CozyKidsStories Privacy Policy
This Privacy Policy applies to the CozyKidsStories mobile application. CozyKidsStories is a bedtime-story application designed for families with children aged 3–8. This policy explains, in clear terms, what information we process, why we process it, where it is stored, and how parents or guardians can manage or delete it.
1. Key Summary
- The App's basic story features can be used without signing in with an Apple or Google account.
- When the App starts, it may create an anonymous Firebase account and Firebase UID that do not contain an email address or name. This helps distinguish user data on the device and in the cloud.
- Sign in with Apple does not request the user's name, but Firebase Authentication may still receive and retain the email address and provider identity information supplied by Apple.
- Android Google Sign-In may provide Firebase Authentication with the user's Google account email address and profile information, including a display name.
- Firestore user records do not store email addresses, names, Apple provider IDs, or Apple email fields.
- The App does not use third-party analytics SDKs, crash-reporting SDKs, or advertising SDKs, and it does not display third-party advertisements.
- We do not sell personal information or use children's information for targeted advertising or cross-app tracking.
- Parents or guardians can request account deletion in the App or contact us by email.
2. Information We Process
2.1 Firebase Accounts and Sign-In Information
Anonymous Use
When the App starts, Firebase Authentication may create or restore an anonymous Firebase user. This account primarily contains a random Firebase UID, which helps distinguish the current user's data locally and in the cloud. Anonymous use does not require an email address, name, telephone number, or a child's social-media account.
Sign in with Apple
On iOS, users may choose to sign in with Apple. During this process, Apple and Firebase Authentication process the credentials and Apple provider identifier required to authenticate the user. The current App does not request the user's Apple name.
If Apple provides an email address, Firebase Authentication may retain it as part of the third-party sign-in account profile. We do not copy this email address to Firestore, and we do not use it for advertising, behavioural analytics, personalised marketing, or automatic cross-platform account merging.
Google Sign-In
On Android, users may choose to sign in with Google. Google and Firebase Authentication process the credentials required to authenticate the user. Google may provide the account email address and profile information, including a display name.
Firebase Authentication may retain the corresponding account profile information supplied by Google.
2.2 Firestore Cloud User Data
After a user has explicitly signed in and uses synchronisation features, Firestore may store the following information associated with the Firebase UID:
- A child nickname or username entered in the App;
- Avatar selection or avatar path;
- Reading counts and reading statistics;
- IDs of favourited stories;
- Reading history, reading progress, current page, and reading times;
- Voice, display, reminder, and other App settings;
- Account-management information such as sign-in method and sign-in time;
- Subscription status, subscription plan, and subscription expiry summary.
Firestore does not store:
- Apple or Google email addresses;
- Apple or Google display names;
- An additional copy of the Apple provider ID;
- The user's Apple name.
2.3 Data Stored Locally on the Device
To support offline use and reduce unnecessary network transfers, the App may store the following information locally on the device:
- Child nickname, age group, avatar, and onboarding settings;
- Favourites, reading history, and reading progress;
- Font, display, voice, reminder, and notification settings;
- Downloaded or generated TTS audio cache files;
- Story images and other App cache files;
- Pending purchase-processing records.
If a user selects a custom avatar from the photo library, the image is copied to the App's private local storage. The current App does not upload the image bytes to Firebase Storage or another image service.
2.4 Purchase and Subscription Information
To verify purchases, provide premium access, and restore purchases, the App and our subscription backend may process:
- Firebase UID;
- Platform information, such as iOS or Android;
- Product ID and subscription plan;
- Transaction ID and original transaction ID supplied by Apple or Google Play;
- Android purchase token, where applicable;
- Subscription status, environment, start time, and expiry time;
- Necessary server-side purchase-verification results.
Payment methods and bank-card information are handled by the Apple App Store or Google Play. We do not receive or store users' bank-card information.
3. How We Use Information
We use the information described above to:
- Authenticate Apple, Google, and anonymous accounts;
- Provide cloud synchronisation for signed-in users;
- Save and restore reading progress, favourites, and reading history;
- Verify purchases, provide premium features, and restore subscriptions;
- Store necessary local cache files to improve offline use;
- Maintain account security and prevent fraud or abuse;
- Respond to support and privacy requests from parents, guardians, and users.
We do not use email addresses, names, child nicknames, reading records, or account identifiers for third-party advertising, sale, data brokerage, cross-app tracking, or marketing sharing with unrelated companies.
4. Storage Locations and Service Providers
To operate the App, we may use the following services:
- Apple: Sign in with Apple and Apple App Store purchases;
- Google: Android Google Sign-In, Firebase Authentication, and Firebase Firestore;
- Google Play: Android in-app purchases;
- Firebase by Google: Authentication, Firebase UID services, Firestore, and related cloud infrastructure;
- Google Cloud: Voice services when the user selects Google Cloud TTS;
- Cloudflare: The Edge TTS Worker when the user selects Edge TTS.
These service providers may process information in countries outside Australia and may handle it under their own privacy policies, terms of service, and applicable data-protection requirements.
5. Children's Privacy
CozyKidsStories is designed for families with children. Children can use the App's basic story features without providing an email address, telephone number, or social-media account.
The App may process a child's nickname, age group, avatar selection, reading activity, and usage preferences. This information is used only to provide story, reading, and personalisation features. We do not sell children's information, use it for targeted advertising, use it for cross-app tracking, or use mobile analytics or crash-reporting SDKs.
Sign-in with Apple or Google, purchases, external links, privacy settings, and other actions involving an account or a parental decision should be completed by a parent or guardian. Parents or guardians may contact us to request access to, correction of, or deletion of information relating to a child.
6. Data Retention
- Local data remains on the device until the user deletes App data, clears the App, uninstalls the App, or the App itself removes the data;
- Firebase Auth accounts and Firestore cloud data are retained while the account is active, or for as long as reasonably necessary to provide the service, maintain security, verify purchases, and meet legal obligations;
- Purchase and subscription records may be retained for a reasonable period for purchase verification, refunds, fraud prevention, accounting, and legal obligations;
- TTS services process and retain voice requests in accordance with the applicable service provider's policies.
7. Account Deletion
Users can request account deletion in the App under Settings → Delete Account.
For Apple or Google sign-in users, the App first requires recent re-authentication. Anonymous users do not need to re-authenticate. After successful verification, the backend uses the verified Firebase UID to delete the cloud account data under our control, associated user records, reading synchronisation records, subscription records, and the Firebase Auth account.
Deleting an account does not automatically cancel an active subscription in the Apple App Store or Google Play. Users must cancel subscriptions separately through the relevant store.
After account deletion, existing local cache files, reading history, favourites, or TTS audio may remain on the device until the user clears App data or uninstalls the App. Local data that is not re-associated with a new sign-in will not be linked to a new cloud account using the deleted Firebase UID.
If a user cannot use the in-App deletion function, they may email cozy@cozykidsstories.com with a deletion request. To protect accounts, we may need to verify the requester's identity and relationship to the child.
8. Security Measures
We use reasonable technical and organisational measures to protect information, including:
- Firebase Authentication;
- Firebase UID-based access controls;
- Firestore security rules;
- HTTPS encryption in transit;
- Authentication-token verification for the server-side account-deletion endpoint;
- Limiting transfers to data needed to operate the relevant feature.
No method of transmission or electronic storage can be guaranteed to be completely secure. Users should protect their devices and Apple or Google accounts.
9. Choices for Users and Parents
Users or parents may:
- Use the App anonymously;
- Choose whether to sign in with Apple or Google;
- Manage local voice, display, reminder, and notification settings;
- Delete an account in the App;
- Contact us to request access to, correction of, or deletion of account data;
- Manage or cancel subscriptions through the Apple App Store or Google Play.
10. Changes to This Privacy Policy
We may update this policy if our data practices, service providers, or legal obligations change. The updated version will be posted on this page with a new “Last updated” date. Where appropriate, we will notify users of material changes through the App, the applicable service, or another reasonable method.
11. Contact Us
If you have questions about this policy, children's privacy, account deletion, or data processing, please contact us:
- Email: cozy@cozykidsstories.com
- Website: https://www.cozykidsstories.com/
- Privacy Policy: https://www.cozykidsstories.com/privacy/