Introduction
Lullaby AI ("we," "our," or "us") is committed to protecting your privacy and your child's privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
We comply with COPPA (Children's Online Privacy Protection Act) and GDPR (General Data Protection Regulation) to ensure the highest standards of privacy protection for you and your family.
Important: This app is designed for parents and guardians. We do not knowingly collect personal information from children under 13 without parental consent.
Information We Collect
We collect the following types of information to provide and improve our service:
Account Information:
- Email address (for authentication and account management)
- Password (encrypted and securely stored)
- Account creation date and last login information
- Authentication method (Apple, Google, or email)
Baby Information (Personalization Data):
- Baby's name (for personalizing lullaby lyrics)
- Baby's age (for age-appropriate content)
- Baby's gender (for personalized pronouns in lyrics)
- Preferences and themes selected
Usage Data:
- App interactions and feature usage
- Lullaby creation frequency and patterns
- Music style and theme preferences
- Language preferences
- Audio playback statistics
Technical Data:
- Device type and model
- Operating system version
- App version and build number
- Network connection type
- Crash reports and error logs
Information We Do NOT Collect:
- Precise location data
- Photos or videos
- Contact lists or address books
- Social media information
- Biometric data
- Health or medical information
How We Use Your Information
We use the collected information for the following purposes:
| Purpose |
Data Used |
Legal Basis |
| Create personalized lullabies |
Baby information, preferences |
Contract performance |
| Provide and maintain our service |
Account information, technical data |
Contract performance |
| Improve user experience |
Usage data, preferences |
Legitimate interest |
| Send important service updates |
Email address |
Contract performance |
| Respond to support requests |
Account information, technical data |
Contract performance |
| Ensure app security and prevent fraud |
Account information, technical data |
Legitimate interest |
| Process subscription payments |
Account information |
Contract performance |
Data Storage & Security
We implement industry-standard security measures to protect your data:
Encryption & Security:
- All data is encrypted in transit using TLS 1.3
- Data at rest is encrypted using AES-256
- Passwords are hashed using bcrypt
- API keys and sensitive data are securely stored
Infrastructure & Access:
- Data is stored on secure Supabase servers
- Regular security audits and penetration testing
- Access to data is strictly controlled and logged
- Employee access requires multi-factor authentication
Data Retention:
- Account data: Retained while account is active
- Baby information: Deleted upon account deletion
- Usage data: Anonymized after 2 years
- Generated lullabies: Stored according to subscription tier
Children's Privacy (COPPA Compliance)
We take children's privacy very seriously and comply with COPPA requirements:
Key COPPA Compliance Measures:
- We do not knowingly collect personal information from children under 13
- Baby information is used solely for lullaby personalization
- Parents have full control over their child's data
- No behavioral advertising or tracking of children
- No sharing of children's data with third parties
- Parents can request deletion of child's data at any time
Parental Controls:
- Account creation requires adult verification
- Parents can review and delete baby information
- No automatic data collection from children
- Clear parental consent mechanisms
Data Sharing & Third Parties
We are committed to protecting your privacy and limit data sharing:
Service Providers (Limited Data Sharing):
- Supabase: Database and authentication services
- OpenAI/Suno: AI lullaby generation (no personal data shared)
- RevenueCat: Subscription management
- Apple/Google: Authentication services
We Do NOT:
- Sell personal information to third parties
- Share baby information with advertisers
- Use data for behavioral advertising
- Share data with social media platforms
Your Rights (GDPR Compliance)
You have the following rights regarding your personal data:
Data Rights:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your account and all data
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to certain types of processing
Communication Preferences:
- Opt-out of marketing communications
- Control notification settings
- Withdraw consent at any time
- Request data processing restrictions
International Data Transfers
Your data may be processed in countries other than your own:
- Data is primarily stored in the United States
- We ensure adequate protection through standard contractual clauses
- We comply with local data protection laws
- Cross-border transfers are minimized where possible
Cookies & Tracking
Our app uses minimal tracking for essential functionality:
- No third-party advertising cookies
- No cross-site tracking
- Analytics are anonymized and aggregated
- You can opt-out of non-essential tracking
Data Breach Response
In the unlikely event of a data breach, we will:
- Notify affected users within 72 hours
- Report to relevant authorities as required by law
- Take immediate steps to contain and remediate
- Provide guidance on protective measures
- Conduct a thorough investigation
Changes to This Policy
We may update this Privacy Policy from time to time:
- Material changes will be notified via email
- In-app notifications for significant updates
- Updated effective dates will be clearly marked
- Continued use constitutes acceptance of changes