Effective Date: May 1, 2026 · Last Updated: May 2, 2026
Welcome to My Mini Hero ("we", "us", "our"). My Mini Hero is an AI-powered children's story generation app that creates personalized stories with illustrations, narration, and music for children aged 2–12.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have regarding your data. This policy applies to our mobile application (iOS and Android), our website at myminiheros.com, and all related services.
By using My Mini Hero, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
| App Name | My Mini Hero |
|---|---|
| Developer | My Mini Hero |
| Contact Email | support@myminihero.app |
| Website | myminiheros.com |
When you create an account, we collect:
We support sign-in via email magic link, Google Sign-In, and Apple Sign-In. We never store your password; authentication is handled securely by Supabase.
Parents or guardians create profiles for their children. For each child, we collect:
Important: Child photos are transmitted to AI image generation services to create story illustrations that resemble the child. See Section 6 for details on which services receive this data.
When you create a story, we collect and process:
Generated story content — text, illustrations, audio narration, and background music — is stored in our cloud infrastructure.
We do not collect or store payment card details. All payments are processed by:
We store only subscription status, tier, and expiration dates in our database.
If you order a printed book, we collect:
This data is transmitted to our print fulfillment partner (Lulu) to manufacture and ship your order.
My Mini Hero is designed for parents and guardians to use with their children. We take children's privacy seriously.
Our app requires an adult account to operate. Children do not create accounts themselves. All child data — including names, ages, and photos — is entered by the parent or guardian who holds the account. By creating a child profile, the parent or guardian provides consent for us to collect and process the child's data as described in this policy.
We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. All data collection flows through the parent's authenticated account.
We collect only the minimum data necessary to personalize stories. Child profiles require only a first name and age; gender, themes, and photos are optional enhancements.
When a parent uploads a child's photo, it is used solely for generating story illustrations that resemble the child. Photos are:
We do not serve behavioral or targeted advertisements to any user. We do not use children's data for advertising purposes.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation & authentication | Email, name, profile photo | Contract performance |
| Story personalization & generation | Child name, age, gender, photo, preferences | Consent (parental) |
| AI illustration generation | Child photo (base64), scene descriptions | Consent (parental) |
| Audio narration | Story text (may contain child's name) | Contract performance |
| Push notifications | Device token, device type | Consent |
| Physical book printing & delivery | Shipping address, phone, recipient name | Contract performance |
| Subscription management | User ID, subscription status | Contract performance |
| Reading progress & engagement | Pages read, streaks, achievements | Legitimate interest |
| Customer support | Ticket content, email | Contract performance |
| Story sharing & gifting | Share URLs, recipient email, IP hash | Consent / Legitimate interest |
We use the following third-party services that may receive personal data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & identity | Email, name, OAuth tokens |
| Google (Sign-In) | Social login | OAuth2 flow (email, name, avatar from Google) |
| Apple (Sign-In) | Social login | OAuth2 flow (email, name from Apple) |
| Google Gemini AI | Story text & image generation | Child name, age, gender, photo (base64), story preferences |
| ElevenLabs | Text-to-speech narration | Story text (may include child's name) |
| Suno AI | Background music generation | Music style prompt only (no personal data) |
| Amazon Web Services (AWS) | Cloud infrastructure, file storage (S3), content delivery (CloudFront) | All stored data (encrypted at rest) |
| RevenueCat | Subscription entitlement management | User ID, device platform, purchase events |
| Apple App Store / Google Play | Payment processing | Per Apple/Google's respective privacy policies |
| Lulu Print API | Physical book fulfillment | Shipping address, phone, story page count |
| Expo | Push notification delivery | Device push token, notification content |
We do not sell your personal data. Data is shared with third parties only to provide the services described above. We do not share data for advertising or marketing by third parties.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion is requested |
| Children's profiles & photos | Until the child profile or account is deleted |
| Generated stories (text, images, audio) | Indefinitely (anonymized and archived on account deletion) |
| Reading progress & streaks | Until account deletion |
| Shipping addresses | Until deleted by user or account deletion |
| Order history | Until account deletion |
| Support tickets | Until account deletion |
| Share view logs (IP hashes) | 90 days |
You can delete your account and all associated personal data at any time.
Generated stories (text, illustrations, audio, and music) are transferred to an internal archive account. All personal identifiers (user ID, child names in metadata) are disassociated. This allows us to maintain the integrity of created content while removing your personal data. The story content files (images, audio) remain in storage as they are referenced by story generation IDs, not personal identifiers.
If you have active orders (pending, processing, or shipped), you must wait for delivery or cancel them before deleting your account.
Account deletion is processed immediately upon confirmation. S3 file cleanup and authentication record removal are completed within 24 hours.
Regardless of your location, you have the right to:
If you are in the EEA, you additionally have the right to:
If you are a California resident, you have the right to:
To exercise any of these rights, contact us at support@myminihero.app. We will respond within 30 days. We may ask you to verify your identity before processing your request.
Our mobile app does not use cookies, browser fingerprinting, or third-party analytics SDKs (such as Firebase Analytics, Amplitude, or Mixpanel).
Our website (myminiheros.com) may use essential cookies for basic functionality. We do not use advertising cookies or tracking pixels.
We do not participate in cross-app or cross-site tracking. We do not share data with advertising networks.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Continued use of My Mini Hero after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:
| support@myminihero.app | |
| Website | myminiheros.com |
| Data Deletion | privacy.myminiheros.com/account/deletion |