Privacy Policy for Leo’s Tales by Mama: Storytime

Effective date: July 2026

Last updated: July 2026

Leo’s Tales by Mama: Storytime is a children’s storytelling application designed for use by children under the supervision and control of a parent or legal guardian.

We take children’s privacy seriously and aim to collect only the information reasonably necessary to provide, secure, maintain, and improve the service.

This Privacy Policy explains what information we collect, why we collect it, how it is used, how long it is retained, and what rights parents and legal guardians have regarding their information and their children’s profiles.

1. Data Controller

The operator and data controller of Leo’s Tales by Mama: Storytime is:

Ilija Taleski, Individual Entrepreneur

Registered address: 8 Lech and Maria Kaczynski Street, Batumi, Georgia

Email: leostalesbymama@gmail.com

Questions, privacy requests, and account-deletion requests may be sent to the email address above.

2. Who the App Is For

Leo’s Tales by Mama: Storytime is intended for families and children.

A parent or legal guardian creates and controls the main account. Children are not expected to create independent accounts, provide their own email addresses, make purchases independently, or communicate publicly with other users.

The app does not provide:

Public profiles

Public comments

Direct messaging

Open chat rooms

Social-networking functions

Publicly shared user-generated content

The app is designed to be set up and managed by a parent or legal guardian, who should supervise the child’s use of the service.

3. Information We Collect

The information collected depends on the features used, the device platform, and the sign-in method selected by the parent.

3.1 Parent account information

When a parent or legal guardian creates or uses an account, we may process:

Parent email address

Authentication information

Secure password-authentication records

Apple or Google sign-in identifiers, where those sign-in options are available and selected

Account creation and account status information

Subscription status and entitlement information

Account preferences and settings

Passwords are processed through our authentication provider. We do not intentionally store or have access to users’ passwords in readable plain-text form.

3.2 Child profile information

A parent may create one or more child profiles.

Depending on the available features, a child profile may contain:

Child nickname

Child age or age group

Selected language mode

Reading or listening preferences

Story-play history

Downloaded-story history

Story progress

App preferences

We do not require a child’s:

Full legal name

Email address

Home address

Telephone number

School name

Photograph

Precise location

Parents should use a nickname rather than a child’s complete legal name.

3.3 Story and app activity

To provide story access, downloads, continuity, and account functionality, we may process:

Stories opened or played

Story progress

Downloaded-story records

Selected language

Read or listen mode

App settings

Subscription-access status

Technical requests necessary to deliver story content

Some story progress, downloaded-content records, and preferences may be stored locally on the user’s device.

Where account synchronization is enabled, selected records may also be stored through our backend service so that the app can restore preferences, maintain access, and synchronize supported features.

This information is used to:

Operate the story library

Remember story progress

Manage downloaded content

Maintain language and listening preferences

Provide access to the correct stories

Restore supported account information

3.4 Device and technical information

When the app communicates with our servers, certain technical information may be processed automatically, including:

Internet Protocol address

Device type

Operating-system version

App version

Device or application identifiers required for security or service operation

Connection timestamps

Server request logs

Error information

Security and authentication records

This information is used to:

Operate the service

Deliver story content

Authenticate users

Prevent misuse

Protect accounts

Troubleshoot technical problems

Maintain security and service reliability

We do not use this information for third-party advertising, advertising personalization, or cross-app behavioral tracking.

3.5 Support communications

When a parent contacts us, we may process:

Name or email address included in the message

Message content

Technical details voluntarily provided

Screenshots or attachments sent by the parent

Information necessary to investigate and answer the request

Parents should not send unnecessary personal information about a child when contacting support.

4. Information We Do Not Intentionally Collect

We do not intentionally collect:

Precise GPS location

A child’s email address

A child’s telephone number

A child’s home address

School information

Contacts or address-book information

Biometric information

Health information

Photographs or video recordings of children

Microphone or voice recordings

Advertising identifiers for advertising purposes

Information for targeted advertising

Publicly shared child content

The app does not contain third-party behavioral advertising.

5. How We Use Information

We use information only for legitimate service-related purposes, including:

Creating and securing parent accounts

Authenticating users

Creating and managing child profiles

Providing access to stories and subscriptions

Remembering language, reading, and listening settings

Recording story progress

Managing story downloads

Synchronizing supported information between devices

Processing account and profile deletion

Responding to support requests

Preventing fraud, misuse, and unauthorized access

Detecting and repairing technical problems

Complying with legal obligations

Protecting users, the service, and our legal rights

We do not sell personal information.

We do not rent personal information.

We do not use children’s information for targeted advertising.

We do not create advertising profiles based on children’s activity.

6. Legal Bases for Processing

Where the General Data Protection Regulation or similar legislation applies, we process personal information on one or more of the following grounds.

6.1 Performance of a contract

Processing may be necessary to:

Create an account

Authenticate the parent

Provide stories

Maintain subscriptions

Save preferences

Operate requested app features

6.2 Parent or guardian consent

Where required, the parent or legal guardian provides consent for the creation of child profiles and the processing necessary to provide the child-directed service.

6.3 Legitimate interests

We may process limited information where necessary to:

Secure the service

Prevent fraud

Diagnose technical problems

Answer support requests

Maintain reliable app operation

We rely on legitimate interests only where those interests do not override the rights and interests of children or parents.

6.4 Legal obligations

We may process or preserve information when required by:

Applicable law

Court order

Regulatory request

Tax obligation

Accounting obligation

Another legally binding requirement

7. Children’s Privacy and Parental Control

The main account is intended to be controlled by a parent or legal guardian.

A child profile is not an independent user account. It exists within the parent-controlled account.

Parents can:

Create child profiles

Edit child profiles

Delete individual child profiles

Change language and app settings

Review available account information

Delete the complete parent account

Request assistance regarding their information

Deleting a child profile removes that profile and its associated server data, subject to short-term backup, security, and legal-retention requirements.

Deleting the complete parent account removes the parent account, associated child profiles, synchronized story history, download records, preferences, and other associated server data, subject to the limited retention described in this Privacy Policy.

Information stored only on the device may also be removed by deleting the app or clearing its local data.

8. Analytics, Advertising and Crash Reporting

8.1 No third-party analytics

The iOS and Android versions of Leo’s Tales by Mama: Storytime do not include or use:

Firebase Analytics

Google Analytics for Firebase

Third-party advertising SDKs

Third-party behavioral-tracking SDKs

SDKs used to create advertising profiles

SDKs used for cross-app or cross-website tracking

We do not use analytics services to build profiles of children or parents.

We do not use app activity for advertising personalization or targeted marketing.

8.2 No Firebase Crashlytics

The iOS and Android versions do not include or use Firebase Crashlytics.

Crash information is not intentionally sent to Firebase Crashlytics or another third-party crash-reporting platform.

8.3 Native platform diagnostics

For technical stability and error diagnosis, we may receive limited crash or diagnostic information made available through Apple’s or Google’s native platform services.

Depending on the user’s device settings and the platform’s configuration, this information may include:

App version

Device model

Operating-system version

Crash stack trace

Error type

Technical circumstances surrounding a crash

General app-performance information

We use this information only to:

Investigate technical errors

Improve app stability

Protect service reliability

Resolve security or compatibility problems

Apple and Google process native diagnostic information under their own privacy policies, platform terms, and device settings.

9. Service Providers

We use selected service providers to operate the app.

These providers may process limited information on our behalf for the purposes described in this Privacy Policy and under their contractual obligations to us.

9.1 Supabase

Supabase provides backend infrastructure, including:

Database hosting

Authentication

Secure account management

Data storage

Server-side functions

Application programming interfaces

Content-delivery support

Our Supabase project is hosted in:

AWS Europe (Ireland) – eu-west-1

Information stored through Supabase may include:

Parent account information

Authentication records

Child profiles

Language preferences

Synchronized story progress

Story history

Download records

Subscription status

Account settings

Supabase acts as a service provider or data processor for information handled on our behalf.

9.2 Apple

Apple may process information when a parent:

Downloads the iOS app

Uses Sign in with Apple, where available

Purchases or manages an App Store subscription

Uses Apple platform services

Sends native crash or diagnostic information according to device settings

Apple processes this information under its own terms and privacy practices.

9.3 Google

Google may process information when a parent:

Downloads the Android app through Google Play

Uses Google Sign-In, where available

Purchases or manages a Google Play subscription

Uses Android platform services

Sends native crash or diagnostic information according to device settings

Google processes this information under its own terms and privacy practices.

9.4 Payment processing

Subscriptions and purchases are processed by the Apple App Store or Google Play.

We do not directly receive or store complete payment-card numbers.

We may receive limited purchase information necessary to confirm access, including:

Product or subscription identifier

Purchase status

Subscription status

Expiration or renewal status

Transaction reference

Store platform

10. Data Sharing

We may share limited information with service providers only where necessary to operate, secure, and support the app.

We may also disclose information:

When required by applicable law

In response to valid legal process

To protect a child, parent, or another person from harm

To investigate fraud, abuse, or security incidents

To establish, exercise, or defend legal claims

In connection with a business restructuring, subject to appropriate privacy protections

We do not sell personal information.

We do not share children’s information with data brokers.

We do not share information for third-party targeted advertising.

We do not permit service providers to use children’s information for their own advertising purposes.

11. International Data Processing

We are based in Georgia, and our service providers may operate in other countries.

The primary Supabase hosting region used for account and app data is:

AWS Europe (Ireland) – eu-west-1

Some service providers may process limited technical, authentication, payment, diagnostic, or support information outside the parent’s country of residence.

Where legally required, appropriate contractual, organizational, and technical safeguards will be used for international data transfers.

12. Data Retention

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy.

12.1 Account and profile information

Parent account information, child profiles, synchronized story history, download records, language preferences, and subscription-access records are generally retained while the account remains active.

They are deleted when the parent deletes the corresponding profile or complete account, except for limited information that must be retained temporarily or by law.

12.2 Deleted account information

When the complete parent account is deleted, active account information is scheduled for deletion immediately from the live application systems.

Residual copies may remain in restricted backups for up to one month before being overwritten or permanently removed.

12.3 Server and security logs

Server logs, Internet Protocol records, authentication logs, and security information are generally retained for no longer than one month, unless a longer period is necessary to investigate:

Fraud

Abuse

A security incident

Unauthorized access

A legal claim

12.4 Native crash and diagnostic information

Crash and diagnostic information accessible to us through Apple’s or Google’s native platform services is retained only for as long as reasonably necessary to investigate and resolve technical or security problems.

Apple and Google may retain native diagnostic information according to their own platform policies, technical processes, and user settings.

12.5 Support messages

Support communications are generally retained for no longer than one month after the request has been resolved, unless a longer period is required to address:

An ongoing dispute

A legal obligation

A fraud investigation

A security issue

A child-safety concern

12.6 Purchase and legal records

Certain transaction, accounting, tax, fraud-prevention, or legal records may be retained for up to five to seven years where required by applicable law, accounting obligations, or financial-auditing requirements.

13. Account and Profile Deletion

Parents can delete:

An individual child profile; or

The complete parent account and associated server data.

These options are available through the parent-controlled area of the app.

A parent may also request deletion by contacting:

leostalesbymama@gmail.com

We may ask the parent to verify control of the account before processing an email-based deletion request.

Deleting the Leo’s Tales by Mama: Storytime account does not automatically cancel an active subscription or prevent a scheduled renewal.

The parent must separately cancel the subscription through the Apple App Store or Google Play account settings.

After account deletion, limited residual information may remain temporarily in restricted backups or where retention is required by law.

14. Parental Rights

Depending on applicable law, a parent or legal guardian may have the right to:

Request access to personal information

Request correction of inaccurate information

Request deletion of information

Withdraw consent where processing is based on consent

Object to certain processing

Request restriction of processing

Request a portable copy of eligible information

Submit a complaint to a competent data-protection authority

To exercise these rights, contact:

leostalesbymama@gmail.com

We may need to verify the requester’s identity and control of the relevant parent account before completing the request.

15. Security

We use reasonable technical and organizational measures designed to protect information, including:

Encrypted network connections

Access controls

Authentication protections

Database-security rules

Restricted administrative access

Secure service-provider infrastructure

Backup and recovery procedures

Data-minimization practices

Monitoring for unauthorized access and misuse

No online service can guarantee absolute security.

Parents should use a strong, unique password and keep their account credentials confidential.

16. Advertising and Tracking

Leo’s Tales by Mama: Storytime does not contain third-party behavioral advertising.

We do not:

Sell advertising space based on a child’s activity

Track children across unrelated apps or websites

Create advertising profiles for children

Sell personal information

Use children’s information for targeted advertising

Use advertising identifiers for advertising

Request Apple App Tracking Transparency permission for advertising purposes

Any external website, purchase-management page, social-media link, or parent-directed link inside the child-accessible area of the app will be placed behind an appropriate parental control or parental gate where required.

17. Notifications

Where notifications are offered, they may be used for service-related or parent-directed purposes, such as:

Informing a parent that new stories are available

Providing account-related information

Communicating important service updates

Notifications are not used for behavioral advertising or advertising personalization.

Notification permission can be controlled through the device settings.

18. External Links

The app or website may contain links to external services, such as:

Apple App Store

Google Play

Instagram

TikTok

Subscription-management pages

Parent-directed support or legal pages

External services operate under their own privacy policies and terms.

Links intended for parents will be placed behind an appropriate parental gate inside the child-accessible area of the app where required.

Parents should review the privacy practices of external services before using them.

19. Changes to This Privacy Policy

We may update this Privacy Policy when:

App features change

Service providers change

Data practices change

Legal requirements change

New platforms or services are introduced

The updated version will display a revised “Last updated” date.

Where required, we will provide additional notice or obtain renewed parental consent before making material changes affecting children’s information.

20. Contact Us

For privacy questions, parental requests, account deletion, or concerns about children’s information, contact:

Ilija Taleski, Individual Entrepreneur

8 Lech and Maria Kaczynski Street

Batumi, Georgia

Email: leostalesbymama@gmail.com