Privacy Policy
Last updated: March 2026
🔒 COPPA Compliance Statement
Mirror Story is fully compliant with the Children's Online Privacy Protection Act (COPPA). We never collect personal information directly from children. All accounts are created and managed by parents or legal guardians aged 18 or older.
1. Who we are
Mirror Story ("we", "us", "our") is an AI-powered storytelling service for children. Our app is operated by parents on behalf of their children. We are committed to protecting the privacy of families using our service. Contact: privacy@mirrorstory.app
2. What data we collect
FROM PARENTS (account holders only): • Email address (via Clerk authentication) • Payment information (processed by Stripe — we never see your card number) • Subscription status FROM CHILD PROFILES (stored under parent's account): • Child's first name only • Child's age • Story preferences and generated stories WE NEVER COLLECT from children: • Last names • Photographs or videos • Voice or audio recordings • Location data • Device identifiers • Behavioral tracking data
3. How we use your data
We use collected data to: • Generate personalized stories for your child • Manage your subscription and payments • Send account-related emails (never marketing without consent) • Improve our service We NEVER: • Sell your data to third parties • Use your data for advertising • Share your child's information with anyone
4. Third-party services
We use the following trusted third-party services, each with their own privacy policies: • Clerk (authentication) — clerk.com/privacy • Supabase (database hosting) — supabase.com/privacy • Stripe (payments) — stripe.com/privacy • Anthropic (AI story generation) — anthropic.com/privacy • Resend (transactional email) — resend.com/legal/privacy-policy • Vercel (hosting) — vercel.com/legal/privacy-policy DATA SENT TO ANTHROPIC: To generate each story, we send Anthropic's API your child's first name, age, gender, and the situation description you provide. This is the minimum required to create a personalised, age-appropriate story. Anthropic processes this data under their privacy policy and enterprise data agreements. We do not send last names, contact details, or any other identifying information.
5. Parental rights (COPPA)
As a parent or legal guardian, you have the right to: • Review the personal information we have collected about your child • Request deletion of your child's information • Refuse further collection of your child's information • Withdraw consent at any time To exercise these rights, visit our Data Deletion page or email privacy@mirrorstory.app
6. Data retention
We retain your data for as long as your account is active. When you delete your account, all data including child profiles and stories is permanently deleted within 30 days. You can request immediate deletion at any time.
7. Data security
We use industry-standard security measures including encrypted connections (HTTPS), secure database storage with row-level security, and access controls. However, no system is 100% secure — please contact us immediately if you suspect any security issue.
8. Children's privacy (COPPA specific)
Mirror Story is a service directed at children but operated exclusively through parent accounts. Children do not create accounts, do not enter personal information, and do not interact with our systems directly. All data relating to children is stored under the parent's account and is subject to the parent's full control.
9. Contact us
For privacy questions, data requests, or COPPA concerns: Email: privacy@mirrorstory.app Response time: within 5 business days