Tinywhispers Privacy Policy

Last updated: 30 August 2025

This Privacy Policy explains how Molcode SRL ("we", "us", or "our") collects, uses, and shares information when you use the Tinywhispers mobile application (the "App"). If you do not agree with this Policy, please do not use the App.

Contact: legal@tinywhispers.io

Scope

This Policy applies to the App and in‑App features. It does not apply to third‑party websites or services that may be linked from the App.

Information We Collect

Information you provide

• Account details: email address used to create and maintain your account. You may optionally provide a display name or profile image.
• Story inputs and preferences used to personalize content (e.g., names, relationships, values, topics, themes, tones, languages).
• In‑App selections and settings (e.g., reader, narration, language, accessibility).

Information collected automatically

• Device information, App interactions, performance, and diagnostics.
• Crash reports and other telemetry to maintain reliability and security.

Information from your device with permission

• Push notification token to deliver messages you opt in to receive.
• Photo library access when you choose to update an avatar using the system picker.

How We Use Information

We use information to:

• Provide, personalize, and operate the App (including story and narration generation and delivery).
• Authenticate and manage accounts, subscriptions, and entitlements.
• Send push notifications about story/narration status and relevant updates (subject to your preferences).
• Monitor, secure, and improve the App, including analytics, troubleshooting, and fraud prevention.
• Comply with legal obligations and enforce our terms.

Legal Bases (where applicable)

• Performance of a contract (providing requested features and services).
• Legitimate interests (App functionality, analytics, security, fraud prevention, improvements).
• Your consent (e.g., push notifications, photo access) and withdrawal at any time through device or in‑App settings.

Sharing of Information

We do not sell your personal information. We share information only with:

• Service providers who process data on our behalf to operate the App (e.g., hosting, analytics, crash reporting, messaging, payment/subscription processing). These providers are bound by contractual obligations to protect your information and use it only as instructed.
• Platform providers as needed to complete purchases, deliver notifications, or provide device‑level services you enable.
• Public authorities, advisors, or third parties when required by law, to protect rights and safety, or in connection with corporate transactions.

The App does not include third‑party advertising SDKs.

International Data Transfers

Your information may be processed in countries other than your own. Where required, we implement appropriate safeguards for such transfers.

Data Retention

We retain information for as long as necessary to provide the App and for legitimate business needs (including legal, accounting, and compliance obligations). You can request account deletion from within the App; we will delete associated data subject to legal retention requirements.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or port your information, or to object to or restrict certain processing. You can manage push notifications in device settings and withdraw consent where applicable. To exercise rights, contact us at legal@tinywhispers.io. We may request proof of identity and will respond as required by law.

Children’s Privacy

The App is designed for family use. Adults control accounts and submit information for children’s stories. We do not knowingly collect personal information directly from children without appropriate parental consent. Adults should review and supervise the information they submit about children in the App.

Security

We design and operate the App using industry‑standard security practices and controls. These include, as appropriate:

• Encryption of data in transit (TLS/HTTPS) and at rest for stored information.
• Strict access controls based on least privilege and role‑based access; multi‑factor authentication for administrative access.
• Segregated environments, network protections, and secure secrets management.
• Continuous monitoring, logging, and alerting to detect and respond to unusual activity.
• A secure software development lifecycle, including code review, dependency scanning, vulnerability management, and regular security testing.
• Backup and recovery procedures and business continuity planning.
• An incident response program for investigating, mitigating, and, where required by law, notifying about security events.
• Vendor and sub‑processor due diligence and contractual safeguards.

Changes to This Policy

We may update this Policy from time to time. Updates will be posted in the App and/or repository with a revised "Last updated" date. Your continued use of the App after changes constitutes acceptance.

Contact Us

Molcode SRL

Email: legal@tinywhispers.io