Privacy Policy
Last updated: July 2026
WanderKid ("we", "our", "the app") is a children's storytelling application designed for families. We are deeply committed to protecting the privacy and safety of our users, with particular care for the children who enjoy our stories. This policy explains what data we collect, how we use it, how we protect it, and what rights you have.
1. Who We Are
WanderKid is operated by Nambiar Enterprises, based in the United Kingdom. For any privacy-related questions, concerns, or data requests, contact us at hello@wanderkid.app. We aim to respond to all enquiries within 48 hours.
2. Designed for Families: The Parental Gate
WanderKid is designed for children aged 3 to 10, intended to be set up and supervised by a parent or legal guardian. Only a parent or legal guardian may create an account. The account creation process requires an email address and a one-time verification code, serving as a parental gate. Children do not create accounts, do not provide personal information directly to the app, and cannot use the app without a parent first completing the onboarding process on their behalf.
3. Data We Collect
Parent account information: We collect the parent's email address solely for authentication purposes. We use a secure one-time passcode (OTP) system, so no passwords are ever stored or transmitted.
Child profile information: During onboarding, parents provide their child's first name, age, preferred language(s), story genre preferences, personal interests, preferred story length, and narrator voice preference. This information is used solely to personalise stories for that child and is fully controlled by the parent.
Story data: We store stories generated for each child, including story text, audio narration files, and (where applicable) illustration images. This enables families to revisit and replay saved stories in the library.
Anonymous usage analytics: We may collect anonymous, aggregated usage data such as the number of stories generated, languages used, and feature popularity. This data is fully anonymised, cannot be used to identify any individual user or child, contains no personal information, and is used solely to improve the quality and performance of the app.
Website launch notifications: If you choose to leave your email address on our website to be notified when WanderKid launches, we store that email address solely to send you launch-related updates about WanderKid. We never share it, and you can ask us to remove it at any time by emailing hello@wanderkid.app.
4. Data We Do Not Collect
We want to be unequivocal about what WanderKid does not do:
- We do not collect precise or approximate location data.
- We do not access contact lists, photos, camera, or microphone data stored on the device.
- We do not collect browsing history or track activity outside the app.
- We do not use advertising identifiers or any form of cross-app tracking.
- We do not collect biometric data of any kind.
- We do not display advertisements of any kind within the app.
- We do not sell, rent, trade, or share personal data with any third party for marketing, advertising, or profiling purposes.
- We do not build user profiles for behavioural targeting.
5. How We Use Data
All data collected is used exclusively to provide and improve the WanderKid service for your family. Specifically:
Story personalisation: The child's first name, age, and interests are used to generate personalised stories appropriate for their age and preferences. Where the parent enables it, the child's name may appear as a character in the story.
Audio narration: Story text is processed by a secure text-to-speech service to generate audio narration in the selected language and voice. Narration requests contain only the story text itself. Where the parent has chosen to include the child's name in stories, the story text may naturally contain the child's first name; no other personal information about the child or parent is ever included in narration requests.
Illustrations: Where enabled, scene descriptions derived from the story are processed by a secure image generation service to create illustrations. Because scene descriptions are derived from the story content, they may include the child's first name where the parent has enabled name inclusion; no other personal information about the child or parent is ever included in illustration requests.
Authentication: The parent's email address is used solely for secure account login via one-time passcodes.
6. Third-Party Service Providers
WanderKid uses carefully selected third-party service providers to deliver its core functionality. These providers act strictly as data processors on our behalf and are contractually required to process data solely for the purpose of fulfilling our service requests and to maintain appropriate security measures:
Cloud database and authentication provider: Stores account data and story content on secure, encrypted servers hosted in the European Union (Ireland). Provides secure email-based authentication.
AI story generation service: Receives story prompts containing the child's first name, age, and interests to generate personalised stories. This service processes data in real time and does not retain personal data beyond the immediate generation request.
Text-to-speech service: Receives story text only, which may contain the child's first name where the parent has enabled name inclusion in stories. Data is processed in real time and not retained beyond the immediate request.
Image generation service: Receives scene descriptions derived from the story only, which may contain the child's first name where the parent has enabled name inclusion in stories. Data is processed in real time and not retained beyond the immediate request.
Subscription management provider: Where a family purchases a subscription, purchases are processed by Apple through the App Store, and a subscription management service maintains the subscription status linked to an anonymous identifier. This provider never receives the parent's email address or any child profile information.
No third-party provider receives the parent's email address. We regularly review our providers' data protection practices and may change providers at any time to ensure the highest standards of privacy and security are maintained.
7. Content Safety
WanderKid employs multiple layers of content safety to ensure all stories are appropriate for young children:
- All AI-generated stories are guided by comprehensive safety prompts that enforce age-appropriate content, positive themes, and the strict exclusion of violence, fear, or any harmful material.
- Parents can specify "off-limits topics" during onboarding, which are respected in all story generation.
- Story illustrations are generated in a warm, children's-book style with explicit safety constraints. Illustrations may depict story characters, including the story's protagonist, and are strictly limited to wholesome, age-appropriate imagery with no frightening, violent, or otherwise inappropriate content.
- The app does not include any user-generated content, social features, chat functionality, external links, or any means for children to communicate with other users.
- There are no in-app purchases accessible to children. All subscription management is handled through the parent's App Store account.
8. Data Storage and Security
We implement robust security measures to protect your family's data:
- All data in transit is encrypted using industry-standard HTTPS/TLS protocols.
- All data at rest is encrypted on our cloud database servers.
- Account data and child profiles are stored on secure servers in the European Union (Ireland), subject to GDPR protections.
- Audio narration files and story illustrations are stored in secure cloud storage with appropriate access controls.
- We use Row Level Security (RLS) policies to ensure that each family can only access their own data. No family can view, modify, or access another family's data under any circumstances.
- Authentication uses secure one-time passcodes, so no passwords are stored anywhere in our system.
9. Children's Privacy: COPPA and GDPR Compliance
We fully comply with the Children's Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation (GDPR) including its provisions for children's data, and the UK Data Protection Act 2018 including the Age Appropriate Design Code (Children's Code).
- Parental consent: Only parents or legal guardians may create accounts and provide child information. The email verification process serves as verifiable parental consent.
- Minimal data collection: We collect only the minimum data necessary to provide personalised stories. We do not collect any data that is not directly required for the service.
- No direct child interaction: Children do not independently provide any personal information to the app.
- No third-party child data sharing: We never share a child's personal data with third parties for any purpose other than the direct provision of the storytelling service as described in this policy.
- Immediate remediation: If we become aware that personal information has been collected from a child without verifiable parental consent, we will delete it immediately and notify the relevant parties.
10. Parental Rights and Controls
Parents have full, unrestricted control over their family's data at all times through the app:
- View and edit: Review and modify all child profile information (name, age, preferences) at any time via Settings.
- Delete stories: Remove individual stories from the library at any time.
- Delete child profiles: Permanently delete a child's entire profile and all associated stories, audio files, and images, directly in the app.
- Delete account: Permanently delete the parent account and all associated data directly in the app (Settings → App → Delete account), or by contacting us at hello@wanderkid.app.
- Data export: Parents may request a copy of all data associated with their account by contacting us at the email address above.
11. Data Retention
We retain account and story data only for as long as the account remains active and the data serves its stated purpose. When a parent deletes a child profile, all associated stories, audio files, and images are permanently and irreversibly deleted from our systems. When a parent deletes their account, all data associated with the account is permanently deleted within 30 days.
12. International Data Transfers
Our primary data storage is in the European Union. Some third-party service providers may process data outside the EU for the sole purpose of providing real-time story generation, narration, or illustration services. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms, to protect your data in accordance with GDPR requirements. No personal data is stored outside the EU; only transient processing occurs during story generation.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. If we make material changes that affect how we handle children's data, we will notify users through the app prior to the changes taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the app after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy, your family's data, or WanderKid's privacy practices, please contact us at:
Email: hello@wanderkid.app
Response time: We aim to respond to all privacy-related enquiries within 48 hours.