COPPA Compliance

Our Commitment

Talevio is committed to complying with the Children's Online Privacy Protection Act (COPPA), a United States federal law designed to protect the privacy of children under 13 years of age. We also adhere to similar children's privacy regulations in other jurisdictions where our Service is available.

We believe that children deserve a safe, private, and ad-free digital environment. Talevio was built from the ground up with children's safety as a core design principle — not as an afterthought. Every feature, data practice, and design decision reflects our commitment to protecting young users.

For our complete privacy practices, please also review our Privacy Policy.

Who Is a "Child"

Under COPPA, a "child" is defined as an individual under the age of 13. Talevio treats all users with child accounts as children, regardless of their actual age, and applies COPPA protections to all child accounts.

Child accounts in Talevio are created exclusively by parents or legal guardians. A child cannot create their own account or sign up for the Service independently. This ensures that a verifiable parent or guardian is always involved before any child uses the Service.

Information Collected from Children

We collect the absolute minimum information necessary to provide the Service. The only information collected from children during their use of the app is:

• Drawings and character creations — digital artwork created using the in-app drawing canvas, stored as stroke data (JSON format) and rendered as PNG images. These are used solely to enable the character creation and story generation features.
• Username — a username chosen by the parent for the child's login. This is not required to be the child's real name and we encourage parents to use a pseudonym or nickname.

Information We Do NOT Collect from Children

Talevio does not collect any of the following information from children, either directly or through automated means:

• Full name, home address, or email address
• Phone number or other contact information
• Geolocation or GPS data
• Photos, videos, or audio recordings
• Contacts or address book data
• Browsing history or search queries
• Social media accounts or identifiers
• Persistent identifiers for behavioral advertising

No advertising of any kind is displayed to children. No analytics are tied to children's identities. Crash reporting data is collected in anonymized form only and cannot be traced back to any individual child.

Parental Consent

Talevio obtains verifiable parental consent before any child can use the Service. Our consent mechanism works as follows:

1. Parent creates an account first — only adults with a verified email address can create a parent account through our passwordless authentication system (magic link or OTP sent to their email).
2. Parent creates the child's profile — the parent provides the child's information (name, username, date of birth, personality description) and sets the child's login password.
3. Consent is implicit in account creation — by creating a child account, the parent consents to the limited collection of information as described in this policy. The parent is informed of exactly what information will be collected during the account creation process.
4. Parent controls all access — the parent can modify, restrict, or delete the child's account at any time, effectively withdrawing consent.

We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary for that activity.

Parental Rights & Controls

Under COPPA, parents have specific rights regarding their children's personal information. Talevio fully supports these rights:

• Right to review — parents can view all information associated with their child's account at any time through the app, including all drawings, characters, and stories.
• Right to delete — parents can delete their child's account and all associated data at any time through the app settings or by contacting us. See our Data Deletion page for detailed instructions.
• Right to refuse further collection — parents can delete a child's account to stop all further collection and use of the child's information. Previously collected data will be deleted per our retention policy.
• Right to manage — parents can edit child profile information, change the child's password, and manage the child's content (view and delete characters and stories).

Additional Parental Controls

• Parents can set a family password or individual passwords for each child
• Children cannot make purchases — only parents can buy and spend credits
• Children cannot generate stories — this is a parent-only action
• There are no social features, messaging, or sharing capabilities for children
• Parents can view all of their children's drawings and stories

Data Security

We take the security of children's data extremely seriously and implement comprehensive measures to protect it:

• Encryption in transit — all data transmitted between the app and our servers is encrypted using TLS/SSL protocols.
• Encryption at rest — sensitive data stored on our servers is encrypted at rest.
• Access controls — access to children's data is strictly limited to authorized personnel who require it for service operation. All access is logged and audited.
• Signed URLs — media files (drawings, story images, videos) are accessed through time-limited signed URLs, preventing unauthorized access.
• Scoped authentication — child accounts use scoped authentication tokens that restrict access to only the child's own data. A child cannot access another child's data, even within the same family.
• Regular security assessments — we conduct regular security audits and vulnerability assessments to identify and address potential risks.
• Third-party safeguards — all third-party service providers that may process children's data are contractually required to maintain appropriate security measures and COPPA compliance.

Data Retention & Deletion

We retain children's personal information only for as long as necessary to provide the Service. When a child's account is deleted (either by the parent or as part of a parent account deletion):

• All profile information is permanently deleted
• All drawings and character data are permanently deleted
• All stories, including scene images, audio, and video files, are permanently deleted
• All associated metadata and preferences are permanently deleted

Deletion of data from active systems occurs within 30 days. No identifiable information about the child is retained after deletion. Only anonymized, aggregated data (which cannot identify any individual) may be retained for service improvement purposes.

For detailed instructions on how to delete data, please visit our Data Deletion page.

COPPA Agent Contact

If you have any questions or concerns about our COPPA compliance or our children's privacy practices, please contact our designated COPPA agent:

• Name: Talevio Privacy Team
• Email: privacy@talevio.com
• Website: https://talevio.com

We aim to respond to all COPPA-related inquiries within 2 business days. Parents may contact us at any time to exercise their rights under COPPA, including requesting access to, modification of, or deletion of their child's personal information.

FTC Information

COPPA is enforced by the Federal Trade Commission (FTC). If you believe that Talevio or any other online service is not complying with COPPA, you may file a complaint with the FTC:

• Online: https://www.ftc.gov/complaint
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

For more information about COPPA, visit the FTC's COPPA Rule page or the FTC's COPPA FAQ for businesses.