Privacy Policy — Twinkle
Privacy Policy
Last updated: March 24, 2026
Twinkle (“the App”) is developed and operated by Ray Lenzed (“we”, “our”). This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account Information
When you sign in with Apple, we receive:
- A unique Apple User ID (anonymous identifier)
- Email address (only if you choose to share it with the App)
- Display name (only if you choose to share it)
We never see your Apple ID password.
Story Data
Stories you generate, including the child’s name, age, interests, and “today’s event” you enter, are stored on our servers to sync across your sessions.
Subscription Status
We store when your subscription expires so we can unlock Pro features.
Usage Information
We do not use third-party analytics SDKs. Basic request logs (IP address, timestamp, endpoint) are retained by Cloudflare for up to 24 hours for security purposes.
2. How We Use Your Data
- To provide the service — generate personalized bedtime stories, store them, and play audio narrations.
- To manage subscriptions — verify your Pro status and sync it across your devices.
- To improve the App — aggregate, non-personal usage patterns only.
We do not sell, rent, or share your personal data with third parties for advertising.
3. AI Story Generation
Stories are generated using an AI language model via OpenRouter (openrouter.ai). The text you enter (child name, age, interests, today’s event) is sent to the AI model to generate a story. Please do not enter sensitive personal information.
Text-to-speech audio is also generated via AI and stored temporarily in our cloud storage (Cloudflare R2) for playback.
4. Children’s Privacy
Twinkle is designed for parents and caregivers to use on behalf of children. We do not knowingly collect personal information directly from children under 13. Parents enter information about their child (name, age, interests); this data belongs to the parent’s account and is used solely to personalize stories.
If you believe a child under 13 has submitted personal data without parental consent, please contact us and we will delete it promptly.
5. Data Storage & Security
Your data is stored on Cloudflare’s infrastructure (United States). We use industry-standard encryption in transit (HTTPS/TLS) and at rest. Access tokens expire after 15 minutes; refresh tokens expire after 30 days.
6. Your Rights
You may:
- Delete your account and all data — use the “Delete Account” option in Settings, or contact us.
- Export your stories — contact us and we will provide a copy.
- Opt out — simply stop using the App and your data will not be updated further.
If you are in the EEA, UK, or California, you may have additional rights under GDPR or CCPA. Contact us to exercise them.
7. Data Retention
We retain your account and story data as long as your account is active. If you delete your account, all associated data is permanently deleted within 30 days.
8. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Apple Sign In | Authentication | apple.com/privacy |
| Cloudflare | Hosting, CDN, Storage | cloudflare.com/privacypolicy |
| OpenRouter | AI story & audio generation | openrouter.ai/privacy |
| Apple App Store | Subscription billing | apple.com/privacy |
9. Changes to This Policy
We may update this policy occasionally. We will notify you of material changes via an in-app notice. Continued use of the App after changes constitutes acceptance.
10. Contact
Questions or requests: [email protected]
Ray Lenzed raylenzed.com