Privacy Protected

Privacy & Security First

We're designing Primary Story with privacy-first foundations, guided by COPPA and GDPR principles as we roll out new features.

🛡️ Privacy & Security Certified

Primary Story maintains the highest standards of privacy protection for children

COPPA Aligned

Designed to follow Children's Online Privacy Protection Act guidelines

GDPR Compliant

General Data Protection Regulation compliant

Data Encrypted

AES-256 encryption for all sensitive data

Privacy by Design

Privacy protection built into every feature

Today: TLS encryption & data minimization

Next: independent privacy reviews

✅ Data encrypted in transit with limited data stored.

In development: Age verification with parental consent workflow.

Roadmap: Encryption at rest and automated retention policies.

Roadmap: Self-serve export/deletion and GDPR rights tooling.

Roadmap: Security monitoring and incident response playbooks.

Where We're Investing in Privacy

TLS enabled

Transport encryption

Parent & story prefs

Data we store

In progress

COPPA readiness

Planning

GDPR roadmap

Our path to compliance readiness

COPPA-Aligned Safeguards

Following COPPA best practices

Parental consent & age verification onboarding (in development)

Parent-managed accounts and story preferences only

Limited advertising tracking (landing pages only, not in child accounts)

Parent dashboard for reviewing child data (roadmap)

GDPR Readiness Plan

Preparing for GDPR requirements

TLS encryption protects traffic between browsers and our servers today

Self-serve data export & deletion workflow (in progress)

Formal data processing agreements with vendors (roadmap)

Security logging & incident response playbooks (roadmap)

AI Content Safety & Filtering

AI Content Moderation

Every story is reviewed by our team today while we layer in automated safety filters.

Human Review

Age-Appropriate Content

Prompts are crafted for elementary readers; automated reading-level checks are in development.

Age Guidance

Parental Controls

Parents choose themes and can reset stories today; granular controls are on our roadmap.

Parent Managed

Content Reporting

We handle safety reports via support today and are adding in-app flagging soon.

Reporting Roadmap

How we think about safety

What we check today

During early access, stories are skimmed by the team before we share them with families.

We avoid violent, frightening, or adult-only themes in our prompts.

Stories focus on curiosity, creativity, and positive lessons.

We highlight caring characters and growth mindsets.

Family feedback helps us improve cultural sensitivity.

What we're building next

Layered AI filters to complement human review.

Clear in-app reporting so parents can flag concerns faster.

Automated reading-level detection for tighter age ranges.

Deeper parental controls for themes and tone.

Scheduled safety reviews with external advisors.

🔒 Advanced Security Implementation

How we protect your data

Data Encryption

TLS keeps data encrypted in transit today; managed at-rest encryption is on our roadmap.

TLS Enabled

Security Monitoring

We monitor system logs now and are implementing automated alerts for unusual activity.

Monitoring Roadmap

Data Retention

We store only what's needed and are drafting formal cleanup and retention schedules.

Retention Plan

Google API Services Data Practices

In compliance with Google API Services User Data Policy, we transparently disclose how we access, use, and protect Google user data in our application.

Google User Data Access

OAuth Authentication

When users sign in with Google, we access the following Google user data solely for account creation and authentication purposes:

Email address: Used for account identification and communication

Full name: Used to personalize the user experience

Profile picture: Optional display in user profiles (not stored on our servers)

Data Storage: Google user data is encrypted and stored securely in our database. Data is retained until account deletion.

Google User Data Usage

Limited & Purpose-Specific

We use Google user data in the following limited ways:

Authentication & Account Management:

• Sign-in and account creation
• Password reset and account recovery
• Secure session management

User Experience:

• Personalized greetings and profile display
• Account communication and support

AI Content Generation:

• Google Generative AI APIs are used to create personalized stories
• No Google user data is transmitted to or processed by Google AI services
• Content generation is based solely on user-selected themes and preferences

Data Sharing: Google user data is never shared with third parties except as required by Google APIs for authentication purposes.

Google Analytics

Usage Analytics

We use Google Analytics to understand how users interact with our application and improve the service:

Page views and navigation: Which pages users visit and how they navigate

User interactions: Clicks, form submissions, and feature usage

Device information: Browser type, screen resolution, and operating system

Geographic location: Country and city (IP addresses are anonymized)

Custom events: Story creation, quiz completion, login attempts

Data Usage: Analytics data helps us improve app performance and user experience.

Data Retention: Google Analytics retains data for 26 months by default.

Opt-out: Users can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Data Sharing: Analytics data may be processed by Google and shared with other Google services, but we do not receive personally identifiable information.

Meta Pixel (Facebook/Instagram)

Advertising & Conversion Tracking

We use Meta Pixel to measure the effectiveness of our Facebook and Instagram advertising campaigns:

Ad performance: Track which ads lead users to sign up

Conversion tracking: Measure trial sign-ups from ads

Campaign optimization: Improve ad targeting and reduce costs

No child data: Only tracks parent/guardian visits to landing pages

Data Usage: Meta Pixel helps us understand which marketing channels work best so we can invest in the right places.

Data Collected: Page visits, button clicks, and sign-up events on our landing pages only.

Opt-out: You can manage cookie preferences below or opt out of personalized ads in your Facebook Ad Preferences.

Privacy: Meta Pixel only tracks visitors to our public landing pages before sign-up. Once authenticated, no advertising pixels track children's activity.

What privacy looks like today and what's next

Secure infrastructure basics

We use industry-standard encryption, access controls, and regular reviews to keep family data safe.

Clear, parent-managed data

Parents create and manage accounts today while we build a self-serve deletion and export flow.

No ads in the app

Children never see ads. We use limited tracking on landing pages to measure ad performance, but once signed in, no advertising pixels track activity.

Privacy reviews for new features

Every release goes through a privacy checklist so defaults stay safe without extra work from families.

Learning with experts

We follow guidance from child-privacy advisors and update our policies as regulations evolve.

Roadmap for ongoing audits

As our product grows, we'll schedule formal audits and public updates so families can track our progress.

Ready to Trust Us with Your Child's Learning Journey?

Be part of our early access group helping us build a privacy-first reading experience.