Your Privacy Matters

We are committed to protecting your privacy and your children's information. This policy explains how we collect, use, and safeguard your data.

Last Updated: 31st December 2025Version 1.0

Key Highlights

No Data Selling

We never sell your personal information

Child-Safe

COPPA compliant, parental consent required

Data Portability

Download your data anytime

Right to Delete

Delete your account and data anytime

Global Privacy Compliance

We strictly adhere to international privacy laws to ensure your data remains protected, no matter where you are.

28+ Regions

Americas

COPPACCPALGPDPIPEDA

USA, Brazil, Canada, Argentina

Europe

GDPRUK GDPRnFADPKVKK

EU, UK, Switzerland, Turkey, Russia

Asia-Pacific

PIPLDPDPAPPIPDPA

China, India, Japan, Singapore, Aus...

Middle East

UAE DPLIsrael PPL

UAE, Israel, GCC Region

Africa

POPIA

South Africa

Children's Privacy

COPPAAge Gate

Global child safety standards

At Nanhe Kissey, we take the privacy of our users, especially children, very seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Important: Our Service is designed for parents and guardians to use on behalf of their children. We require parental consent before collecting any child information.

The data controller responsible for your personal information is:

Nanhe Kissey

Plot#10, SK-3, Indirapuram, Ghaziabad, UP-201014, India

privacy@nanhekissey.com

+91-120-4101115

+91-120-4295665

For GDPR purposes, we act as the "Data Controller" for personal data we collect. For India DPDP Act purposes, we are the "Data Fiduciary."

Parent/Guardian Information

When you create an account, we collect:

Account Information:: Name, email address, password (encrypted)
Contact Information:: Phone number, address (optional)
Payment Information:: Processed securely by our payment provider (we do not store full card details)

Child Information

For story personalization, we collect (provided by parents only):

First Name:: Used in story personalization
Age/Age Range:: For age-appropriate content
Gender:: Optional, for pronoun usage
Interests:: Optional, for story themes
Photos:: Optional, only if parent uploads for character creation

Face Detection:: When you upload a photo, our service uses client-side face detection technology (face-api.js) to automatically detect and crop the face area. This processing happens entirely on your device - no facial recognition data is sent to our servers. Only the cropped image is uploaded for character illustration.

autoCollectedInfo

deviceInfoDesc
usageDataDesc
cookiesDesc

Device Verification (Mobile App)

For security purposes, our mobile app collects:

Apple App Attest (iOS):: Device integrity verification tokens
Google Play Integrity (Android):: Device verification data

This data is used solely to verify legitimate app installations and prevent fraud. No personal information is collected through these systems.

Offline & Local Storage

webMobileAppsStore

stories: storiesDesc
preferences: preferencesDesc
cache: cacheDesc
progressData: progressDataDesc

Local data remains on your device and can be cleared through your browser or app settings.

Gamification & Engagement Data

toEnhanceExperience

Reading Streaks:: Daily reading activity for streak rewards
Achievement Progress:: Milestones and badges earned
Points & Levels:: Engagement scores for rewards
readingStatistics: readingStatisticsDesc

weUseInfoFor

Service Delivery

Create personalized storybooks
Process orders and payments
Manage your account
Provide customer support

Communication

Send order confirmations
Service announcements
Respond to inquiries
Marketing (with consent)

Improvement

Analyze usage patterns
Improve our services
Develop new features
Conduct research

Legal & Security

Comply with laws
Prevent fraud
Protect our rights
Ensure security

We Never:: Sell your personal data, use children's data for advertising, or share data with third parties for their marketing purposes.

Children's Privacy (COPPA Compliance)

Our Commitments

noCollectFromChildren
childInfoByParents
childDataForStories
noChildMarketing
noShareWithAdvertisers

Parental Rights

parentsHaveRight

review: reviewDesc
delete: deleteDesc
refuse: refuseDesc
withdrawConsent: withdrawConsentDesc

toExerciseRights

aiTechnologyProcessors

childDataProcessed

OpenAI (GPT-4.1 Mini)

Story narrative generation using child's name, age, gender, and selected themes. We use store:false to prevent training on child data.

Google Gemini

AI for story generation (free tier). Receives child's name, age, gender, and story preferences.

Anthropic Claude

Premium tier creative writing. Receives child's name, age, gender for story personalization.

DeepInfra (Llama)

Cost-effective AI models for story generation fallback. Receives same personalization data as other providers.

fal.ai (FLUX Kontext, PuLID)

Primary image generation with face consistency. May receive character descriptions and reference photos for illustration.

Replicate

Fallback image generation. Receives same data as fal.ai for illustration continuity.

Supabase

Secure cloud database and storage for stories, images, and account data with encryption at rest.

AI Content Moderation

Automated content safety checks to ensure all generated stories are age-appropriate and safe.

These providers process data only for story generation and do not retain child data for training (where technically possible, e.g., OpenAI store:false). We select providers based on their privacy practices and COPPA compatibility.

We may share your information in limited circumstances:

Service Providers:: Third-party vendors who help us operate (payment processors, cloud hosting, email services)
Legal Requirements:: When required by law or valid legal process
Business Transfers:: In connection with a merger, acquisition, or sale
With Your Consent:: When you explicitly agree to sharing
Safety:: To protect rights, safety, and property

weDoNotSell weDoNotSellDesc

Our Service Providers

We work with the following trusted third-party service providers:

Provider	Purpose	Data Shared
OpenAI (GPT-4.1 Mini)	AI story generation (standard/premium)	Name, age, gender, preferences
Google Gemini	AI story generation (free tier)	Name, age, gender, preferences
Anthropic Claude	AI story generation (premium)	Name, age, gender, preferences
DeepInfra (Llama)	AI story generation (fallback)	Name, age, gender, physical description
fal.ai (FLUX Kontext, PuLID)	Primary image generation	Character descriptions, photo references
Replicate	Fallback image generation	Character descriptions, photo references
Supabase	Database, auth, storage	All account data (encrypted)
Razorpay	Payment processing (India)	Payment details only
PayPal	Payment processing (Global)	Payment details only
Resend	Transactional emails	Email address, name
Google Analytics	Website analytics	Anonymized usage data
Apple (App Attest)	iOS device verification	Device tokens only
Google (Play Integrity)	Android device verification	Device tokens only
Vercel	Website hosting	Request logs (anonymized)
Fly.io	API server hosting	Request processing

All service providers are bound by data processing agreements and are required to protect your data in accordance with applicable privacy laws.

dataRetentionIntro

Data Type	Retention Period
Account Data	While active; deleted within 30 days of request
Story Data	While account active; deletable anytime
Child Information	Only while needed; deleted on request
Payment Records	7 years (legal/tax compliance)
Analytics Data	Anonymized after 26 months

To request deletion, use the "Delete Account" option in your profile settings or email privacy@nanhekissey.com.

dataSecurityIntro

Encryption

TLS/SSL for data in transit, AES-256 at rest

Access Controls

Role-based access, authentication required

Monitoring

Regular security audits and assessments

Secure Infrastructure

Cloud hosting with enterprise security

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

You have the following rights regarding your personal data:

Access:: Request a copy of your personal data
Correction:: Update inaccurate or incomplete data
Deletion:: Request deletion of your data
Portability:: Download your data in a portable format
Withdraw Consent:: Opt out of data processing
Object:: Object to certain processing activities
Restrict:: Limit how we use your data

How to exercise your rights: Go to My Profile → Data & Privacy, or email privacy@nanhekissey.com. We respond within 30 days.

We use cookies and similar technologies:

Essential Cookies

Required for site functionality

Always On

Analytics Cookies

Help us understand usage

Optional

Marketing Cookies

For relevant advertisements

Optional

Functionality Cookies

Remember your preferences

Optional

Manage your preferences via the Cookie Settings in our footer. We honor Do Not Track (DNT) signals. See our cookiePolicyLink for details.

We comply with privacy regulations across 28+ countries and regions. Below are your rights based on your location.

🌎 Americas

USA - COPPA & CCPA/CPRA

• Right to Know, Delete, Opt-Out of data sale (we don't sell)
• COPPA: Parental consent required for children under 13
• Response time: 45 days

Brazil - LGPD

• Access, correction, anonymization, portability, deletion rights
• Right to information about data sharing with third parties

Canada - PIPEDA

• Access, correction, consent withdrawal rights
• Data processed with knowledge and consent

Argentina - PDPL

• Access, rectification, suppression, objection rights
• Right to lodge complaints with AAIP (data authority)

🇪🇺 Europe

EU/EEA - GDPR & UK GDPR

• Access, rectification, erasure, restrict processing, portability
• Object to processing, withdraw consent anytime
• DPO Contact: privacy@nanhekissey.com

Turkey - KVKK

• Similar to GDPR with local data protection requirements
• Right to lodge complaints with KVKK authority

Russia - FZ-152

• Consent-based processing, data localization compliance
• Right to access, correction, and blocking of data

Switzerland - nFADP

• Access, rectification, erasure, portability rights
• Right to lodge complaints with FDPIC

🌏 Asia-Pacific

China - PIPL

Access, correction, deletion, portability, consent withdrawal rights

India - DPDP 2023

Access, correction, erasure, grievance redressal, nomination rights

Japan - APPI

Disclosure, correction, cessation of use rights

Singapore - PDPA

Access, correction, consent withdrawal rights

South Korea - PIPA

Access, correction, deletion, suspension rights

Australia - Privacy Act

Access, correction, complaint rights under APPs

New Zealand - Privacy Act

Access, correction, complaint rights under IPPs

Thailand - PDPA

Access, portability, erasure, objection rights

Malaysia - PDPA

Access, correction, consent withdrawal rights

Indonesia - PDP Law

Access, correction, deletion, portability rights

Philippines - DPA

Access, correction, erasure, objection rights

Taiwan - PDPA

Access, correction, cessation, deletion rights

Vietnam - Cybersecurity

Data localization, consent requirements

Hong Kong - PDPO

Access, correction rights under DPPs

Pakistan - PDPA

Access, correction, deletion rights

🌍 Middle East

UAE - Federal Data Protection

Access, correction, deletion, objection rights. Consent-based processing.

Israel - Privacy Protection Law

Access, correction, objection rights. Registered database compliance.

GCC Region - Arabic GDPR

Regional privacy standards with Arabic language support.

🌍 Africa

South Africa - POPIA

Access, correction, deletion, objection rights. Right to lodge complaints with Information Regulator.

Exercise Your Rights: Contact us at privacy@nanhekissey.com with your request. We respond within the timeframe required by your jurisdiction (typically 30-45 days).

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs) for EU data
Adequacy decisions where applicable
Binding Corporate Rules where applicable
Your explicit consent for specific transfers

We ensure that your data receives the same level of protection as required in your jurisdiction.

We may update this Privacy Policy from time to time. When we make changes:

We will post the updated policy on this page
We will update the "Last Updated" date
For material changes, we will notify you via email or in-app notification
Continued use after changes constitutes acceptance

We encourage you to review this policy periodically. Previous versions are available upon request.

If you have questions about this Privacy Policy or our data practices, please contact us:

General Inquiries

support@nanhekissey.com

+91-120-4101115

+91-120-4295665

Privacy & Data Requests

privacy@nanhekissey.com

Plot#10, SK-3, Indirapuram, Ghaziabad, UP-201014, India

Response Times: We aim to respond to all privacy inquiries within 30 days (45 days for CCPA requests).

Last Updated: 31st December 2025 | Version 1.0

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future.

By using our Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Important: Our Service is designed for parents and guardians to use on behalf of their children. We require parental consent before collecting any child information.

The data controller responsible for your personal information is:

Nanhe Kissey

Plot#10, SK-3, Indirapuram, Ghaziabad, UP-201014, India

privacy@nanhekissey.com

+91-120-4101115

+91-120-4295665

For GDPR purposes, we act as the "Data Controller" for personal data we collect. For India DPDP Act purposes, we are the "Data Fiduciary."

Parent/Guardian Information

When you create an account, we collect:

Account Information:: Name, email address, password (encrypted)
Contact Information:: Phone number, address (optional)
Payment Information:: Processed securely by our payment provider (we do not store full card details)

Child Information

For story personalization, we collect (provided by parents only):

First Name:: Used in story personalization
Age/Age Range:: For age-appropriate content
Gender:: Optional, for pronoun usage
Interests:: Optional, for story themes
Photos:: Optional, only if parent uploads for character creation

autoCollectedInfo

deviceInfoDesc
usageDataDesc
cookiesDesc

Device Verification (Mobile App)

For security purposes, our mobile app collects:

Apple App Attest (iOS):: Device integrity verification tokens
Google Play Integrity (Android):: Device verification data

This data is used solely to verify legitimate app installations and prevent fraud. No personal information is collected through these systems.

Offline & Local Storage

webMobileAppsStore

stories: storiesDesc
preferences: preferencesDesc
cache: cacheDesc
progressData: progressDataDesc

Local data remains on your device and can be cleared through your browser or app settings.

Gamification & Engagement Data

toEnhanceExperience

Reading Streaks:: Daily reading activity for streak rewards
Achievement Progress:: Milestones and badges earned
Points & Levels:: Engagement scores for rewards
readingStatistics: readingStatisticsDesc

weUseInfoFor

Service Delivery

Create personalized storybooks
Process orders and payments
Manage your account
Provide customer support

Communication

Send order confirmations
Service announcements
Respond to inquiries
Marketing (with consent)

Improvement

Analyze usage patterns
Improve our services
Develop new features
Conduct research

Legal & Security

Comply with laws
Prevent fraud
Protect our rights
Ensure security

We Never:: Sell your personal data, use children's data for advertising, or share data with third parties for their marketing purposes.

Children's Privacy (COPPA Compliance)

Our Commitments

noCollectFromChildren
childInfoByParents
childDataForStories
noChildMarketing
noShareWithAdvertisers

Parental Rights

parentsHaveRight

review: reviewDesc
delete: deleteDesc
refuse: refuseDesc
withdrawConsent: withdrawConsentDesc

toExerciseRights

aiTechnologyProcessors

childDataProcessed

OpenAI (GPT-4.1 Mini)

Story narrative generation using child's name, age, gender, and selected themes. We use store:false to prevent training on child data.

Google Gemini

AI for story generation (free tier). Receives child's name, age, gender, and story preferences.

Anthropic Claude

Premium tier creative writing. Receives child's name, age, gender for story personalization.

DeepInfra (Llama)

Cost-effective AI models for story generation fallback. Receives same personalization data as other providers.

fal.ai (FLUX Kontext, PuLID)

Primary image generation with face consistency. May receive character descriptions and reference photos for illustration.

Replicate

Fallback image generation. Receives same data as fal.ai for illustration continuity.

Supabase

Secure cloud database and storage for stories, images, and account data with encryption at rest.

AI Content Moderation

Automated content safety checks to ensure all generated stories are age-appropriate and safe.

We may share your information in limited circumstances:

Service Providers:: Third-party vendors who help us operate (payment processors, cloud hosting, email services)
Legal Requirements:: When required by law or valid legal process
Business Transfers:: In connection with a merger, acquisition, or sale
With Your Consent:: When you explicitly agree to sharing
Safety:: To protect rights, safety, and property

weDoNotSell weDoNotSellDesc

Our Service Providers

We work with the following trusted third-party service providers:

Provider	Purpose	Data Shared
OpenAI (GPT-4.1 Mini)	AI story generation (standard/premium)	Name, age, gender, preferences
Google Gemini	AI story generation (free tier)	Name, age, gender, preferences
Anthropic Claude	AI story generation (premium)	Name, age, gender, preferences
DeepInfra (Llama)	AI story generation (fallback)	Name, age, gender, physical description
fal.ai (FLUX Kontext, PuLID)	Primary image generation	Character descriptions, photo references
Replicate	Fallback image generation	Character descriptions, photo references
Supabase	Database, auth, storage	All account data (encrypted)
Razorpay	Payment processing (India)	Payment details only
PayPal	Payment processing (Global)	Payment details only
Resend	Transactional emails	Email address, name
Google Analytics	Website analytics	Anonymized usage data
Apple (App Attest)	iOS device verification	Device tokens only
Google (Play Integrity)	Android device verification	Device tokens only
Vercel	Website hosting	Request logs (anonymized)
Fly.io	API server hosting	Request processing

All service providers are bound by data processing agreements and are required to protect your data in accordance with applicable privacy laws.

dataRetentionIntro

Data Type	Retention Period
Account Data	While active; deleted within 30 days of request
Story Data	While account active; deletable anytime
Child Information	Only while needed; deleted on request
Payment Records	7 years (legal/tax compliance)
Analytics Data	Anonymized after 26 months

To request deletion, use the "Delete Account" option in your profile settings or email privacy@nanhekissey.com.

dataSecurityIntro

Encryption

TLS/SSL for data in transit, AES-256 at rest

Access Controls

Role-based access, authentication required

Monitoring

Regular security audits and assessments

Secure Infrastructure

Cloud hosting with enterprise security

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

You have the following rights regarding your personal data:

Access:: Request a copy of your personal data
Correction:: Update inaccurate or incomplete data
Deletion:: Request deletion of your data
Portability:: Download your data in a portable format
Withdraw Consent:: Opt out of data processing
Object:: Object to certain processing activities
Restrict:: Limit how we use your data

How to exercise your rights: Go to My Profile → Data & Privacy, or email privacy@nanhekissey.com. We respond within 30 days.

We use cookies and similar technologies:

Essential Cookies

Required for site functionality

Always On

Analytics Cookies

Help us understand usage

Optional

Marketing Cookies

For relevant advertisements

Optional

Functionality Cookies

Remember your preferences

Optional

Manage your preferences via the Cookie Settings in our footer. We honor Do Not Track (DNT) signals. See our cookiePolicyLink for details.

We comply with privacy regulations across 28+ countries and regions. Below are your rights based on your location.

🌎 Americas

USA - COPPA & CCPA/CPRA

• Right to Know, Delete, Opt-Out of data sale (we don't sell)
• COPPA: Parental consent required for children under 13
• Response time: 45 days

Brazil - LGPD

• Access, correction, anonymization, portability, deletion rights
• Right to information about data sharing with third parties

Canada - PIPEDA

• Access, correction, consent withdrawal rights
• Data processed with knowledge and consent

Argentina - PDPL

• Access, rectification, suppression, objection rights
• Right to lodge complaints with AAIP (data authority)

🇪🇺 Europe

EU/EEA - GDPR & UK GDPR

• Access, rectification, erasure, restrict processing, portability
• Object to processing, withdraw consent anytime
• DPO Contact: privacy@nanhekissey.com

Turkey - KVKK

• Similar to GDPR with local data protection requirements
• Right to lodge complaints with KVKK authority

Russia - FZ-152

• Consent-based processing, data localization compliance
• Right to access, correction, and blocking of data

Switzerland - nFADP

• Access, rectification, erasure, portability rights
• Right to lodge complaints with FDPIC

🌏 Asia-Pacific

China - PIPL

Access, correction, deletion, portability, consent withdrawal rights

India - DPDP 2023

Access, correction, erasure, grievance redressal, nomination rights

Japan - APPI

Disclosure, correction, cessation of use rights

Singapore - PDPA

Access, correction, consent withdrawal rights

South Korea - PIPA

Access, correction, deletion, suspension rights

Australia - Privacy Act

Access, correction, complaint rights under APPs

New Zealand - Privacy Act

Access, correction, complaint rights under IPPs

Thailand - PDPA

Access, portability, erasure, objection rights

Malaysia - PDPA

Access, correction, consent withdrawal rights

Indonesia - PDP Law

Access, correction, deletion, portability rights

Philippines - DPA

Access, correction, erasure, objection rights

Taiwan - PDPA

Access, correction, cessation, deletion rights

Vietnam - Cybersecurity

Data localization, consent requirements

Hong Kong - PDPO

Access, correction rights under DPPs

Pakistan - PDPA

Access, correction, deletion rights

🌍 Middle East

UAE - Federal Data Protection

Access, correction, deletion, objection rights. Consent-based processing.

Israel - Privacy Protection Law

Access, correction, objection rights. Registered database compliance.

GCC Region - Arabic GDPR

Regional privacy standards with Arabic language support.

🌍 Africa

South Africa - POPIA

Access, correction, deletion, objection rights. Right to lodge complaints with Information Regulator.

Exercise Your Rights: Contact us at privacy@nanhekissey.com with your request. We respond within the timeframe required by your jurisdiction (typically 30-45 days).

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs) for EU data
Adequacy decisions where applicable
Binding Corporate Rules where applicable
Your explicit consent for specific transfers

We ensure that your data receives the same level of protection as required in your jurisdiction.

We may update this Privacy Policy from time to time. When we make changes:

We will post the updated policy on this page
We will update the "Last Updated" date
For material changes, we will notify you via email or in-app notification
Continued use after changes constitutes acceptance

We encourage you to review this policy periodically. Previous versions are available upon request.

If you have questions about this Privacy Policy or our data practices, please contact us:

General Inquiries

support@nanhekissey.com

+91-120-4101115

+91-120-4295665

Privacy & Data Requests

privacy@nanhekissey.com

Plot#10, SK-3, Indirapuram, Ghaziabad, UP-201014, India

Response Times: We aim to respond to all privacy inquiries within 30 days (45 days for CCPA requests).

Last Updated: 31st December 2025 | Version 1.0

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future.

Your Privacy Matters

Key Highlights

Global Privacy Compliance

Overview

Data Controller

Information We Collect

Parent/Guardian Information

Child Information

autoCollectedInfo

Device Verification (Mobile App)

Offline & Local Storage

Gamification & Engagement Data

How We Use Information

Service Delivery

Communication

Improvement

Legal & Security

Children's Privacy (COPPA)

Our Commitments

Parental Rights

aiTechnologyProcessors

Data Sharing

Our Service Providers

Data Retention

Data Security

Your Rights

Cookies

Regional Privacy Rights

🌎 Americas

🇪🇺 Europe

🌏 Asia-Pacific

🌍 Middle East

🌍 Africa

International Transfers

Policy Changes

Contact Us

General Inquiries

Privacy & Data Requests

Your Privacy Matters

Key Highlights

Global Privacy Compliance

Overview

Data Controller

Information We Collect

Parent/Guardian Information

Child Information

autoCollectedInfo

Device Verification (Mobile App)

Offline & Local Storage

Gamification & Engagement Data

How We Use Information

Service Delivery

Communication

Improvement

Legal & Security

Children's Privacy (COPPA)

Our Commitments

Parental Rights

aiTechnologyProcessors

Data Sharing

Our Service Providers

Data Retention

Data Security

Your Rights

Cookies

Regional Privacy Rights

🌎 Americas

🇪🇺 Europe

🌏 Asia-Pacific

🌍 Middle East

🌍 Africa

International Transfers

Policy Changes

Contact Us

General Inquiries

Privacy & Data Requests