Privacy Policy — Clean Story Platform

Effective Date: January 29, 2026

Last Updated: January 29, 2026

Important: This Privacy Policy explains how Clean Story Platform collects, uses, discloses, and protects your information. We are committed to protecting your privacy and the privacy of children who use our Service.

This Privacy Policy describes how DeeeVee LLC ("Company," "we," "us," or "our") collects, uses, discloses, and protects information in connection with the Clean Story Platform (the "Service"), including our websites, mobile applications, and related services.

Table of Contents

1. Scope of This Policy
2. Information We Collect
3. How We Use Your Information
4. Legal Bases for Processing
5. Information Sharing and Third-Party Services
6. Children's Privacy
7. Communications (Email, SMS, WhatsApp)
8. AI Services and Data Processing
9. Voice Data and ElevenLabs
10. Payment Processing
11. Data Retention
12. Account Deletion
13. Your Rights and Choices
14. International Data Transfers
15. Security
16. Regional Privacy Disclosures
17. Cookies and Tracking Technologies
18. Changes to This Policy
19. Contact Us

1. Scope of This Policy

This Privacy Policy applies to information we collect when you:

• Use the Clean Story Platform application (web, iOS, Android)
• Visit our websites
• Interact with our customer support
• Receive communications from us

This Policy does not apply to third-party websites or services linked from our Service. We encourage you to review the privacy policies of any third parties you interact with.

2. Information We Collect

We follow the principle of data minimization—we collect only what is necessary to provide and improve our Service.

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your email, name, and profile picture from Google.
• Stripe: Subscription status, transaction confirmations (not complete payment card data).

3. How We Use Your Information

We use your information to:

3.1 Provide and Operate the Service

• Create and manage your account
• Generate personalized stories using AI
• Produce voice narrations
• Process subscriptions and payments
• Enable story sharing features

3.2 Communicate with You

• Send transactional emails (account verification, password reset, billing receipts)
• Deliver SMS/WhatsApp notifications (when enabled)
• Respond to support inquiries
• Notify you of important service updates

3.3 Improve and Protect the Service

• Analyze usage patterns to improve features
• Detect and prevent fraud, abuse, and security threats
• Ensure content safety and age-appropriateness
• Debug technical issues

3.4 Legal and Compliance

• Comply with legal obligations
• Respond to lawful requests from authorities
• Enforce our Terms of Service
• Protect rights, safety, and property

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

You may withdraw consent at any time through your account settings. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Information Sharing and Third-Party Services

We share your information only as described below. We do not sell your personal information.

5.1 Service Providers (Data Processors)

We engage trusted third parties to help operate the Service:

All service providers are contractually bound to protect your information and use it only for the services we engage them to provide.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect rights, safety, or property.

5.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such transfer and any changes to this Privacy Policy.

5.4 With Your Consent

We may share information for other purposes with your explicit consent.

6. Children's Privacy

Protecting children's privacy is a top priority.

6.1 Our Approach

• Children cannot create accounts. Only parents/guardians can register.
• Child profiles contain non-identifying information only (age bracket, nickname, preferences).
• DO NOT enter children's full names, birthdates, photos, school names, or location data.
• All child profile data is managed by and accessible to the parent account holder.

6.2 COPPA Compliance (United States)

We comply with the Children's Online Privacy Protection Act (COPPA):

• We do not knowingly collect personal information from children under 13 without verifiable parental consent.
• Our parent-managed account structure ensures parents control all child-related data.
• Parents can review, modify, or delete child profile information at any time.
• Parents can refuse further collection of their child's information.

6.3 GDPR-K Compliance (European Union)

We comply with GDPR Article 8 regarding children:

• Children under 16 (or lower age per member state, minimum 13) cannot consent to data processing.
• Parental authorization is required, which our account structure ensures.
• We use clear, child-friendly language where appropriate.

6.4 Age Thresholds by Jurisdiction

We apply appropriate age thresholds based on local law:

• United States: 13 (COPPA)
• European Union: 13-16 (varies by member state)
• United Kingdom: 13
• Australia: 15
• South Korea: 14
• Other jurisdictions: Age of majority or as required by local law

6.5 Parental Rights

Parents have the right to:

• Review information in child profiles
• Delete child profiles at any time
• Request deletion of any child-related data
• Refuse further collection
• Contact us at support@deeevee.com with questions

6.6 Reporting Concerns

If you believe a child has provided personal information without parental authorization, contact us immediately at support@deeevee.com. We will promptly investigate and delete any improperly collected information.

7. Communications (Email, SMS, WhatsApp)

7.1 Email (Mailgun)

We use Mailgun to send emails:

• Transactional emails: Account verification, password reset, subscription confirmations, billing receipts. These cannot be disabled while you have an active account.
• Notification emails: Story sharing alerts, feature updates. You can disable these in Settings.
• Marketing emails: Sent only with explicit consent. Unsubscribe anytime via the link in each email.

7.2 SMS and WhatsApp (Twilio)

We use Twilio for SMS and WhatsApp messaging:

• Security messages: Two-factor authentication codes, security alerts.
• Notifications: Story sharing notifications (when enabled).

7.3 Your Consent and Opt-Out

• Optional Consent: SMS and WhatsApp notifications are optional and disabled by default. You may choose to opt in during registration or at any time in your account settings. Opting in to messaging is not required to create an account, make a purchase, or use any feature of the service.
• Opt-Out: Disable SMS/WhatsApp notifications at any time in Settings → Notification Preferences, or by replying STOP to any message.
• No Marketing via SMS: We do not send marketing messages via SMS or WhatsApp.
• Carrier Rates: Standard messaging rates from your carrier may apply.

8. AI Services and Data Processing

8.1 OpenAI Integration

We use OpenAI's API for AI-powered story generation:

• Data sent to OpenAI: Story prompts, selected moral lessons, age brackets, epic preferences. No personal identifiers are sent.
• Data retention by OpenAI: OpenAI's API does not use customer data for training (per their current policy). See OpenAI Enterprise Privacy.
• Content filtering: We use OpenAI's safety features to ensure age-appropriate content.

8.2 AI-Generated Content

AI-generated stories are processed and stored by us. We may use anonymized, aggregated data about story preferences to improve our Service, but we do not share individual stories with third parties except as necessary to provide the Service.

9. Voice Data and ElevenLabs

9.1 What We Store

We store only the ElevenLabs Voice ID—a reference string that points to a voice you have created in your own ElevenLabs account. We do not store:

• Voice samples or recordings used to create voice clones
• Biometric voice data
• Audio fingerprints

9.2 How Voice ID Is Used

When you request a narrated story, we send your Voice ID and the story text to ElevenLabs. ElevenLabs synthesizes the audio and returns it to us for playback.

9.3 ElevenLabs Data Handling

Voice cloning data (the original voice samples) remains with ElevenLabs under their policies. We have no access to your underlying voice clone. For questions about voice data at ElevenLabs, see their Privacy Policy.

9.4 Removing Voice ID

You can remove your Voice ID from our Service at any time in Settings → Voice Profile. This does not delete your voice clone from ElevenLabs; manage that directly with ElevenLabs.

10. Payment Processing

10.1 Stripe

All payments are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.

• What Stripe receives: Your billing name, address, payment card details, transaction amounts.
• What we receive: Subscription status, last 4 digits of card, card brand, transaction confirmations. We never receive or store complete card numbers.
• Stripe's policies: See Stripe's Privacy Policy.

10.2 Subscription Data

We retain subscription records (plan type, billing history, invoices) for accounting, tax compliance, and dispute resolution as required by law.

11. Data Retention

We retain your information only as long as necessary for the purposes described in this Policy:

12. Account Deletion

You can delete your account at any time from Settings → User Profile → Delete Account.

12.1 Immediately Deleted

• Your email address and profile information
• Your name and contact details
• Your child profiles and their preferences
• Your notification settings and preferences
• OAuth connections (Google login)
• Voice ID references
• Phone number and communication preferences

12.2 Anonymized and Retained

• Story content: Becomes anonymized company asset (no longer linked to you)
• Story narrations: Anonymized; associated Voice IDs removed
• Transaction records: Anonymized; retained 7 years for tax/legal compliance

12.3 Why Some Data Is Retained

• Legal requirement: Tax laws require transaction records for 7 years
• Cost efficiency: Anonymized stories prevent duplicate AI generation costs
• No PII: Retained data cannot identify you after anonymization

12.4 Processing Time

Account deletion is processed immediately. Once deleted, your account cannot be recovered.

13. Your Rights and Choices

Depending on your location, you may have the following rights:

13.1 Universal Rights

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Delete your account and personal data
• Opt-out: Disable optional communications
• Data Export: Download your stories and data (where available)

13.2 Exercising Your Rights

In-App Controls:

• Settings → User Profile: Edit profile, delete account
• Settings → Notification Preferences: Manage email, SMS, WhatsApp
• Settings → Voice Profile: Add/remove Voice ID
• Settings → Child Profiles: Manage child profiles

Contact Us:

• Email: support@deeevee.com
• Subject: "Privacy Rights Request"

We will verify your identity before processing requests and respond within the timeframes required by applicable law (typically 30 days, extendable to 60 days for complex requests).

14. International Data Transfers

We operate globally and may transfer your information to countries other than your country of residence.

14.1 Transfer Safeguards

When transferring data outside the EEA, UK, or Switzerland, we use appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU-approved contractual protections
• Adequacy decisions: Transfers to countries deemed adequate by the European Commission
• Data Processing Agreements: Contracts with all service providers

14.2 US Data Privacy Framework

Where applicable, we work with service providers certified under the EU-U.S. Data Privacy Framework.

15. Security

We implement technical and organizational measures to protect your information:

15.1 Technical Measures

• Encryption in transit (TLS 1.2+) and at rest
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Web application firewall protection
• DDoS mitigation
• Intrusion detection systems

15.2 Organizational Measures

• Role-based access controls
• Employee security training
• Background checks for employees with data access
• Incident response procedures
• Regular security reviews

15.3 Your Responsibilities

• Use strong, unique passwords
• Enable two-factor authentication when available
• Keep your devices and software updated
• Notify us immediately of suspected unauthorized access

No security is perfect. While we strive to protect your information, we cannot guarantee absolute security.

16. Regional Privacy Disclosures

16.1 European Economic Area, United Kingdom, Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland:

• Data Controller: DeeeVee LLC
• DPO Contact: support@deeevee.com
• Additional Rights: Right to restriction of processing, right to object, right to lodge a complaint with your supervisory authority
• Automated Decision-Making: We do not make decisions based solely on automated processing that produce legal effects concerning you

16.2 California (CCPA/CPRA)

If you are a California resident:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Authorized Agents: You may designate an authorized agent to make requests on your behalf
• Shine the Light: California Civil Code § 1798.83 permits you to request information about disclosure of personal information to third parties for direct marketing. We do not share personal information for direct marketing purposes.

Categories of Personal Information Collected (past 12 months):

• Identifiers (email, name, IP address)
• Customer records (account information)
• Commercial information (subscription history)
• Internet/electronic activity (usage data)
• Geolocation (approximate, derived from IP)
• Inferences (preferences based on usage)

16.3 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have similar rights to access, correct, delete, and opt-out of targeted advertising and sale of personal data. We do not sell personal data or engage in targeted advertising as defined by these laws.

16.4 Brazil (LGPD)

If you are in Brazil:

• You have rights similar to GDPR, including access, correction, deletion, portability, and information about sharing
• Contact our DPO at support@deeevee.com

16.5 Canada (PIPEDA)

If you are in Canada:

• We process your personal information in accordance with PIPEDA
• You have the right to access and correct your personal information
• Contact us to withdraw consent or make complaints

16.6 Australia (Privacy Act 1988)

If you are in Australia:

• We comply with the Australian Privacy Principles (APPs)
• You have rights to access and correct your information
• You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

16.7 Singapore (PDPA)

If you are in Singapore:

• We comply with the Personal Data Protection Act
• You have rights to access and correct your data
• Contact our DPO for requests

16.8 Japan (APPI)

If you are in Japan:

• We comply with the Act on the Protection of Personal Information
• You have rights to disclosure, correction, and cessation of use

16.9 South Korea (PIPA)

If you are in South Korea:

• We comply with the Personal Information Protection Act
• You have rights to access, correct, delete, and suspend processing

16.10 India (DPDPA)

If you are in India:

• We will comply with the Digital Personal Data Protection Act upon full implementation
• You have rights similar to those described above

16.11 Other Jurisdictions

If you are located in another jurisdiction with data protection laws, we will endeavor to respect your rights under applicable local law. Contact support@deeevee.com with questions.

17. Cookies and Tracking Technologies

17.1 Types of Cookies We Use

• Essential cookies: Required for authentication, security, and basic functionality. Cannot be disabled.
• Preference cookies: Remember your settings and preferences (language, theme).
• Analytics cookies: Help us understand how users interact with the Service.

17.2 Managing Cookies

You can control cookies through:

• Your browser settings (blocking or deleting cookies)
• Our cookie preferences (where available)

Note that disabling essential cookies may prevent the Service from functioning properly.

17.3 Do Not Track

We currently do not respond to Do Not Track browser signals. We will update this Policy if we implement such functionality.

18. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

18.1 Notification of Changes

For material changes, we will notify you through:

• Email to your registered address
• Prominent notice within the Service
• At least 30 days before changes take effect (except for changes required by law)

18.2 Review

We encourage you to review this Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

19. Contact Us

General Privacy Inquiries:
Email: support@deeevee.com

Data Protection Officer:
Email: support@deeevee.com

Postal Address:
DeeeVee LLC
565 Shaker Ln, Lake Zurich, IL 60047

Response Time: We aim to respond to privacy inquiries within 30 days, or sooner where required by law.

Last updated: January 29, 2026