Privacy Policy

1. Introduction

Welcome to HUSHIKO ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered bedtime story application and website.

Please read this privacy policy carefully. By using HUSHIKO, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Account information (name, email address)
• Character profile information (name, age, appearance settings)
• Payment information (processed securely through third-party payment processors - we do not store card details)
• Device information (device type, operating system)
• Usage data (stories created, preferences, app interactions)

2.2 Character Profiles

HUSHIKO allows you to create four types of character profiles:

• Human characters: Children, parents, grandparents, or other people with customizable appearance (hair style, hair color, eye color, skin tone)
• Pet characters: Dogs, cats, or other animals with description and color
• Toy characters: Teddy bears, dolls, robots, or other toys with description

Character profile data is used solely for story personalization and AI image generation.

2.3 Children's Privacy (COPPA Compliance)

HUSHIKO is designed for children aged 3-12. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar regulations worldwide. We only collect the minimum information necessary to provide our service:

• Child's first name (for story personalization)
• Age (to adapt story complexity using CEFR language levels: A1, A2, B1, B2)
• Visual appearance preferences (for AI-generated illustrations)
• Story preferences and themes

We do not knowingly collect other personal information from children without verifiable parental consent. Parents can review, modify, or delete their child's information at any time through the app settings or by contacting us.

2.4 Automatically Collected Information

• IP address (for security purposes only, not stored long-term)
• Browser type and version
• App usage statistics (anonymized)
• Story generation metrics (for service improvement)

3. How We Use Your Information

We use the collected information for the following purposes:

• Generating personalized AI bedtime stories using advanced AI
• Creating 6 custom AI illustrations per story using AI image generation
• Producing professional audio narration using professional text-to-speech service
• Generating karaoke-style word-by-word highlighting for reading practice
• Creating video exports (MP4) and PDF exports for offline use
• Processing payments and managing story credits
• Sending service-related notifications
• Improving our AI algorithms and user experience
• Detecting and preventing fraud or abuse
• Complying with legal obligations

4. AI Services and Data Processing

4.1 OpenAI (advanced AI and AI image generation)

We use OpenAI's services for:

• Story generation: Your story theme and character descriptions are sent to advanced AI to create unique, age-appropriate stories
• Image generation: Character descriptions and scene prompts are sent to AI image generation to create 6 custom illustrations (1792x1024 pixels) per story

Data sent to OpenAI is processed according to OpenAI's Privacy Policy. We use API settings that disable training on customer data.

4.2 professional text-to-speech service

Story text is sent to professional text-to-speech technology to generate professional audio narration in 8 languages: English, Spanish, Polish, Portuguese, French, German, Italian, and Chinese.

4.3 Payment Processors

• Stripe: For web payments (we never see or store your card details)
• Apple App Store: For iOS in-app purchases
• Google Play: For Android in-app purchases

5. Generated Content and Storage

5.1 What We Store

• Story text: The generated story content
• Audio files: MP3 narration files
• Images: 6 PNG illustrations per story
• Karaoke data: Word-by-word timing synchronization
• Video exports: Temporary MP4 files (automatically deleted after 24 hours)

5.2 Storage Location

All data is stored on secure servers. Generated content (audio, images) is stored privately and accessible only to the account owner.

5.3 PDF and Video Exports

When you export stories:

• PDF exports: Generated on-demand with secure one-time download tokens (valid for 15 minutes)
• Video exports: MP4 files with HUSHIKO branding, automatically deleted after 24 hours

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

6.1 Service Providers

• OpenAI (story and image generation)
• Google Cloud (text-to-speech, hosting)
• Stripe (payment processing)
• Apple/Google (in-app purchases)

6.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner with prior notice.

7. Data Security

We implement appropriate technical and organizational security measures:

• HTTPS encryption for all data in transit
• Bcrypt password hashing (12 rounds)
• JWT authentication with 7-day expiry
• HttpOnly cookies for session management
• Rate limiting (100 requests/hour per user)
• Security headers (CSP, HSTS, X-Frame-Options)
• PCI DSS compliant payment processing (via Stripe)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data (available in app settings)
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and all associated data
• Portability: Export your data in JSON format
• Opt-out: Unsubscribe from marketing communications
• Consent Management: Manage your privacy preferences (analytics, marketing)
• Parental Control: Parents can review, modify, or delete their child's profiles at any time

To exercise these rights, use the in-app privacy settings or contact us at privacy@hushiko.com

9. Data Retention

We retain your information as follows:

• Account data: Until you delete your account
• Stories and content: Until you delete them or your account
• Video exports: Automatically deleted after 24 hours
• Payment records: As required by law (typically 7 years)
• Anonymized analytics: May be retained indefinitely

When you delete your account, all personal data and generated content is permanently removed within 30 days.

10. Cookies and Tracking

We use minimal cookies:

• Essential cookies: Authentication, language preferences, CSRF protection
• Analytics cookies: Anonymous usage statistics (with your consent)

We do NOT use:

• Third-party advertising cookies
• Social media tracking pixels
• Device fingerprinting
• Cross-site tracking

You can manage cookie preferences through our cookie consent banner.

11. International Data Transfers

Your information may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards:

• Standard Contractual Clauses (EU/EEA)
• Data Processing Agreements with all providers
• Compliance with GDPR transfer requirements

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or prominent notice in the app. Your continued use of HUSHIKO after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

• Email: privacy@hushiko.com
• Support: support@hushiko.com

14. Regional Specific Provisions

14.1 European Union (GDPR)

If you are in the EU/EEA, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority. Our legal basis for processing is:

• Contract performance (providing the service)
• Legitimate interests (security, fraud prevention)
• Consent (marketing, analytics)

14.2 California (CCPA/CPRA)

California residents have additional rights including the right to know what personal information we collect, delete it, and opt-out of sales. We do not sell personal information.

14.3 Brazil (LGPD)

Brazilian residents have rights under LGPD similar to GDPR, including access, correction, deletion, and data portability.

14.4 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate.