隱私政策

最後更新日期:2026 年 4 月 7 日

1. Introduction

VocaStory ("we," "us," or "our") operates the VocaStory mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting the privacy of all our users, with special attention to the privacy and safety of children.

Company: VocaStory
Contact: privacy@vocatales.com
Bundle ID: com.gcdm.vocastory

2. Information We Collect

2.1 Parent/Guardian Information

  • Account Information: Email address, display name, and authentication credentials when you create an account.
  • Voice Data: Audio recordings you voluntarily provide for the voice cloning feature. These recordings are encrypted and used solely to generate a voice model for story narration.
  • Payment Information: Subscription transactions are processed through Apple App Store and Google Play Store. We do not store credit card numbers or payment details directly.
  • Usage Data: App interaction data, story preferences, and feature usage statistics (only if analytics is enabled in settings).

2.2 Children's Information

We collect the minimum amount of children's information necessary to provide age-appropriate stories:

  • Child Profile: First name (or nickname), age group, and preferred story themes. This information is provided by the parent/guardian, not collected directly from children.
  • Play History: Story listening history and completion data, stored to provide usage insights to parents.

We do NOT collect: Photos of children, precise location data, contact information from children, or any form of persistent identifiers from children for advertising purposes.

3. How We Use Your Information

  • Voice Cloning: Your voice recordings are processed by our AI partners to create a voice model that narrates stories. Voice data is encrypted in transit and at rest.
  • Story Generation: Child profile data (age group, themes) is used by our AI to generate age-appropriate, personalized stories.
  • Service Improvement: Aggregated, anonymized usage data helps us improve story quality and app features.
  • Parental Controls: Usage data is presented to parents through the parental dashboard for monitoring screen time and listening habits.

4. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • Supabase: Cloud database and authentication. Data stored in secure, encrypted databases with Row Level Security.
  • Fish Audio / MiniMax: Voice cloning and text-to-speech processing. Voice data is processed according to their data processing agreements.
  • Google Gemini: AI story generation. Only story parameters (theme, age group, language) are shared — no personal identifiable information.
  • Firebase: Push notifications and analytics (if enabled). Used to deliver story completion notifications and reminders.
  • RevenueCat: Subscription management. Processes subscription status without accessing personal data.

All third-party API calls are routed through our secure backend (Supabase Edge Functions). API keys are never exposed to client applications.

5. COPPA Compliance

VocaStory is designed to comply with the Children's Online Privacy Protection Act (COPPA):

  • We require verifiable parental consent before collecting any information related to children under 13.
  • Child profiles are created and managed exclusively by parents/guardians.
  • Children cannot interact with other users, share content, or access external links without parental authorization.
  • We do not display advertisements to children or use children's data for marketing purposes.
  • Parents can review, modify, or delete their child's information at any time through the app settings.

6. GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

  • Legal Basis: We process data based on your consent (voice recording, analytics) and contractual necessity (account management, story delivery).
  • Data Minimization: We collect only the data necessary to provide our services.
  • Right of Access: You can request a copy of all data we hold about you.
  • Right to Erasure: You can request complete deletion of your account and all associated data.
  • Right to Portability: You can request your data in a machine-readable format.
  • Data Protection Officer: Contact privacy@vocatales.com for any GDPR-related inquiries.

7. Data Retention and Deletion

  • Active Accounts: Data is retained for as long as your account is active.
  • Voice Data: Voice recordings and cloned voice models are deleted immediately upon your request or when you delete a voice profile.
  • Account Deletion: When you delete your account, all personal data, voice data, stories, and child profiles are permanently deleted within 30 days.
  • Inactive Accounts: Accounts inactive for 24 months will receive a notification before data is archived or deleted.

8. Data Security

  • All data is encrypted in transit using TLS 1.3.
  • Voice data and personal information are encrypted at rest using AES-256 encryption.
  • Database access is protected by Row Level Security (RLS) policies ensuring users can only access their own data.
  • Authentication uses industry-standard JWT tokens with automatic refresh.
  • Parental controls are protected by PIN codes that are securely hashed and never stored in plain text.

9. Your Rights

You have the right to:

  • Access all personal data we hold about you and your children
  • Correct inaccurate personal data
  • Delete your account and all associated data
  • Export your data in a portable format
  • Opt out of analytics data collection
  • Revoke consent for voice data processing
  • Lodge a complaint with a supervisory authority

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the app and sending a notification. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Privacy inquiries: privacy@vocatales.com
  • General support: support@vocatales.com
← Back to Home