Data Practices

1. Data Collection Principles

We follow these core principles:

• Transparency: We clearly explain what data we collect and why

• Minimization: We collect only what's necessary for product functionality

• Purpose Limitation: We use data only for stated purposes

• Security: We protect data with industry-standard measures

• User Control: You can access, modify, or delete your data anytime

2. Types of Data We Collect

Account Data:

• Email address, name, password (encrypted)

• Child profiles: first name, age, language preferences

Usage Data:

• Stories created, voice interactions, session duration

• Device information, app version, error logs

Voice Data:

• Voice recordings for story creation (processed and encrypted)

• Stored temporarily for AI processing, then deleted or anonymized

3. How We Process Voice Data

Voice data is handled with special care:

• Recordings are encrypted immediately upon capture

• Processed by our AI models to generate story responses

• Stored only as long as necessary for product functionality

• Parents can delete voice recordings at any time

• Voice data is never used for advertising or sold to third parties

4. Data Storage and Retention

• Account data: Stored until account deletion

• Stories and content: Stored until you delete them

• Voice recordings: Retained for 30 days, then automatically deleted

• Usage analytics: Anonymized after 90 days

• Backup data: Retained for 30 days for disaster recovery

5. Data Sharing and Third Parties

We do not sell your data. We share data only with:

Service Providers:

• Cloud hosting (AWS, Google Cloud) - for storage and processing

• Payment processors (Stripe) - for transaction processing

• Analytics tools (anonymized data only)

Legal Requirements:

• When required by law or to protect rights and safety

• In response to valid legal requests from authorities

6. Data Security Measures

We implement multiple layers of security:

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)

• Access Control: Role-based access, multi-factor authentication for staff

• Monitoring: 24/7 security monitoring and intrusion detection

• Audits: Regular third-party security audits and penetration testing

• Incident Response: Documented procedures for data breach response

7. Your Data Rights

You have the right to:

• Access: Request a copy of all data we have about you

• Rectification: Correct inaccurate or incomplete data

• Deletion: Request deletion of your account and all associated data

• Portability: Export your data in a machine-readable format

• Objection: Opt-out of certain data processing activities

To exercise these rights, contact us at contact@arcly.ai

8. Children's Data Protection

We take extra precautions with children's data:

• Parental consent required before collecting any child data

• Minimal data collection - only what's needed for product features

• No behavioral advertising or profiling of children

• Parents can review and delete child data at any time

• COPPA and GDPR-K compliant practices

9. Data Breach Notification

In the unlikely event of a data breach:

• We will notify affected users within 72 hours

• Notification will include nature of breach and steps we're taking

• We will provide guidance on protective measures you can take

• We will report to relevant authorities as required by law

10. International Data Transfers

Your data may be processed in countries outside your residence. We ensure:

• Adequate protection through Standard Contractual Clauses (SCCs)

• Compliance with GDPR, CCPA, and other privacy regulations

• Data processing agreements with all international partners

11. Cookies and Tracking

We use cookies and similar technologies for:

• Essential: Authentication, security, product functionality

• Analytics: Understanding how users interact with our products (anonymized)

• Preferences: Remembering your settings and language choices

You can control cookies through your browser settings.

12. Contact Us About Data Practices

For questions or concerns about our data practices:

• Email: contact@arcly.ai