Privacy Policy
Effective Date: 2026-05-11 (draft — pending legal review)
This Privacy Policy explains how Koko ("we", "us", "our") collects, uses, and protects information when you and your children use the Koko mobile application (the "App"). Koko is designed for children and is operated by Kevin Porter (Temecula Dev).
If you have questions about this policy, contact us at support@kokostories.app.
1. Summary for Parents
- We collect the minimum information needed to provide the App: an account for you, profiles for your children, the stories and characters you create, and your purchase history.
- We do not advertise to your children. No third-party advertising SDKs are integrated into the App.
- We do not sell your data. Information is shared only with the service providers we use to operate the App (listed in section 4).
- Account access is gated behind a 4-digit PIN you set up during onboarding. Only the parent account holder can access account settings or your children's data.
- You can delete your account at any time from Settings, which permanently deletes all associated data.
2. Information We Collect
Information you provide
- Account information: email address, password (stored as a hash), parent PIN, display name.
- Child profiles: each child profile includes a name (or nickname) and an age tier (0–2, 3–5, or 6–9). We do not collect children's real names, birthdays, photos, locations, or any other personal information.
- Custom characters: when you create a character together with your child, we store the character's name, appearance description, voice selection, and a generated portrait image.
- Stories: the text and audio narration of stories generated in the App, along with the metadata used to generate them (prompts, character cast, age tier).
- Subscription & purchase information: managed by RevenueCat (see section 4). We receive notifications about subscription status and Koko Stars credit balances but do not handle or store payment card data.
Information collected automatically
- Device information: operating system version (iOS or Android), App version. Used for crash diagnosis and compatibility.
We do not currently use any third-party product-analytics or behavioral-tracking SDK in the App. If we add one in the future, we will update this policy before it begins collecting data.
Information we do not collect
- We do not collect or store children's real names, birthdays, locations, photos, contacts, microphone recordings, or any other personally identifying information about a child.
- We do not use third-party advertising networks.
- We do not use behavioral tracking SDKs.
3. How We Use Information
We use the information we collect to:
- Provide the App and its core features: account access, child profile management, story generation, character creation, audio playback, and story library.
- Generate stories on demand using the AI services described in section 4.
- Process subscription and consumable purchases through RevenueCat.
- Diagnose crashes and improve the App.
- Communicate with you about account-related matters (password resets, subscription receipts, billing issues).
We do not use the information for advertising, profiling, or any purpose outside the operation of the App.
4. Third-Party Service Providers
The App is built on the following third-party services. Each provider has access to the information needed to perform its function and is contractually required to protect that information.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Account authentication, database, file storage (audio + images), realtime updates | Account info, child profiles, stories, characters, audio files, image files |
| Anthropic (Claude) | Premium story generation | Story prompts, character context, age tier. No account information. Anthropic does not use API content to train its models. |
| DeepInfra | Free-tier story generation (Llama-3), text-to-speech (Kokoro), and image generation (SDXL-Turbo / FLUX-2-pro) | Story prompts and script text for audio generation. No account information. |
| ElevenLabs | Premium text-to-speech (only when enabled) | Story script text for audio generation. No account information. |
| RevenueCat | Subscription and consumable purchase management | Anonymous customer identifier, subscription status, purchase events. RevenueCat does not handle payment card data — that flows directly between you and Apple/Google. |
| Apple App Store / Google Play | Payment processing | Payment card data is handled directly by Apple or Google per their respective privacy policies. We do not receive or store card information. |
| Google Cloud Run | Backend service hosting | Encrypted in transit; runtime logs may contain anonymous request metadata. |
5. Children's Privacy (COPPA Compliance)
Koko is designed for children under 13 and complies with the United States Children's Online Privacy Protection Act ("COPPA"):
- Parental account required: only a parent or legal guardian can create an account. The account holder must provide their email and is responsible for setting up child profiles.
- No personal information from children: children interact with the App only through the profile their parent creates. Children do not enter their own information, email addresses, or other personal data.
- Parental controls: a 4-digit Parental PIN gates access to all parent-side functions (settings, profile management, subscription, scrapbook, account deletion). The PIN cannot be bypassed by a child.
- No third-party advertising or marketing: we do not allow advertising SDKs to operate in the App. Children do not see external advertisements.
- Right to review and delete: parents may review or delete any child profile (and all associated data) at any time from Settings → Profiles.
To exercise your parental rights, contact support@kokostories.app.
6. Data Security
- All network traffic between the App and our servers is encrypted in transit using TLS.
- Account passwords are stored as one-way hashes by our authentication provider (Supabase Auth).
- Stories, characters, and other user-generated content are stored in Supabase, where Row-Level Security (RLS) policies enforce that one account cannot access another account's data.
- Backend secrets and API credentials are stored in Google Cloud Secret Manager and accessed only by the Cloud Run service identity at runtime.
No system is perfectly secure. We do our best, but we cannot guarantee absolute security.
7. Data Retention
- Account, profile, story, character, and purchase data is retained for as long as your account is active.
- When you delete a child profile, all stories, characters, and audio/image files associated with that profile are permanently deleted within 30 days.
- When you delete your account, all associated data — including all child profiles — is permanently deleted within 30 days.
8. Your Rights
You have the right to:
- Access the information we have about you and your children
- Correct inaccurate information
- Delete your account and all associated data
- Export your data in a portable format
To exercise any of these rights, contact support@kokostories.app.
If you are in the European Union, the United Kingdom, or California, you may also have additional rights under GDPR, UK GDPR, or CCPA respectively, including the right to lodge a complaint with a supervisory authority.
9. Changes to This Policy
We may update this Privacy Policy occasionally. Material changes will be communicated by email to the account holder and announced in the App. The "Effective Date" at the top of this document reflects the most recent revision.
10. Contact Us
Koko / Temecula Dev Operated by Kevin Porter Email: support@kokostories.app
Note (will be removed before production): this is an initial draft prepared during MVP setup. It has not been reviewed by an attorney. Before launching on the App Store or Google Play, this document must be reviewed by qualified legal counsel familiar with COPPA, GDPR-K, App Store and Play Store policies, and your specific jurisdiction.