Once Upon a WorkdaySign Up Free

Privacy Policy

March 31, 2026

1. Introduction

Once Upon a Workday ("we," "us," or "our") is committed to protecting the privacy of our users and their families. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at onceuponaworkday.com and our story creation services (collectively, the "Service").

We are especially mindful that our Service involves information about children. We comply with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

Account Information

  • Email address and display name
  • Authentication credentials (managed by our auth provider, Supabase)
  • Language preference

Family Member Information

  • Names, ages, and roles (parent, child, sibling, etc.) of family members you add
  • Photos you upload for character illustration
  • AI-generated appearance descriptions derived from uploaded photos

Story Content

  • Profession and work scenario selections
  • Generated story text and AI-created illustrations
  • Voice recordings you create for story narration
  • Ratings and reviews you leave on stories

Usage Information

  • Story creation history and reading activity
  • Feature usage patterns
  • Device and browser information for security and compatibility

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other financial information on our servers. We only receive confirmation of payment status and your Stripe customer ID.

3. How We Use Your Information

Essential Service Operations

  • Creating and delivering personalized stories
  • Generating AI illustrations based on your selections
  • Managing your account, subscription, and billing
  • Processing voice recordings for story narration
  • Providing customer support

Product Improvement

  • Analyzing anonymized, aggregated usage patterns to improve the Service
  • Monitoring AI output quality (we review outputs, not your personal data)
  • Generating anonymized community statistics (shown on our public Insights page)
  • Fixing bugs and improving performance

Communications (with your consent)

  • Sending product updates, tips, and story suggestions
  • Referral program notifications
  • You can opt out of marketing communications at any time from your profile settings

4. What We Never Do

  • We never sell your personal data to third parties
  • We never sell or share children's information for any commercial purpose
  • We never use family photos for AI model training
  • We never serve targeted advertisements based on your data
  • We never share individual story content with third parties (unless you choose to publish to our community library)
  • We never share voice recordings with third parties

5. Third-Party Service Providers

We use the following third-party services to operate our platform. Each processes only the minimum data necessary for their function:

ProviderPurposeData Shared
SupabaseAuthentication & databaseEmail, account data
Cloudflare R2Image & audio storageUploaded photos, generated images, recordings
Anthropic / OpenAIStory text generationProfession, scenario, character names & ages (no photos)
fal.aiIllustration generationText prompts, appearance descriptions, reference photos (if opted in)
StripePayment processingEmail, payment details (handled by Stripe directly)
VercelWebsite hostingStandard web request data (IP, user agent)

6. Children's Privacy (COPPA Compliance)

Our Service is designed for parents to create stories for their children. We do not knowingly collect information directly from children under 13. All family member information (including children's names, ages, and photos) is provided by the parent or legal guardian.

  • Parents provide and control all information about their children
  • Children's data is used solely for story personalization
  • We never share, sell, or commercially exploit children's data
  • Parents can review, update, or delete their children's information at any time
  • Photos of children are processed for illustration purposes only and are never used for AI training

7. Your Rights

Depending on your location, you may have the following rights:

To exercise any of these rights, visit your profile settings or contact us at privacy@onceuponaworkday.com.

All Users

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct your information via your profile
  • Deletion: Request deletion of your account and all associated data
  • Data Export: Download your data in a portable format
  • Opt-out: Withdraw consent for marketing communications at any time

EU/EEA Residents (GDPR)

  • Right to restrict processing of your data
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local data protection authority

California Residents (CCPA/CPRA)

  • Right to know what personal information we collect and how it is used
  • Right to delete your personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

8. Cookies

We use only essential cookies required for the Service to function:

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

  • Authentication cookies: To keep you signed in
  • Language preference: To remember your selected language
  • Referral tracking: To credit referral bonuses when you sign up through a share link

9. Data Retention

  • Active accounts: Your data is retained for as long as your account is active
  • Deleted accounts: All personal data is permanently deleted within 30 days of account deletion
  • Soft-deleted family members: Photos and data are purged from our systems within 30 days
  • Voice recordings: Retained while your account is active; deleted with your account
  • Payment records: Retained as required by law (typically 7 years for tax purposes)

10. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (HTTPS/TLS)
  • Database access is restricted with Row Level Security (RLS)
  • Uploaded photos are moderated by AI for safety
  • Voice recordings are reviewed by AI for appropriate content
  • Administrative access is restricted and logged

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place as required by applicable law, including Standard Contractual Clauses for EU data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@onceuponaworkday.com