQuery, all operated by Google LLC with processing taking place in the USA. To monitor and analyze errors in our technical infrastructure, we additionally use Google Crashlytics (Google LLC, USA), which is only activated with your prior consent.

6.4 Artificial Intelligence (OpenAI API)

To create personalized stories, images, and avatars, we use AI services from OpenAI (OpenAI, L.L.C., USA), Anthropic (Anthropic, PBC, USA), and additionally Google Gemini (Google LLC, USA). Your input (e.g., text input and, where applicable, avatar photos) is processed to generate this content. Where supported by the respective provider, your input is not used to train their general AI models (see also Section 7.1).

6.5 Marketing (HighLevel Marketing)

For marketing purposes, managing contact inquiries, and sending marketing campaigns, we use the HighLevel service (HighLevel Inc., USA).

6.6 Payment Processing (App Stores)

Payments for subscriptions and in-app purchases are processed exclusively through the respective app stores (Apple App Store, Google Play Store). We do not receive complete payment data such as credit card numbers.

6.7 Contact and Contact Form

If you contact us via the contact form or by email, we process the data you provide (e.g., name, email address, content of your inquiry) in order to respond to your request.

6.8 Mailing List/Newsletter

When you subscribe to our newsletter, we process your email address in order to send you information about our services. You may unsubscribe at any time via an unsubscribe link.

6.9 User Database Management

We also use the HighLevel service (HighLevel Inc., USA) to create user profiles and improve the app. This involves evaluating the account data you provide (e.g., email address) as well as usage behavior.

6.10 Traffic Optimization

To deliver static content and optimize loading times, we use the content delivery network jsDelivr (operated by jsdelivr.com, place of processing: Poland). Usage data is processed in this context.

6.11 Display of External Content

To display fonts, we use Google Fonts (Google LLC, USA). Usage data may be processed in this context.

7. Special Notes on Data Processing

7.1 Use of AI Services

We use third-party AI services to create personalized stories and images. Where supported by the respective provider, your input is not used to train the provider's general AI models.

7.2 Children's Privacy

KinderStories is designed for families. The contracting party, and the person responsible for entering data, is always an adult (parent or legal guardian). Data is processed in connection with use by children only under the supervision of, and with the consent of, the legal guardians.

7.3 Avatar Photos

If you upload a photo to personalize a story, we do not store that photo permanently. However, it may be temporarily transmitted to and briefly processed by the AI service provider used to create the content. Any short-term storage by the AI service provider takes place exclusively for that provider's security and abuse-prevention purposes. We recommend using only photos for which you hold the necessary rights, and avoiding real photos of children.

7.4 Storage Location and Retention Period

The data referred to in this notice is stored within the EU or the USA, depending on the service used (see Section 6). The retention period depends on the respective processing purpose (see Section 5.3).

7.5 Measuring App Installations (Conversion Tracking)

To measure the success of our advertising efforts, we use conversion tracking features, e.g., from Google Ads. This records whether an app installation can be attributed to a previously displayed advertisement. This processing takes place only with your prior consent and not for purposes of personalized advertising. The data collected is not combined with other data and is not used for profiling.

7.6 Push Notifications

With your consent, we send you push notifications, e.g., about new content or promotions. For delivery, we use Firebase Cloud Messaging and Firebase Notifications (Google LLC, USA). You can disable receipt at any time in your device or app settings.

7.7 Deleting Your Account and Data

You can request deletion of your user account and associated data at any time via the menu in the app. You can find the relevant menu option under: App → Profile → Settings → Delete Account. Deletion is generally completed within 30 days. Alternatively, you can contact us at privacy@kinderstories.app.

7.8 System Logs and IP Addresses

For operational, security, and maintenance purposes, technical log data recording app usage may be generated (system logs), including IP addresses. We process this data to ensure secure operation, analyze errors, and detect misuse.

7.9 Processing to Assert and Defend Legal Claims

Where necessary, we process personal data to assert, exercise, or defend legal claims, and to comply with legal obligations or official orders.

8. Opting Out of Interest-Based Advertising

KinderStories does not use your data for interest-based (personalized) advertising. Regardless, you can generally restrict the advertising use of device identifiers: corresponding settings can be found in your device's privacy settings or through the opt-out tools of the respective advertising providers. You can also turn to industry-wide opt-out initiatives, such as YourOnlineChoices (for users in the EU), the Network Advertising Initiative, or the Digital Advertising Alliance with its "AppChoices" app (both for users in the USA), DAAC (Canada), or DDAI (Japan).

9. Rights of Users by Region

9.1 Users in the EU

If you are located in the European Union, you have the following rights in particular under the General Data Protection Regulation (GDPR):

Note on the right to object: Where we process personal data for direct marketing purposes (e.g., sending our newsletter), you can object to that processing at any time, free of charge, and without giving reasons. Upon receiving your objection, we will stop the processing concerned without delay.

9.2 Users in Switzerland

If you are located in Switzerland, you have comparable rights under the Swiss Federal Act on Data Protection (FADP). Complaints can be directed to the Federal Data Protection and Information Commissioner (FDPIC).

9.3 Users in Brazil

If you are located in Brazil, you have rights under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, LGPD), including the right to access, rectify, delete, and port your data, the right to object, and the right to review automated decisions made about you without human involvement. Exercising these rights will not result in discrimination or disadvantage to you.

As under the GDPR, we also rely on an appropriate legal basis under the LGPD for processing your data, in particular your consent, the performance of a contract with you, or our legitimate interest (see Section 5.4 for details on each processing activity).

We provide a simplified confirmation of whether, and in what form, we process data about you without delay; we provide a complete response within 15 days. Your data is transferred to countries outside Brazil only where permitted, for example based on an authorization from the Brazilian data protection authority (ANPD), international cooperation between authorities, or the performance of a contract with you.

You can contact us using the contact details listed in Section 1, or file a complaint with the Brazilian data protection authority (Autoridade Nacional de Proteção de Dados, ANPD).

9.4 Users in the USA

If you are located in one of the following U.S. states, you have additional rights under the laws applicable there: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and Montana.

Notice at Collection: Beyond the categories described in Section 3, we do not collect Geolocation Data or biometric data; avatar photos are not used for biometric identification. Specifically, we collect:

The respective retention period follows from Section 5.3.

For these users, we further provide the following information in particular:

Additional rights by state:

You can exercise your rights using the contact details listed in Section 1. For identity verification purposes, we may request additional information from you, which we use solely for verification purposes. We respond to requests to exercise your rights without undue delay and within the period specified under the applicable law (generally 45 days, with the possibility of a one-time extension of an additional 45 days where permitted by applicable law).

You may also object to processing through a global privacy control mechanism supported by your browser or device (e.g., Global Privacy Control, GPC); we honor such objections where technically supported. California users additionally have the right to limit the use and disclosure of sensitive personal information to what is necessary to provide the service.

10. Changes to This Privacy Policy and Version Date

We may update this privacy policy from time to time, for example due to changes in legal requirements or new app features. The current version of this privacy policy is always available at https://kinderstories.app/privacyPolicy; this page contains the full, legally binding version.

Where future changes to this privacy policy affect processing that is based on your consent, we will inform you and, where legally required, obtain a new consent in advance.

Effective date of this privacy policy: June 28, 2026

Last updated: June 28, 2026

Further information about the collection or processing of personal data in connection with individual services or features is available from us at any time on request (see Section 1 for contact details).