COPPA Compliance

Last updated: April 10, 2026

What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that imposes requirements on operators of websites and online services directed to children under 13, or that knowingly collect personal information from children under 13. Because FableJar is designed to create personalized stories for children aged 3–10, COPPA compliance is a non-negotiable foundation of how we build and operate this service.

Our Compliance Model

FableJar is a parent-first platform. Children never have independent accounts:

  • All accounts are created and held by a parent or legal guardian who must be at least 18 years old.
  • Children exist as profiles under the parent's account — they have no login credentials and cannot access the service independently.
  • The parent is the data controller for all child profile information at all times.

Verifiable Parental Consent

We obtain verifiable parental consent before collecting any information from or about a child:

  • Parents must explicitly agree to our Privacy Policy and these COPPA disclosures when creating a child profile.
  • No child profile data is collected, stored, or processed until that consent is recorded.
  • Consent can be withdrawn at any time by deleting the child profile from the dashboard.

What Data We Collect About Children

We collect the minimum information necessary to generate personalized stories. For each child profile, we store:

  • First name — used to address the child as the hero of their stories
  • Age range — used to select age-appropriate vocabulary, story length, and themes
  • Interests and story preferences — used to personalise story content

We do not require or store a child's email address, phone number, physical address, precise geolocation, or biometric data in child profiles.

How We Use Child Data

  • Child profile data is used solely to generate and personalise stories for that child.
  • We never sell, rent, or share child data with third parties for marketing, advertising, or any non-essential purpose.
  • We never serve advertisements to children or build advertising profiles from child data.

Third-Party AI Services

FableJar uses AI services to generate story content and illustrations. We apply strict data-minimisation practices before any data leaves our servers:

  • Google Gemini: Used for story generation. A child's real name is replaced with a placeholder token (e.g., [CHILD]) in every prompt sent to Gemini. The actual name is substituted back into the story on our servers after generation.
  • Supabase: Authentication and encrypted data storage. Child data is stored in an isolated, access-controlled schema with row-level security.
  • Cloudflare: CDN and DDoS protection. We do not send child profile fields in CDN request payloads; only standard network traffic required to deliver the service is processed.

Data Retention

  • Child profile data is retained for as long as the parent account is active.
  • Upon a parent's deletion request, all child profile data is permanently deleted within 30 days.
  • Stories created before signup (guest stories) are automatically deleted after 7 days if unclaimed.
  • Anonymised AI generation traces are retained for up to 90 days for safety monitoring, then purged.

Parental Rights

As the parent or legal guardian, you have the right to:

  • Review all personal information collected about your child at any time from your dashboard.
  • Modify your child's profile information, including name, age range, and interests.
  • Delete your child's profile and all associated data at any time. Deletion is permanent and irreversible.
  • Withdraw consent for further data collection by deleting the child profile or closing your account entirely.

All of these actions are available directly from the Family section of your dashboard. No need to contact support.

Contact

If you have questions about our COPPA compliance, wish to exercise any parental rights, or would like to report a concern, please contact us at privacy@fablejar.com