This Privacy Policy explains how App On Inc. ("Company," "we," "us," or "our") collects, uses, stores, and protects personal data through the TaleUp mobile application ("App"). TaleUp is an AI-powered children's development platform designed for children aged 3–12 and their parents or legal guardians.
We are committed to protecting the privacy and safety of our users, especially children. This Policy complies with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Turkey's Personal Data Protection Law (KVKK / Law No. 6698), and all other applicable data protection legislation.
By downloading, installing, or using TaleUp, you acknowledge that you have read and understood this Privacy Policy.
Data Controller: App On Inc. — info@apponai.co
2.1 Information You Provide Directly
| Data Category | Details |
|---|
| Account Information | Name, surname, username, email address, encrypted password, registration date |
| Child Profile Data | Child's name, date of birth / age, gender, interests, favorite characters, preferred themes, story settings, values and morals preferences |
| Disability Information (optional) | Physical or developmental disability type (e.g., Autism, ADHD, vision / hearing impairment), preference for inclusive story representation |
| Subscription & Payment | Subscription plan type (Basic / Plus / Pro), start and expiry dates. We do not collect or store credit card numbers, bank details, or any financial payment information — all payments are processed exclusively by Apple App Store or Google Play Store. |
| User-Generated Content | Story prompts / topics, feedback responses, blog comments, support requests |
2.2 Information Collected Automatically
| Data Category | Details |
|---|
| Usage Data | Stories created, stories listened to, meditations completed, listening progress, badges earned, favorites saved, session frequency and duration |
| Device Information | Device model, operating system and version, app version, language and locale settings, timezone |
| Analytics Data | Screen views, feature interaction patterns, crash reports, performance metrics (via Firebase Analytics) |
2.3 Information We Do NOT Collect
- Precise geolocation or GPS data
- Photos, videos, or audio recordings from the device
- Contact lists or address books
- Browsing history outside the App
- Social media account credentials
- Biometric data (fingerprint, face recognition)
- SMS, call logs, or communication content
We process personal data strictly for the following purposes:
| Purpose | Legal Basis |
|---|
| Creating and managing user accounts | Contract performance |
| Creating and managing child profiles | Contract performance with parental consent |
| Generating personalized AI stories based on child preferences | Contract performance with parental consent |
| Providing audio narration (Text-to-Speech) for stories | Contract performance |
| Delivering meditation content | Contract performance |
| Managing subscriptions and credit balance | Contract performance |
| Awarding badges and tracking gamification progress | Legitimate interest |
| Sending local push notifications | User consent |
| Displaying non-personalized advertisements (Basic plan) | Legitimate interest |
| Improving app performance and fixing bugs | Legitimate interest |
| Responding to support requests | Contract performance |
| Complying with legal obligations | Legal obligation |
We never use personal data for behavioral or targeted advertising directed at children, selling or renting data to third parties, profiling children for marketing purposes, or automated decision-making that produces legal effects on users.
TaleUp is designed for use by children under the direct supervision of a parent or legal guardian. We take children's privacy extremely seriously.
4.1 Parental Consent
- Accounts for children under 13 can only be created by a verified parent or legal guardian.
- Child profile information is collected only with explicit parental consent.
- Parents must accept our Terms of Use and this Privacy Policy before creating a child profile.
- An AI Data Usage Consent screen explicitly explains what child data is shared with Google Gemini before any story is generated.
4.2 What Child Data Is Used For
Child profile data (name, age, interests, theme preferences) is used solely for:
- Personalizing AI-generated stories to match the child's age and interests
- Tracking story and meditation progress
- Awarding achievement badges
4.3 What Child Data Is NOT Used For
- Marketing, advertising, or promotional targeting
- Behavioral profiling or analytics beyond basic app usage
- Location tracking of any kind
- Sharing with advertisers or data brokers
- Creating public profiles visible to other users
4.4 Parental Rights and Controls
Parents have full control over their children's data at all times:
- View all child profile information and preferences
- Edit child name, age, interests, and preferences at any time
- Delete individual child profiles permanently
- Delete the entire account and all associated child data
- Withdraw consent for data processing at any time
- Request a copy of all data associated with their child
- Disable disability inclusion in stories
- Control notification settings
A parental gate (math verification) protects sensitive features such as subscription management, preventing children from making unauthorized changes.
We share personal data only with the following third-party services, strictly for the purposes described below:
5.1 Google Gemini API (Story Generation)
- Data Shared: Child's age range, selected interests, preferred characters, themes, story settings, values, disability inclusion preference (if enabled), and the story prompt entered by the parent.
- Data NOT Shared: Child's real name, photo, location, device information, or any personally identifiable information.
- Purpose: Generating personalized, age-appropriate story content.
5.2 Google AdMob (Advertising)
- Data Shared: Non-personalized ad requests with COPPA child-directed treatment flag enabled.
- Purpose: Displaying non-targeted advertisements to Basic plan users only.
- Data NOT Shared: Personal identity, child profile data, usage history.
5.3 Firebase Analytics (Google)
- Data Shared: Anonymized usage statistics, crash reports, screen view events, device type and OS version.
- Purpose: App performance monitoring, bug detection, and feature improvement.
5.4 Apple App Store / Google Play Store
- Data Shared: Subscription purchase verification receipts and transaction IDs.
- Purpose: Processing payments and verifying subscription status.
- We never receive, store, or process credit card or banking information.
We do not sell, rent, trade, or otherwise transfer personal data to any third party for their own purposes, under any circumstances.
- Basic (free) plan users may see advertisements powered by Google AdMob.
- All advertisements shown are non-personalized and non-targeted.
- We configure Google AdMob with
tagForChildDirectedTreatment: true and maxAdContentRating: G (General Audiences) in strict compliance with COPPA.
- Users may watch rewarded video ads voluntarily to earn in-app credits (limited to 5 per day).
- Plus and Pro subscribers enjoy a completely ad-free experience.
- No behavioral data, browsing history, or child profile information is ever shared with any advertising network.
TaleUp offers three subscription tiers:
| Feature | Basic (Free) | Plus | Pro |
|---|
| Initial Credits | 10 | 10 + 50 | 10 + 150 |
| Monthly Story Limit | 2 | 10 | 30 |
| Storage | 100 MB | 1 GB | 5 GB |
| Ads | Non-personalized | Ad-free | Ad-free |
- Payment is charged to your Apple ID or Google Play account at confirmation of purchase.
- Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period.
- You can manage or cancel subscriptions in your device's store settings (iOS: Settings > Apple ID > Subscriptions; Android: Play Store > Subscriptions).
- Any unused portion of a free trial period is forfeited upon purchasing a subscription.
- Refunds are subject to Apple's or Google's respective refund policies.
We implement the following measures to protect your data:
- Encryption in Transit: All data transmitted between the App and our servers uses HTTPS / TLS encryption.
- Password Security: User passwords are hashed using industry-standard algorithms and are never stored in plain text.
- Authentication: JWT (JSON Web Token) based authentication with secure token management.
- OAuth 2.0: Secure third-party sign-in via Google, Apple, and Facebook.
- Access Control: Role-based access control for all administrative functions.
- Infrastructure: Hosted on Microsoft Azure with enterprise-grade security.
- Database: PostgreSQL with restricted access, connection pooling, and parameterized queries to prevent SQL injection.
While we employ commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We will notify affected users promptly in the event of a data breach as required by applicable law.
| Data Type | Retention Period |
|---|
| Account information | Active account duration + 30 days after deletion request |
| Child profile data | Until parent deletes the profile or account is closed |
| Stories and meditation content | Active account duration |
| Usage and analytics data | 24 months from collection date |
| Payment and transaction records | 5 years from last transaction (legal requirement) |
| Support tickets | 12 months from ticket closure |
| Credit transaction history | Active account duration + 30 days |
After the applicable retention period expires, data is permanently and irreversibly deleted from our systems.
Users can permanently delete their account and all associated data through two methods:
Method 1: In-App Deletion
Navigate to Settings > Profile Settings > Delete Account. Confirm the deletion through the verification prompt.
Method 2: Email Request
Send a deletion request to info@apponai.co from the email address associated with your account.
What Happens When You Delete Your Account
- All personal information is permanently removed within 30 days.
- All child profiles and their associated data are deleted.
- All generated stories, listening history, and progress data are deleted.
- All badge achievements, credit balance, and transaction history are deleted.
- Active subscriptions are cancelled (final billing cycle applies per Apple / Google policies).
- Payment records are retained for 5 years to comply with legal and tax obligations.
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you and your children.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request permanent deletion of your personal data.
- Right to Restriction: Request that we limit the processing of your data in certain circumstances.
- Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
- Right to Object: Object to data processing based on legitimate interest.
- Right to Withdraw Consent: Withdraw your consent at any time without affecting the lawfulness of processing performed before withdrawal.
- Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment.
- Right to Complain: Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at info@apponai.co. We will respond within 30 days of receiving your request.
TaleUp's servers are hosted on Microsoft Azure (West US 2 region). If you are located outside the United States, your data may be transferred to and processed in the United States.
We ensure that appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where required by applicable law. For users in the European Economic Area (EEA), United Kingdom, or Turkey, we comply with the respective data transfer requirements under GDPR, UK GDPR, and KVKK.
TaleUp uses local push notifications to send engagement reminders such as story suggestions, meditation reminders, and motivational messages. These notifications:
- Are generated and scheduled locally on your device.
- Do not transmit personal data to our servers or any third party.
- Can be enabled or disabled at any time via Application Settings > Notifications within the App, or through your device's system notification settings.
- Are available in Turkish, English, and Russian based on your language preference.
The TaleUp mobile application does not use cookies. We use the following on-device technologies:
- AsyncStorage (on-device): Stores user preferences (theme, language, notification settings) locally. This data never leaves your device.
- Redux Persist (on-device): Maintains app state locally for a seamless user experience.
- Firebase Analytics SDK: Collects anonymized usage statistics as described in Section 5.3.
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this Policy.
- We will notify users through an in-app notification.
- For changes affecting children's data practices, we will seek renewed parental consent where required by law.
Continued use of the App after changes are posted constitutes acceptance of the updated Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We are committed to resolving any privacy concerns promptly and will respond to all inquiries within 30 days.
This Privacy Policy is also available in Turkish, English, and Russian within the TaleUp application under Settings > Legal Terms.