CHILDREN'S PRIVACY POLICY

StoryLoft

Effective Date: June 3, 2026 Last Updated: July 17, 2026


NOTICE TO PARENTS AND GUARDIANS

This Children's Privacy Policy describes how StoryLoft ("Company," "we," "us," or "our") collects, uses, and discloses personal information from children under 13 years of age through the StoryLoft mobile application (iOS and Android) and web dashboard at storyloft.net (collectively, the "Service"). This policy is designed to comply with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. Section 6501 et seq., and its implementing regulations at 16 CFR Part 312, including amendments effective April 22, 2026.

Important: Please read this policy carefully. If you are a parent or guardian and have questions about your child's privacy, please contact us at rogersmi87@gmail.com.


1. OVERVIEW

1.1 What This Policy Covers

This policy applies to personal information collected from children under 13 through:

1.2 Age Verification

We use the following methods to determine if a user is a child:

Important design note: Children under 13 do not independently create accounts on StoryLoft. All accounts are created by parents or guardians (or, in a classroom context, by teachers). Children interact with the Service through profiles created and managed by adults.

1.3 Definitions


2. INFORMATION WE COLLECT FROM CHILDREN

2.1 Information Collected Directly

Design note on names: The app is designed to collect a child's first name only (or first name plus last initial). Name fields are labeled accordingly and guide adults not to enter full last names. We do not require or request a child's full last name.

Information TypeCollectedPurpose
First name (or first name + last initial)☑ YesDisplayed in the app to identify the child's reading profile
Full last name☐ NoNot requested; name fields guide adults to use first names only
Email address☐ NoNot collected from children; only from parent accounts
Profile picture☐ NoNot collected; children select from pre-built avatar options
Date of birth☐ NoOnly age range is collected (4–6, 7–10, 11–14)
User-generated content☑ YesWritten answers to open-ended quiz questions (text only; stored to display quiz results to parent)
Audio/voice recordings☐ NoNot collected
Photos/videos☐ NoNot collected
Precise geolocation☐ NoNot collected
Reading quiz results☑ YesBook titles, quiz scores, XP earned, completion dates — used to display progress to the parent and generate reading recommendations
Age range☑ YesUsed to calibrate quiz difficulty (e.g., "Elementary Ages 7–10")
Faith/virtue preference☑ YesOptional flag set by parent indicating whether faith-and-virtue question content should be included

2.2 Information Collected Automatically

Information TypeCollectedPurpose
Device type☑ YesSupport internal operations, display correctly on device
Operating system☑ YesSupport internal operations
IP address☑ YesSupport internal operations, security
App usage data☑ YesSupport internal operations, identify errors
Persistent identifiers☑ YesSupport internal operations only (session management via Clerk authentication)

We use persistent identifiers solely for internal operations support. We do not use cookies or device identifiers for behavioral advertising or tracking children across third-party websites.

2.3 Information Collected from Third Parties

☑ We do not collect children's personal information directly from third parties. Child profile information is provided by parents when setting up the Service.


3. HOW WE USE CHILDREN'S INFORMATION

3.1 Permitted Uses

PurposeDescription
Provide the ServiceDisplay child's reading history, quiz results, XP, and Hoot pet progress to parent and child
Respond to RequestsRespond to parent support requests regarding their child's account
Quiz GenerationSend book title and child's age range to our AI service (Anthropic) to generate age-appropriate reading comprehension questions. No child-identifying information is sent.
Reading RecommendationsGenerate book recommendations based on quiz history (book titles and scores only)
Internal OperationsMaintain, analyze, and improve service functionality
Safety and SecurityProtect children and ensure a safe experience
Legal ComplianceComply with applicable laws including COPPA

3.2 Prohibited Uses

We do NOT use children's personal information to:


4. DISCLOSURE OF CHILDREN'S INFORMATION

4.1 Service Providers

We disclose children's personal information only to the following service providers, each of which is contractually prohibited from using the information for any other purpose:

Service ProviderPurpose
Railway (PostgreSQL hosting)Database hosting for quiz results, child profiles, and reading lists
Anthropic (Claude API)AI quiz and game generation — receives book title and age tier only; no child-identifying information
Expo / EASMobile app hosting and over-the-air updates
NetlifyWeb dashboard hosting
ClerkParent account authentication and session management
RevenueCatSubscription management for parent accounts only

4.2 Other Disclosures

We may disclose children's personal information:

4.3 No Sale or Sharing


5. PARENTAL CONSENT

5.1 Consent Requirements

Under COPPA, we obtain verifiable parental consent before:

5.2 Verifiable Parental Consent Methods

We use the following method to obtain verifiable parental consent:

5.3 Exceptions to Consent Requirement


6. PARENTAL RIGHTS

6.1 Your Rights Under COPPA

Right to Review: Parents may review all information collected about their child by logging into their StoryLoft account and viewing the child's profile, quiz history, and reading list.

Right to Delete: Parents may delete a child's profile at any time by long-pressing the child's profile in the app or by submitting a deletion request to rogersmi87@gmail.com. Profile deletion removes all quiz results, reading lists, and profile data within 30 days.

Right to Refuse: Parents may refuse further data collection at any time by deleting the child's profile or contacting us.

Right to Revoke: Parents may revoke consent by contacting us at rogersmi87@gmail.com.

6.2 How to Exercise Your Rights

Email: rogersmi87@gmail.com Mail: StoryLoft, 3955 Green Valley Road, Lebanon, VA 24266 Data Deletion Request Page: https://readwise-backend-production.up.railway.app/delete-request.html

When contacting us, please provide:

6.3 Response Timeline

We will respond to your request within 30 days of receipt and will process deletions within 30 days of verification.


7. DATA SECURITY

7.1 Security Measures

7.2 Data Breach Response

In the event of a security incident affecting children's personal information, we will promptly investigate, notify parents as required by applicable law, and take appropriate remedial measures.


8. DATA RETENTION

8.1 Retention Period

We retain children's personal information only for as long as reasonably necessary to:

8.2 Deletion


9. THIRD-PARTY SERVICES AND LINKS

9.1 Third-Party Services

Our Service does not include links to third-party social networks or external websites accessible to children.

9.2 Social Features

StoryLoft does not include social features such as public chat, forums, or content sharing between users. Children cannot communicate with or share information with other children through StoryLoft.


10. ADVERTISING

10.1 Advertising Practices


11. CONNECTED DEVICES AND TOYS

Not applicable. StoryLoft does not involve connected devices or toys.


12. SCHOOLS AND EDUCATIONAL SERVICES

12.1 School Context Use

StoryLoft offers a Classroom plan for teachers and educational institutions.

12.2 Roster Entry

Teachers may add students individually or by entering a class roster in bulk. In all cases, the only student information collected is a first name (or first name + last initial) and an age range. StoryLoft does not import, request, or store student last names, student ID numbers, emails, or any data synced from a school's Student Information System.

12.3 Teacher Responsibilities

When using StoryLoft in a school context, teachers and schools act as operators under COPPA and are responsible for:


13. INTERNATIONAL USERS


14. STATE-SPECIFIC PROVISIONS

14.1 California

14.2 Other States


15. UPDATES TO THIS POLICY

If we make material changes to this policy, we will:

For non-material changes, we will update the "Last Updated" date at the top of this policy.


16. CONTACT INFORMATION

Email: rogersmi87@gmail.com Mail: StoryLoft, 3955 Green Valley Road, Lebanon, VA 24266 Data Deletion Request: https://readwise-backend-production.up.railway.app/delete-request.html FTC Complaint: www.ftc.gov/complaint | 1-877-382-4357


17. OPERATOR INFORMATION

FieldInformation
Operator NameStoryLoft
Address3955 Green Valley Road, Lebanon, VA 24266
Emailrogersmi87@gmail.com
App (iOS)com.rogersmi87.readwise
App (Android)com.rogersmi87.Storyloft
Websitehttps://storyloft.net

APPENDIX A: PARENTAL CONSENT — HOW WE OBTAIN IT

StoryLoft uses an account-based consent model:

  1. A parent or guardian creates a StoryLoft account using their own email address (verified by our authentication provider, Clerk)
  2. The parent then creates a child profile within their account, specifying the child's name and age range
  3. By creating the child's profile, the parent provides explicit consent for data collection as described in this policy
  4. Children under 13 cannot independently create accounts or profiles

To revoke consent or request deletion at any time: rogersmi87@gmail.com


APPENDIX B: DIRECT NOTICE TO PARENTS (TEMPLATE)

Subject: Your child's StoryLoft reading profile

Dear Parent/Guardian,

You have created a reading profile for [child's name] on StoryLoft.

Information we collect for this profile:

How we use it:

Who we share it with:

Your rights:

Sincerely, StoryLoft


This policy was prepared based on StoryLoft's actual data practices as of June 2026. It should be reviewed by qualified legal counsel before use as a formal compliance document. COPPA compliance requires careful attention to specific requirements.