Privacy Policy

1.Information We Collect

2.How We Use Information

We use the information collected for the following purposes:

To provide the Service: Creating and maintaining the child's personalized fairy file, generating AI-powered fairy inspection notes, producing tracking slip PDFs, tracking tooth collection history, and displaying the interactive tooth map.

To process payments: Parent payment information is processed by Stripe, our third-party payment processor. We do not have access to or store full payment card details.

To send notifications: Sending Parents reminder notifications (“Fairy Alerts”), security notifications, and account communications at the Parent's request.

To generate aggregate statistics: We may display anonymized, aggregate data such as average tooth fairy payment amounts across all users. This data cannot be used to identify any individual child or family.

To improve the Service: Understanding usage patterns to improve features and user experience. Any such analysis uses anonymized data only.

3.AI-Generated Content

Our Service uses artificial intelligence (specifically, Anthropic's Claude API) to generate personalized fairy inspection notes, flight log reports, and other in-character content for each child's fairy file. The AI receives only the child's first name, age, tooth history, condition ratings, and any optional notes provided by the Parent. No data submitted to the AI is used to train AI models. We review AI-generated content through automated safety filters before it is displayed to ensure it is age-appropriate, in-character, and free of inappropriate content.

4.COPPA Compliance

We are committed to complying with the Children's Online Privacy Protection Act (COPPA). Our compliance measures include:

Verifiable Parental Consent: All child information is provided by a Parent through an authenticated Parent account. During registration, Parents provide explicit consent by confirming: “I am the parent or legal guardian of this child and I consent to their first name and age being used to create this personalized experience.”

No Direct Collection from Children: Children interact with the Service only by viewing their personalized fairy file page. Access requires a case code (a random word-based identifier) and a 6-icon visual sequence, neither of which constitutes personal information. Children never enter personal information on any page of our Service.

No Third-Party Sharing of Child Data: We do not share, sell, rent, or disclose any child information to third parties for any purpose other than providing the Service. The sole exception is transmitting the child's first name and anonymized context to Anthropic's API for content generation, which is governed by Anthropic's data processing agreement and does not involve data retention or model training.

Parental Access and Control: Parents can review, modify, or delete all information associated with their child at any time through their account dashboard. Parents may request complete deletion of all child data by contacting us or using the delete function in their dashboard.

Data Minimization: We collect only the minimum information necessary to provide the Service: the child's first name, age, and general geographic region.

No Behavioral Advertising: We do not serve advertisements of any kind on child-facing pages. We do not engage in behavioral advertising or interest-based targeting of children.

5.Data Security

We implement industry-standard security measures to protect the information we collect, including: encrypted data transmission (HTTPS/TLS) for all pages; hashed storage of sensitive credentials; access controls limiting who can view child data; regular security reviews; rate-limited access attempts with lockout protection on child-facing pages. No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect personal information, we cannot guarantee absolute security.

6.Data Retention and Deletion

We retain Parent account information and associated child data for as long as the Parent maintains an active account. Parents may delete individual child profiles or their entire account at any time through the dashboard. Upon deletion: all child data (name, age, region, tooth history, fairy notes, badges, and tracking codes) is permanently deleted from our database within 30 days; AI-generated content associated with the child is permanently deleted; access tokens and icon sequences are immediately invalidated; aggregate anonymized statistics derived from the deleted data may be retained as they cannot be linked to any individual.

If a Parent account is inactive for 36 consecutive months, we will send a notification to the Parent's email address. If no response is received within 60 days, the account and all associated data will be deleted.

7.Third-Party Services

We use the following third-party services in the operation of our Service:

Stripe: Payment processing. Stripe's privacy policy governs their handling of payment information. We do not store credit card details.

Anthropic (Claude API): AI content generation. We transmit the child's first name, tooth data, and Parent-provided notes to generate personalized fairy content. Anthropic does not use this data for model training and processes it under their data processing agreement.

Vercel: Website hosting and infrastructure. Standard server logs may be maintained by Vercel in accordance with their privacy policy.

We do not use any social media integrations, advertising networks, or behavioral analytics services on child-facing pages.

8.Cookies and Tracking

Child-facing pages: We use no cookies, local storage, tracking pixels, or any other tracking technology on pages accessible to children. The only data processed on these pages is the case code and icon sequence submitted for access verification.

Parent-facing pages: We may use essential cookies to maintain Parent login sessions and preferences. We do not use third-party advertising or analytics cookies.

9.Your Rights

All Parents have the right to:

• Review all personal information we have collected about their child;
• Request correction of inaccurate information;
• Request deletion of all information about their child;
• Refuse further collection or use of their child's information;
• Receive a copy of their child's data in a portable format.

To exercise any of these rights, Parents may use the controls in their account dashboard or contact us at [email protected].

10.International Users

Our Service is primarily operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA) or United Kingdom, we process personal data based on: your consent (provided during account creation); the necessity of processing to provide the Service you requested; and our legitimate interest in improving and securing the Service. You have the right to withdraw consent at any time by deleting your account.

11.California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. You have the right to know what personal information we collect, request deletion, and not be discriminated against for exercising your rights. Contact us at [email protected] to exercise these rights.

12.Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify Parents of material changes by email and/or by posting a notice on the Service at least 30 days before the changes take effect. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13.Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

For COPPA-related inquiries specifically, please include “COPPA Inquiry” in the subject line.