Little Lantern — Privacy Policy

Version 2.0 · Effective: January 15, 2025 · Last Updated: September 10, 2025 · Governing Law: North Carolina, USA

Summary

Parents' Privacy Summary

This summary helps you understand how we protect your family's privacy. It does not replace the full Privacy Policy below.

  • Children's Protection: We follow COPPA law. We don't collect data from children under 13 without verified parental consent.
  • What we collect: Your account info, child's name/age/interests for stories, payment info (via Stripe), and usage data to improve our service.
  • How we use it: To create personalized stories, manage your account, process payments, and improve our service. We don't sell your data.
  • Data sharing: Only with essential service providers (hosting, payments) and when required by law. No marketing to third parties.
  • Your rights: Access, correct, or delete your data anytime. Parents control all child information.
  • Security: We encrypt data, limit access, and use secure payment processing.
  • Contact us: Email privacy@littlelantern.ai for questions or to exercise your rights.

Contents

Full Privacy Policy

Please read carefully. If there's any conflict between this section and the summary above, this section controls.

1. Information We Collect

We collect information you provide directly to us, such as:

  • Account information: Name, email address, password
  • Child information: Name, age, interests, appearance preferences for story personalization
  • Payment information: Processed securely through Stripe (we do not store credit card details)
  • Stories and content: Stories you create and customize
  • Usage data: How you interact with our service, device information, IP address
  • Communications: Messages you send us for support or feedback

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve our AI-powered story generation services
  • Personalize stories for your children based on their interests and preferences
  • Process payments and manage your account and subscriptions
  • Send you important service updates, security alerts, and notifications
  • Analyze usage patterns to improve our platform and user experience
  • Provide customer support and respond to your inquiries
  • Ensure the safety and security of our service
  • Comply with legal obligations

3. Children's Privacy (COPPA Compliance)

We are committed to protecting children's privacy and comply with COPPA:

  • Age Verification: We do not knowingly collect personal information from children under 13 without verifiable parental consent
  • Parental Control: Parents control all child information and can review, modify, or delete it at any time
  • Limited Use: Child information is used solely for story personalization and service provision
  • No Marketing: We do not use children's information for marketing purposes or share it with third parties for marketing
  • Data Minimization: We collect only the minimum information necessary to provide personalized stories
  • Parental Rights: Parents can contact us to exercise rights regarding their child's information

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information in limited circumstances:

  • Service Providers: With trusted partners who help us operate our platform (hosting, payment processing, analytics) under strict confidentiality agreements
  • Legal Requirements: To comply with legal obligations, court orders, or protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • Consent: With your explicit consent for specific purposes
  • Anonymized Data: Aggregated, anonymized data that cannot identify individuals may be used for research and improvement

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Security Monitoring: Regular security assessments and monitoring for threats
  • Secure Infrastructure: Hosting on secure, compliant cloud platforms
  • Payment Security: PCI DSS compliant payment processing through Stripe
  • Incident Response: Procedures for responding to security incidents

6. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Receive your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to certain processing activities
  • Restrict: Request restriction of processing in certain circumstances

7. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential: Remember your login status and preferences
  • Analytics: Analyze website traffic and usage patterns (via Google Analytics)
  • Performance: Improve our services and user experience
  • Functional: Provide personalized content and recommendations

You can control cookie settings through your browser preferences. Disabling certain cookies may affect service functionality.

8. Data Retention

We retain your information based on the following criteria:

  • Account Data: While your account is active and for a reasonable period after closure
  • Stories: As long as you maintain your account
  • Payment Records: As required by law and for tax purposes
  • Support Communications: For a reasonable period to provide ongoing support
  • Legal Requirements: As required by applicable laws and regulations

You can request deletion of your account and data at any time, subject to legal retention requirements.

9. International Data Transfers

Your information may be processed and stored in countries other than your own, including the United States. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses for EU data transfers
  • Adequacy decisions where applicable
  • Other lawful transfer mechanisms as required

10. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

  • Right to Know: Information about personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt out of sale/sharing of personal information (we don't sell data)
  • Right to Limit: Limit use of sensitive personal information
  • Non-Discrimination: No discrimination for exercising privacy rights

11. GDPR Rights (EU/UK Residents)

EU and UK residents have rights under GDPR/UK GDPR:

  • Legal Basis: We process data based on consent, contract performance, and legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent
  • Data Protection Officer: Contact privacy@littlelantern.ai
  • Supervisory Authority: Right to lodge complaints with your local data protection authority

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will:

  • Notify you by email at least 30 days before changes take effect
  • Post the updated policy on our website with the effective date
  • Highlight significant changes in our notification

Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact & Exercising Your Rights

Privacy Contact:

Email: privacy@littlelantern.ai

To exercise privacy rights, please email us with the subject line "Privacy Request" and specify your request (e.g., access, deletion, correction). We will verify your identity and respond as required by applicable law. Authorized agents may submit requests on your behalf where permitted.

Supervisory Authorities: EEA residents may find their authority at https://edpb.europa.eu. UK residents may contact the ICO at ico.org.uk. California residents may contact the California Attorney General at oag.ca.gov.

14. Governing Law

This Privacy Policy and any disputes arising out of it are governed by the laws of the State of North Carolina and applicable U.S. federal law, without regard to conflict of laws principles.

15. Definitions

  • Personal information / Personal data: Information that identifies or relates to an identified or identifiable individual.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • Service: Little Lantern's website, applications, and related services.
  • Child: An individual under the age of 13 (or applicable age in your jurisdiction).

If there is a conflict between translations of this Policy, the English version controls.

© 2025 Little Lantern. All rights reserved.