Plodyo Privacy Policy
This Privacy Policy explains how Plodyo collects, uses, stores, and protects personal information in connection with your use of the Plodyo platform at www.plodyo.com. We are committed to protecting the privacy of all users, with particular care given to the privacy and safety of children. Please read this policy carefully before using the platform.
Last Updated: June 10, 2026
Information We Collect
We collect only the information necessary to provide a safe, personalised, and functional platform experience. The following categories of data are collected.
Account Registration Data
When you create an account, we collect your name, email address, account type (parent, educator, or organisation), and the password you set. For educator accounts, we additionally collect professional credentials including institution name and accreditation details. For organisation accounts, we collect the organisation name and administrator contact information.
Child Profile Data
Parents and educators may create child profiles that include a first name, age group, gender preference, preferred language, and story topic interests. This information is used solely to personalise story generation and library recommendations. We do not collect personally identifiable information directly from children. All child profile data is created and managed by the parent or educator account holder.
Usage and Interaction Data
We collect anonymised data about how users interact with the platform, including stories viewed, stories generated, features accessed, and session duration. This data is used in aggregate to improve platform performance, identify technical issues, and develop new features. It is not used to build individual behavioural profiles.
Payment Information
Subscription payments are processed by Stripe. We do not store full payment card details on our servers. Plodyo receives and retains only your billing email address, subscription plan, and subscription status from Stripe. All payment card data is stored securely by Stripe under PCI DSS compliance.
Cookies and Session Data
We use strictly necessary session cookies to maintain your authenticated session and preserve your preferences while using the platform. These cookies are set automatically upon login and are required for the platform to function correctly. We do not use cookies for advertising, tracking, or third-party analytics purposes. By creating an account and logging in, you consent to the use of these essential session cookies.
How We Use Your Information
We use collected information exclusively to provide and improve the Plodyo service. We do not use personal data for advertising, marketing profiling, or sale to third parties.
Personalised Story Generation
Child profile data including age group, story topic, language, and character name is used to generate personalised stories and recommendations through our AI generation pipeline. This data is transmitted to third-party AI providers solely for the purpose of fulfilling the generation request.
Library Recommendations
Usage data and child profile preferences are used to surface relevant stories and series from the Plodyo library. No external advertising or third-party profiling is involved in this process.
Platform Operation and Improvement
Anonymised usage data is analysed to diagnose technical issues, optimise performance, and inform the development of new platform features. This analysis does not involve identification of individual users.
Account Communications
We use the email address registered on your account to send essential communications including account verification, password resets, subscription renewal notices, and material policy updates. We may occasionally send service-related announcements. You may opt out of non-essential communications at any time. Essential transactional emails cannot be disabled without closing your account.
AI Model Training
Plodyo does not use your personal data, child profile data, story inputs, or generated content to train, fine-tune, or evaluate any artificial intelligence models. We have training opt-out agreements in place with all third-party AI providers.
How We Protect Your Data
Plodyo implements technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration.
Encryption in Transit and at Rest
All data transmitted between your device and our platform is encrypted using HTTPS and TLS protocols. Data stored in our database is encrypted at rest using industry-standard encryption provided by Supabase, our database and authentication provider.
Authentication and Access Controls
User authentication is managed through Supabase Auth with secure session token management. Access to user data within our systems is restricted to authorised personnel on a need-to-know basis. We conduct regular internal reviews of access permissions.
COPPA Compliance
Our platform is built to comply with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information directly from children under 13. All child profile data is provided by and managed through the parent or guardian account. We do not display advertising to children and do not share child data with third parties for marketing purposes.
FERPA Compliance
For educator accounts managing student data, Plodyo operates in accordance with the Family Educational Rights and Privacy Act (FERPA). Student records and educational data are used only for the educational purpose for which they were shared and are not disclosed to third parties without appropriate authorisation.
Security Incident Response
In the event of a data security incident that affects your personal information, we will notify affected users and relevant regulatory authorities within the timeframes required by applicable law. We maintain an internal incident response procedure to contain, assess, and remediate security events promptly.
Parental Controls
Parents have full control over their child's profile data, story preferences, and account access through the Account Settings page. Parents may update, restrict, or delete child profile information at any time. Data deletion requests may be submitted to support@plodyo.com.
Data Sharing and Third-Party Providers
We do not sell, rent, or share personal information with third parties for marketing or commercial purposes. Data is shared only with the service providers listed below, each of which is engaged solely to support platform operation and is bound by confidentiality and data protection obligations.
Supabase — Database and Authentication
Supabase stores user account data, child profile data, authentication credentials, story content, and generated media. It serves as our primary database and authentication provider. Data is stored on secure, encrypted servers in compliance with applicable data protection standards. Privacy policy: supabase.com/privacy
OpenAI — AI Story and Image Generation
Story inputs including age group, story topic, character name, and language are transmitted to OpenAI's API to generate story text and illustrations. OpenAI processes this data solely to fulfil the generation request. We operate under OpenAI's API data processing terms with model training opt-out in place. Privacy policy: openai.com/policies/privacy-policy
Anthropic — AI Story Generation
Anthropic's Claude models may be used as an alternative AI provider for story text generation. The same data minimisation principles apply. Story inputs are processed solely to fulfil the request and are not retained for training purposes. Privacy policy: anthropic.com/privacy
ElevenLabs — Text-to-Speech Audio Narration
Story text is transmitted to ElevenLabs to generate voice narration for audiobook features. ElevenLabs processes text data solely for audio synthesis and does not retain it beyond processing. Privacy policy: elevenlabs.io/privacy
Replicate and Kling — Dynamic Video Generation
Story images and scene data are transmitted to Replicate's Kling AI model to generate dynamic video content. This data is used solely for video rendering and is not retained by the provider beyond the processing window. Privacy policy: replicate.com/privacy
Trigger.dev — Background Task Processing
Trigger.dev orchestrates our AI generation workflows as a background task processor. Story and user task data passes through Trigger.dev infrastructure as part of the generation pipeline. Privacy policy: trigger.dev/privacy
Stripe — Payment Processing
Stripe processes all subscription payments and securely stores billing information including your payment method and billing email. Plodyo does not store or have access to full card details. Stripe is PCI DSS Level 1 certified. Privacy policy: stripe.com/privacy
Legal and Regulatory Disclosure
We may disclose personal data to law enforcement agencies, regulatory bodies, or other authorities where required to do so by applicable law, court order, or where we believe disclosure is necessary to protect the rights, safety, or property of Plodyo, our users, or third parties. We will notify affected users of such disclosure where legally permissible.
Data Retention
We retain personal data only for as long as necessary to provide the service, fulfil the purposes described in this policy, and comply with our legal obligations.
Account and Profile Data
Your account data including email address, subscription status, credits balance, and child profile information is retained for the duration of your account's active status. Upon account deletion, all profile data is permanently removed from our systems within 30 days.
Generated Stories, Videos, and Audio
Stories, videos, and audio narrations generated through the platform are stored and accessible through your account for as long as your account remains active. Deleting an individual story removes it from our storage within 30 days. Closing your account results in permanent deletion of all associated content within 30 days.
AI Processing Inputs
Story prompts and generation inputs transmitted to third-party AI providers are processed in real time. Plodyo does not retain AI inputs beyond what is stored as part of your account's story data. Refer to each provider's data retention policy for details on how they handle API request data on their end.
Payment and Billing Records
Billing records including subscription history and transaction records are retained for a minimum of 7 years in compliance with applicable financial and tax record-keeping obligations, even following account deletion.
Data Deletion Requests
Parents and account holders may request complete deletion of all personal data associated with their account by emailing support@plodyo.com with the subject line: DATA DELETION REQUEST. We will action the deletion and confirm completion within 30 days. Note that billing records may be retained beyond this period as required by law.
Your Rights and Choices
Depending on your jurisdiction, you may have specific legal rights regarding your personal data. Plodyo is committed to honouring these rights and providing accessible means to exercise them.
Right of Access
You have the right to request a copy of the personal data we hold about you and your child profiles. Requests may be submitted to support@plodyo.com. We will respond within 30 days.
Right to Rectification
You may update or correct your account information at any time through the Account Settings page. If you believe any data we hold is inaccurate or incomplete, you may contact us at support@plodyo.com to request correction.
Right to Erasure
You may request deletion of your account and all associated personal data at any time by contacting support@plodyo.com. We will complete the deletion within 30 days, subject to retention obligations described in the Data Retention section above.
Right to Restrict Processing
You may request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of data or object to processing pending resolution. Contact support@plodyo.com to submit a restriction request.
Opt-Out of Non-Essential Communications
You may opt out of non-essential email communications at any time by using the unsubscribe link in any marketing email or by contacting support@plodyo.com. Essential transactional and account-related emails cannot be disabled while your account remains active.
Parental Rights Under COPPA
Parents have the right to review personal information collected from or about their child, request deletion of that information, and refuse further collection or use of their child's data. These rights may be exercised at any time by contacting support@plodyo.com or through the Account Settings page.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact our support team. We aim to respond to all privacy-related enquiries within 5 business days.
Contact Support