Privacy Policy
WimziPal (“we”, “us”, “the app”) is an AI companion app designed for children aged 4–12, used only with parental supervision and consent. This policy explains what information we collect, how we use it, and the choices you have. Questions: privacy@wimzipal.com.
1. Who controls the data
The data controller is the WimziPal team. Contact us at privacy@wimzipal.com for any privacy-related question, request, or complaint.
2. What we collect
From the parent (account holder)
- Email address — sign-in, account recovery, safety alerts, and support replies.
- Password — stored only as a one-way bcrypt hash; we can never read it. Not collected when you use Sign in with Apple or Google.
- Apple / Google sign-in identifier — when used, only the opaque user ID and the email returned by Apple or Google are stored.
- Push notification token — stored so we can send safety alerts about your child's session.
- Subscription state — whether you have an active premium plan, fetched from RevenueCat. We do not store card or payment details.
About each child (entered by the parent)
- First name and date of birth — personalises replies and determines age-appropriate content.
- Interests, gender, notes — optional fields the parent enters to make replies more relevant.
- Avatar image — optional, stored on our servers if uploaded.
- Selected character + companion preferences.
From each conversation
- Voice recordings — sent to the speech-to-text service for transcription and then discarded immediately. We do not store the audio.
- Text transcripts — the transcribed input and the AI's reply are stored for up to 90 days so the parent can review sessions. Older transcripts are deleted.
- Photos shared with the “Show your buddy” feature — sent to the vision service for description and then discarded immediately. We do not store photos.
- Moderation flags — when the safety layer flags content, the category is recorded with the turn so parents can be alerted and review what happened.
Device and technical data
- Device identifier (random) — used to enforce daily usage limits. Not linked to any advertising network.
- Crash logs and performance metrics — via Firebase Crashlytics and Performance Monitoring, used solely to fix bugs.
- App version, OS version, locale, screen size, language — captured when you send a Contact-Us message so we can reproduce issues.
3. What we never collect
- Precise or coarse location
- Phone numbers or postal addresses
- Payment card numbers — handled entirely by Apple, Google, and RevenueCat
- Advertising identifiers (IDFA / GAID)
- Contacts, calendars, or photo library beyond the single photo the parent chooses to share
- Anything you do not provide voluntarily
4. How we use the data
- To run the app — sign in, render the right character, keep your child's session personal, and enforce parental controls.
- To keep your child safe — every AI reply passes through a moderation layer before being spoken; flagged content triggers a parent alert.
- To improve reliability — anonymised crash and performance data helps us find and fix bugs.
- To respond to support requests — only when you contact us.
We never sell personal information, share it for cross-context behavioural advertising, or train third-party AI models on your child's conversations. We do not show advertisements.
5. Third-party services we use (“sub-processors”)
The app relies on a small set of well-known services to operate. Each is bound by its own privacy policy and processes data only for the purpose listed:
- OpenAI — speech-to-text, chat replies, vision descriptions. Receives voice, text, or image input; not retained for model training.
- ElevenLabs — text-to-speech. Receives reply text only.
- Firebase (Google) — auth, Crashlytics, Performance, App Check, Cloud Messaging, Firestore, Remote Config, Analytics.
- RevenueCat — subscription receipt validation. Receives an anonymous user ID + subscription state.
- Railway — backend hosting.
- Apple / Google — app distribution and sign-in.
6. Children's privacy (COPPA)
WimziPal is designed for children under 13 with parental supervision. We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and equivalent rules elsewhere:
- A parent or legal guardian must register the account. There is no path for a child to create an account independently.
- All child-profile data is entered, controlled, and deleted by the parent.
- We do not collect more child information than is needed to deliver the service.
- We do not condition a child's participation on disclosing more information than is reasonably necessary.
- We do not enable behavioural advertising, third-party tracking, or user-to-user contact features.
If you believe we have collected information from a child without verifiable parental consent, contact privacy@wimzipal.com and we will delete it promptly.
7. Your rights
- Access the data we hold about you and your child.
- Correct any inaccurate data via in-app settings or by emailing us.
- Delete your account and all associated data instantly from Settings → Delete account, or by emailing us.
- Export a copy of your data — email us and we will send it within 30 days.
- Object to processing — though the only processing we do is operating the service you signed up for.
8. Retention
- Conversation transcripts: up to 90 days, then deleted.
- Voice recordings and photos: not stored.
- Account and child-profile data: retained while the account is active, deleted within 30 days of account deletion.
- Crash logs: up to 90 days per Firebase Crashlytics defaults.
- Contact-Us messages: retained until resolved, then deleted.
9. Security
All traffic between the app and our servers is encrypted via HTTPS (TLS 1.2+). Passwords are stored as bcrypt hashes. The backend is protected by Firebase App Check, which blocks requests from anything other than a genuine WimziPal app installation. Conversation transcripts are accessible only to the authenticated parent who owns the child profile.
10. International transfers
Our backend and sub-processors operate primarily in the United States and the European Union. By using the app you consent to the transfer of your data to those jurisdictions for the purposes described in this policy.
11. Changes to this policy
If we update this policy we will update the effective date at the top of the page. Material changes will also be announced in the app. Continued use after a change means you accept the updated policy.
12. Contact
Privacy questions, requests, complaints: privacy@wimzipal.com
Support: support@wimzipal.com