Privacy Policy
Last updated: July 2, 2026 · Bedside Stories, McKillop Creative LLC, Greenville, South Carolina
The short version: We collect the minimum a story needs — your child's first name, age, and a few interests. You are the account holder, not your child. We never sell data, we don't run ads or tracking cookies, and you can delete everything anytime.
1. Who we are
Bedside Stories is operated by McKillop Creative LLC ("we"), which is responsible for the information described in this policy. We are a personalized bedtime story service based in Greenville, South Carolina. You can reach us anytime at [email protected].
2. Who our service is for
Bedside Stories is designed for parents and legal guardians. Accounts may only be created by adults (18+). Children do not create accounts, do not enter information themselves, and are not marketed to. Parents provide limited information about their children solely so we can personalize stories, and by doing so consent to that use.
3. What we collect
About your child (provided by you):
- First name only — never a last name
- Age (a number, not a birthdate)
- A short list of interests (e.g., "dinosaurs, soccer")
- Optionally, a "story prescription" topic you select (e.g., "first day of school")
- Optionally, story inputs you or your child provide for a single night's tale — a request in their own words, or Story Soup ingredients (a sidekick, a place, a magic word)
About you (the account holder):
- Email address and password (passwords are stored hashed, never in plain text)
- Subscription and payment status — payment card details are handled entirely by Stripe, our payment processor; we never see or store your card number
Automatically: we use Cloudflare Web Analytics, a privacy-first tool that uses no cookies and collects no personal identifiers. It shows us aggregate counts like page views and country-level location. We do not use Google Analytics, advertising trackers, or social media pixels.
4. How we use it
- To generate personalized stories — your child's first name, age, interests, and any optional story inputs (prescription topic, tonight's request, Story Soup ingredients) are sent to our AI provider (Anthropic) at the moment a story is created, solely to write that story
- To save your profiles and story library to your account
- To manage your subscription and respond to support requests
That's the whole list. We do not sell personal information, share it with advertisers, or use it to build marketing profiles.
5. AI processing
Stories are generated using Anthropic's Claude API. Under Anthropic's commercial API terms, data submitted through the API is not used to train their models. We send only the story inputs described above — never your email, payment details, or anything else.
6. Where data lives and how it's protected
- All traffic is encrypted in transit (HTTPS/TLS)
- Profiles and stories are stored encrypted at rest on Cloudflare's infrastructure
- Our story-generation server does not log children's names or story contents
- Access to account data is limited to the founder and used only for support you request
7. Retention and deletion
- Delete any child profile instantly from within the app
- Delete your entire account and all associated data by emailing [email protected] — completed within 30 days, confirmed by reply
- If your account is inactive for 24 months, we delete it and its data
8. Children's privacy (COPPA)
We take children's privacy seriously and designed the service to stay well clear of the line. The service is directed to parents; parents are our users and provide all information with consent. We collect no persistent identifiers from children, no photos, no voice recordings, no location, and no contact information for any child. If you believe a child has provided us information directly, contact us and we will delete it promptly.
9. Your rights
Wherever you live, we extend the same rights to everyone: access what we hold about you, correct it, export it, or delete it — just email us. California residents have these rights under the CCPA; we do not "sell" or "share" personal information as those terms are defined there. EU/UK residents have equivalent rights under GDPR, and our lawful bases are contract (providing the service you signed up for) and consent (the child information you choose to provide).
10. Payments
Subscriptions are processed by Stripe, Inc. Stripe's handling of your payment data is governed by its own privacy policy at stripe.com/privacy.
11. Changes to this policy
If we make meaningful changes, we'll email account holders and note the new date at the top of this page. We will never quietly weaken the promises in the short version above.
12. Contact
Questions, requests, or concerns: [email protected]