Privacy Policy

Welcome to Rudderberry. We are committed to protecting your privacy and the privacy of the children for whom you create personalized books. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account with Rudderberry, we collect:

• Your name and email address
• Password (encrypted and never stored in plain text)
• Authentication data when you sign in with Google or Facebook OAuth

Child Information

To create personalized books, you provide information about the child, including:

• The child's name and age
• Interests, hobbies, and favorite things
• Personality traits and characteristics

Important: We do NOT collect photographs of children. All illustrations in our books are AI-generated based on the descriptive information you provide.

Payment Information

Payment transactions are processed through Stripe, our secure payment processor. We do not store your credit card numbers or payment details on our servers. Stripe provides us with:

• Transaction confirmation and receipt information
• Billing address (for shipped book orders)
• Last four digits of your card (for order records)

Usage Data

We automatically collect certain information when you use Rudderberry, including:

• Browser type and version
• Device information and operating system
• IP address and general location (city/country level)
• Pages visited and features used
• Time and date of visits

Voice Recordings

Rudderberry+ members can optionally record their voice to create personalized narration for their children’s books. Members may also invite family members (such as grandparents) to contribute their voice via a secure invite link — no Rudderberry account is required to record. When a voice recording is submitted, we collect:

• The audio recording itself (typically 30–60 seconds)
• A display name for the voice (e.g., “Grandma’s Voice”)
• A timestamp of when consent was provided
• An optional email address (for invited recorders, used to send a confirmation and manage link)

Voice recordings are classified as biometric data under certain state and international laws. Please see Section 6 below for our Biometric Data Policy.

2. How We Use Your Information

We use the information we collect to:

• Create personalized children's books based on the information you provide
• Process payments and fulfill book orders
• Communicate with you about your orders, account, and customer service inquiries
• Send you order confirmations, shipping updates, and receipts
• Improve and optimize our service, including book generation quality
• Prevent fraud and ensure the security of our platform
• Comply with legal obligations

We will never sell your personal information or the information about children to third parties.

3. Children's Privacy (COPPA Compliance)

Rudderberry is committed to complying with the Children's Online Privacy Protection Act (COPPA). Our service is designed to be used by adults (parents, grandparents, family members, and educators) to create books for children. We do not knowingly collect personal information directly from children under the age of 13.

How Child Information Is Collected

All information about a child — including their name, age, appearance, interests, and optional date of birth — is provided by an authenticated parent or guardian through their account. Children never enter this information themselves. This information is used solely to personalize the story and illustrations in each book.

Child-Facing Interfaces

The Family Library feature (described in Section 5) provides a read-only reading experience that children may use on paired devices. This interface is designed with COPPA compliance in mind:

• No analytics or tracking: All product analytics (PostHog and Google Analytics) are completely disabled on child-facing routes. No pageview events, click tracking, or behavioral data is collected or transmitted from these pages.
• No cookie consent prompts: The cookie consent banner is never shown on child-facing routes because children cannot provide valid consent for analytics tracking.
• No data collection from children: The Family Library interface does not include any forms, text inputs, or other mechanisms through which a child could submit personal information.
• No external links or ads: The reading interface does not display advertisements or link to external websites.
• We do not collect photos, videos, or audio recordings of children

Parental Rights

Parents and legal guardians have the right to:

• Review the personal information we hold about their child by logging into their account
• Request deletion of their child's profile and associated data at any time through their account settings or by contacting us
• Revoke access to paired reading devices at any time through their account settings
• Refuse further collection of their child's information by removing the child's profile

If you are a parent or legal guardian and believe your child has provided personal information directly to us without your consent, please contact us immediately at privacy@rudderberry.com and we will delete such information promptly.

4. AI-Generated Content

Rudderberry uses artificial intelligence to generate personalized stories and illustrations. Here's what you should know:

• Story concepts and manuscripts are generated by Anthropic’s Claude language model
• Character sheets, page illustrations, and book covers are generated by Google’s Gemini image model
• Stories and illustrations are uniquely created for each book
• We do not use your data or child information to train AI models. Both Anthropic and Google’s API terms prohibit them from using API inputs or outputs for model training.
• Generated content is stored in your account so you can review, edit, and reorder books
• AI-generated illustrations are artistic interpretations and do not depict actual children

5. Family Library

Rudderberry's Family Library feature allows parents to pair devices so children can independently read their books. Here's what you should know about data handling in this feature:

• Session cookies: Paired devices receive a secure session token stored as an HTTP-only browser cookie. This token grants read-only access to the child's book library and expires after 90 days.
• Session activity: Each time a paired device loads the Family Library, the session's "last used" timestamp is updated in our database. This is visible to parents in their account settings so they can monitor device activity. No other usage data is collected from paired devices.
• Device names: Parents may optionally name paired devices (e.g., "iPad in playroom") for easier management. These labels are entered by the parent and stored in our database.
• Child-facing interface: The Family Library reading experience is designed for children and does not display ads, collect personal data from children, or include links to external sites.
• Parent PIN: A 4-digit PIN can be set to lock the device into "Story Mode," preventing children from navigating away from the reading interface. The PIN is stored as a one-way hash and is never transmitted in plain text after initial setup.
• No analytics in Family Library: All product analytics — including PostHog and Google Analytics — are completely disabled on Family Library pages. No pageview events, click tracking, behavioral data, or anonymous identifiers are collected or transmitted from child-facing routes. The cookie consent banner is also suppressed on these pages.

6. Voice Data & Biometric Information

Rudderberry’s voice narration feature allows parents and invited family members to record their voice, which is then used to generate narrated audio for children’s storybooks. Voice recordings may constitute biometric data under laws such as the Illinois Biometric Information Privacy Act (BIPA), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). This section serves as our publicly available biometric data policy.

What We Collect

We collect a short audio recording of your voice (typically 30–60 seconds of a reading passage). This recording is used solely to create a digital voice clone that narrates your children’s storybooks.

Consent

We obtain your informed consent before collecting any voice data. Before recording begins, you must affirmatively check a consent checkbox that explains how your voice will be used and processed. The date and time of your consent is recorded and stored alongside your voice data.

How Your Voice Data Is Used

• Your audio recording is sent to ElevenLabs, a third-party voice technology provider, to create a digital voice clone
• The voice clone is used exclusively to generate narrated audio for storybooks associated with the parent’s Rudderberry account
• Your voice data is never sold, shared with advertisers, or used for any purpose other than storybook narration
• Your voice data is not used to train general-purpose AI models

Third-Party Processing

Voice recordings are processed by ElevenLabs, Inc. for the sole purpose of creating a voice clone. ElevenLabs’ privacy policy is available at elevenlabs.io/privacy-policy. We do not authorize ElevenLabs to use your voice data for any purpose other than generating narration for your storybooks.

Retention & Destruction

We retain your source audio recording and generated voice clone for as long as you choose to keep them, but in no event longer than 3 years after your last interaction with Rudderberry or the account holder’s last interaction with their account, whichever is shorter. When you delete a voice from your account (or an invited recorder deletes their voice via their manage link):

• The source audio recording is permanently deleted from our cloud storage servers
• A deletion API call is issued to ElevenLabs to permanently remove the voice clone from their systems
• The voice record is marked as deleted in our database and all associated metadata is purged
• Previously generated narration audio files are permanently removed from storage

If your Rudderberry account is deleted, all associated voice data (recordings, clones, and generated narration) will be permanently destroyed within 30 days using the same deletion methods described above.

Your Rights

• Deletion: Account holders can delete any voice clone at any time from their account settings. Invited recorders (family members) can delete their voice via the manage link sent in their confirmation email, or by contacting us at privacy@rudderberry.com.
• Access: You may request information about the voice data we hold by contacting us.
• Withdrawal of consent: You may withdraw your consent and request deletion of your voice data at any time. Deletion will be completed promptly upon request.

Invited Recorders (Family Members)

When a family member records their voice via an invite link, the resulting voice clone is owned by the inviting parent’s account. The invited recorder receives a confirmation email (if they provide their email address) that includes a link to manage and delete their recording at any time. Invited recorders do not need a Rudderberry account to exercise their deletion rights.

7. Third-Party Services

We work with trusted third-party service providers to deliver our service:

Stripe (Payment Processing)

All payment transactions are securely processed by Stripe. We do not store credit card information. Stripe's privacy policy is available at stripe.com/privacy.

Supabase (Authentication & Database)

We use Supabase to manage user authentication and securely store account and project data. Supabase's privacy policy is available at supabase.com/privacy.

Google & Facebook (OAuth Authentication)

If you choose to sign in with Google or Facebook, we receive basic profile information (name and email) from the provider. Google's privacy policy is available at policies.google.com/privacy. Facebook's data policy is available at facebook.com/privacy/policy.

Anthropic (Story & Concept Generation)

We use Anthropic’s Claude language model to generate story concepts, manuscripts, and related text. Prompts sent to Anthropic include child information you provide (name, age, interests, appearance). Under Anthropic’s API terms, inputs and outputs are not used to train their models. Anthropic’s privacy policy is available at anthropic.com/privacy.

Google (Illustration Generation)

We use Google’s Gemini image model to generate character sheets, page illustrations, and book covers. Image generation prompts include descriptive information about characters and scenes but do not include personally identifiable information beyond the child’s first name. Under Google’s API terms, inputs and outputs are not used to train their models. Google’s privacy policy is available at policies.google.com/privacy.

ElevenLabs (Voice Cloning & Narration)

We use ElevenLabs to create voice clones from user-submitted audio recordings and to generate narrated audio for storybooks. ElevenLabs processes voice recordings solely for the purpose of creating narration and does not use voice data for general model training. For details on how voice data is handled, see Section 6. ElevenLabs’ privacy policy is available at elevenlabs.io/privacy-policy.

Lulu (Print Fulfillment)

When you order a printed book, we share necessary information (book content PDF and shipping address) with Lulu, our print-on-demand fulfillment partner, to produce and ship your order. Lulu uses this information solely for order fulfillment. Lulu’s privacy policy is available at lulu.com/privacy-policy.

Resend (Transactional Email)

We use Resend to send transactional emails such as order confirmations and book-ready notifications. Resend processes your email address to deliver these messages. Resend's privacy policy is available at resend.com/legal/privacy-policy.

Sentry (Error Monitoring)

We use Sentry to monitor and fix errors in our application. When an error occurs, Sentry collects technical information about the error (stack traces, browser type, and error context) to help us identify and resolve issues quickly. No personal content or child information is sent to Sentry. Sentry's privacy policy is available at sentry.io/privacy.

PostHog (Product Analytics)

We use PostHog to understand how users interact with our service, such as which features are used most and where users encounter difficulties. Analytics data is routed through our own domain and does not involve third-party cookies. We only create analytics profiles for users who have signed in. PostHog's privacy policy is available at posthog.com/privacy.

8. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

• Account data: Retained while your account is active
• Book projects: Stored indefinitely so you can access, edit, and reorder books at any time
• Order history: Retained for record-keeping, customer service, and legal compliance
• Usage data: Retained for up to 2 years for analytics and service improvement
• Voice recordings and clones: Retained until you delete them from your account, or until your account is deleted (see Section 6 for full details)

You can request deletion of your account and associated data at any time by contacting us. Upon deletion, we will remove your personal information within 30 days, except where we are required to retain certain information for legal or accounting purposes.

9. Data Security

We take the security of your information seriously and implement industry-standard measures to protect it:

• All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
• Passwords are hashed and encrypted before storage
• We use secure authentication protocols (OAuth 2.0)
• Our database is protected with access controls and regular security updates
• We do not store credit card information on our servers
• Regular security audits and vulnerability assessments

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable efforts to safeguard your data.

10. Your Rights and Choices

You have the following rights regarding your personal information:

Access and Correction

You can access and update your account information and book projects at any time by logging into your Rudderberry account.

Deletion

You may request deletion of your account and associated data by contacting us at privacy@rudderberry.com. We will process your request within 30 days.

Data Portability

You can request a copy of your personal data in a machine-readable format.

Marketing Communications

You can opt out of promotional emails by clicking the "unsubscribe" link in any marketing email or by adjusting your account preferences. We will still send you transactional emails related to your orders and account.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of personal information. We do not sell personal information.

European Privacy Rights (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation, including the right to access, rectification, erasure, data portability, and the right to object to processing. You also have the right to lodge a complaint with a supervisory authority.

11. Cookies and Tracking Technologies

Rudderberry uses cookies and similar technologies to provide and improve our service:

Essential Cookies

We use session cookies for authentication and to remember your login session. These cookies are necessary for the service to function and cannot be disabled.

Analytics

We use PostHog for product analytics to understand how users interact with our service and improve the experience. PostHog traffic is routed through our own domain (not directly to third-party servers). We use localStorage-based persistence rather than tracking cookies. Analytics profiles are only created for users who have signed into their account.

We also use Google Analytics to understand traffic sources, visitor demographics, and site performance. Google Analytics uses cookies (such as _ga and _ga_*) to distinguish unique users and track sessions. Google Analytics is only loaded after you accept cookies via our consent banner. You can opt out at any time by declining cookies or by using the Google Analytics Opt-out Browser Add-on. Google's privacy policy is available at policies.google.com/privacy.

No Third-Party Advertising

We do not use third-party advertising cookies, tracking pixels, or retargeting. We do not share your data with advertising networks. Our analytics are used solely for product improvement and are routed through our own infrastructure.

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. Note that disabling cookies may affect your ability to use certain features of Rudderberry.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email to the address associated with your account
• Display a prominent notice on our website

Your continued use of Rudderberry after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all requests within 30 days of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.