CoMuse← Back to Home

Privacy Policy

Last updated: February 2026

1. Information We Collect

  • Account data (Parent): name, email, password hashes, subscription status.
  • Child Profile data: child's first name, birth year, country (no photos, location, or contact info).
  • Usage data: story interaction choices, session behavior logs, Genius Map data, device type, browser, approximate region (IP-derived).
  • Payment data: billing name, address, partial payment details (processed by Stripe; we do not store full card numbers).
  • Support data: messages, attachments, diagnostic logs you share with support.

2. How We Use Information

  • • Provide core functionality (authentication, AI story generation, Genius Map analysis, session tracking).
  • • Generate personalized stories and behavioral insights based on your child's interactions.
  • • Enforce subscription limits and detect abuse or security threats.
  • • Improve story quality and AI models using anonymized/aggregated data only.
  • • Communicate with you about account status, product updates, and marketing (opt-out available).
  • • Comply with legal obligations and enforce our Terms.

3. Sharing & Transfers

  • Service Providers: Google (Gemini AI), Supabase (backend database), Stripe (payments), and trusted infrastructure vendors. Each provider only receives the data needed to perform contracted services.
  • Legal Requirements: We may disclose data to law enforcement or regulators when legally required or to protect the rights, property, or safety of CoMuse, our users, or the public.
  • Business Transfers: If CoMuse is involved in a merger, acquisition, or asset sale, your data may be transferred subject to this Policy.

4. Data Retention

We retain data only as long as necessary:

  • • Account and usage data while your account is active
  • • Payment records for 7 years (UK tax law requirement)
  • • Deleted accounts are permanently erased immediately

5. Security

  • • We rely on Supabase-managed storage, role-based access controls, encryption in transit (HTTPS/TLS), and periodic access reviews.
  • • No online system is 100% secure. Please report any suspected security incidents promptly.

6. Your Rights & Choices

  • • Access, correct, or delete your data via Account Settings. Contact us for data export requests.
  • • Opt out of marketing emails using the unsubscribe link or by contacting us.
  • • If you are in the EEA, UK, or similar jurisdictions, you may request restriction or objection to processing, and you have the right to lodge a complaint with your local supervisory authority.

7. Children's Data

Age Requirements

  • • CoMuse is designed for children aged 6-12 years old under parental supervision.
  • • Only parents/guardians may create accounts and child profiles.
  • • By creating a child profile, you confirm you have parental authority.

Data Minimization

  • • We collect only: child's first name, birth year, and story interaction choices.
  • • We do NOT collect: photos, videos, precise location, contact information, or sensitive personal data.

Children's Privacy Protection

  • • Children's data is not sold to third parties or used for advertising.
  • • AI analysis is provided for educational insights shown to parents.
  • • Children's data is not used to train general-purpose AI models.

Parental Controls

  • • Parents can access, review, export, or delete their child's data anytime via Settings.
  • • Account deletion removes all child data within 30 days (except payment records retained per UK tax law).

Unauthorized Use

  • • If we discover a child has created an account without parental consent, the account will be immediately suspended and data deleted.
  • • If you believe a minor has provided unauthorized information, please contact us immediately.

8. Cookies & Tracking

We use essential cookies for authentication (Clerk), database sessions (Supabase), and payment processing (Stripe). These cannot be disabled as they are required for the platform to function.

Third-party services: Clerk, Supabase, Stripe, Google Gemini.

9. International Use

Data may be processed in the United Kingdom, the European Economic Area, or other countries where we or our service providers operate. When personal data leaves the UK/EEA we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent transfer mechanisms. By using CoMuse, you consent to these transfers subject to those protections.

10. Updates & Contact

We may update this Privacy Policy from time to time. Material updates will be communicated via the app or email.

Questions or requests: support@comuse.co.uk for privacy matters, security incidents, or general account support.

By continuing to use CoMuse, you acknowledge that you have read and agree to this Privacy Policy.