Skip to main content
StorySpark

Privacy Policy

Last updated: April 1, 2026


StorySpark ("we," "us," or "our") is operated by Random Synergy LLC. We are committed to protecting the privacy of children and families who use our AI-powered personalized reading platform. This Privacy Policy explains how we collect, use, store, and protect personal information, with special attention to children's data in compliance with the Children's Online Privacy Protection Act (COPPA).

1. Information We Collect

1.1 Parent/Guardian Account Information

  • Full name and email address
  • Account password (stored securely using bcrypt hashing)
  • Payment information (processed securely by Stripe; we do not store credit card numbers)
  • Subscription status and billing history

1.2 Child Profile Information

Parents create child profiles that include:

  • Child's first name or nickname (we do not require a child's full name)
  • Age and date of birth (used to determine age-appropriate content)
  • Reading level and interests (used to personalize story generation)
  • A 6-digit passcode for child authentication (no email required for children)

1.3 Usage and Reading Data

  • Stories generated, read, and bookmarked
  • Reading progress, session duration, and comprehension quiz results
  • Achievement and reward activity
  • Story prompts submitted by children (subject to parental approval settings)

1.4 AI-Generated Content

  • Story text generated by AI models based on child preferences
  • Illustrations generated by AI image models to accompany stories
  • AI-generated content is created uniquely for each child and stored in their profile

2. COPPA Compliance

StorySpark is designed for children aged 4-16 and fully complies with the Children's Online Privacy Protection Act (COPPA):

  • Verifiable parental consent: Only parents or legal guardians (age 18+) can create accounts. Children cannot sign up independently.
  • Minimal data collection: We collect only the information necessary to provide personalized reading experiences.
  • No direct contact with children: Children do not provide email addresses. Authentication uses a parent-set 6-digit passcode.
  • No behavioral advertising: We do not serve advertisements to children or use children's data for marketing purposes.
  • No social features: Children cannot communicate with other users or share personal information publicly.

3. How We Use Information

  • To generate personalized, age-appropriate stories and illustrations
  • To track reading progress and provide analytics to parents and teachers
  • To manage gamification features (achievements, rewards, reading streaks)
  • To process subscription payments via Stripe
  • To send account-related notifications (email verification, password resets) to parents
  • To improve our AI models and content quality (using aggregated, de-identified data only)

4. Data Storage and Security

All data is stored on our private, self-hosted servers:

  • Database: PostgreSQL on a privately managed server, not shared with third parties
  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
  • Passwords: Stored using bcrypt hashing with individual salts
  • Access control: Role-based access ensures children can only see their own content, parents see their family's data, and teachers see only their classroom data
  • Backups: Regular encrypted backups are maintained for data recovery

5. Data Sharing

We do not sell, rent, or share personal information with third parties, except:

  • Stripe: Payment processing only. Stripe receives the minimum data required to process subscriptions. See Stripe's Privacy Policy.
  • AI providers: Story prompts (not personal identifiers) are sent to AI language and image generation APIs to create content. No child names, ages, or personal details are included in API requests.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

6. Cookies and Tracking

StorySpark uses the following cookies and tracking technologies:

  • Session cookies: Required for authentication and maintaining your login state
  • CSRF token: Required for form security
  • Theme preference: Stored in your browser's local storage (not a cookie) to remember your light/dark mode choice
  • Google Analytics (GA4): We use Google Analytics on parent, teacher, and public-facing pages to understand how adults use the platform (e.g., page visits, feature adoption). IP addresses are anonymized. Google Analytics is never loaded on child-facing pages (the `/read` interface). No personally identifiable information is sent to Google. See Google's Privacy Policy.

We do not use advertising trackers or any third-party tracking technologies on child-facing pages.

7. Parental Rights

As a parent or legal guardian, you have the right to:

  • Review all data collected about your child through the parent dashboard
  • Modify your child's profile information, reading preferences, and parental control settings at any time
  • Delete your child's profile and all associated data (stories, reading history, achievements)
  • Revoke consent by deleting your account, which removes all family data from our systems
  • Control content: Approve or reject story prompts before AI generates content (when parental approval mode is enabled)
  • Export your child's reading data and story library

To exercise any of these rights, use the parent dashboard settings or contact us at privacy@randomsynergy.xyz.

8. Data Retention

We retain personal data only as long as your account is active. When you delete a child profile or your account:

  • Profile data, stories, and reading history are permanently deleted within 30 days
  • Billing records are retained as required by applicable tax and financial regulations
  • Aggregated, de-identified usage statistics may be retained for service improvement

9. School and Teacher Accounts

When StorySpark is used in a school setting, the school or district acts as the agent of consent for COPPA purposes. Teachers can view reading analytics for students in their classes but cannot access data from other classrooms or families.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify parents via email of any material changes that affect how we collect or use children's data. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: