Satuni logo

Every day deserves a fairytale

Privacy Policy

Effective Date: October 19, 2025

Last Updated: October 19, 2025

Introduction

At Satuni, we take your privacy and the privacy of your children seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our AI-powered personalized children's storytelling service available at app.satuni.ai.

Service Provider Information

Satuni

Veikko Laitinen

hello@satuni.ai

Oivaltajantie 10, 60100 Seinäjoki, Finland

Data Protection Officer: Veikko Laitinen, veikko@satuni.ai, +358 40 7193838

Applicable Legislation

This Privacy Policy complies with: EU General Data Protection Regulation (GDPR), Finnish Data Protection Act, Finnish Consumer Protection Act.

Data We Collect

We collect the following categories of personal information:

1. User Account Information

Data collected: Authentication is managed through Clerk (https://clerk.com). We collect: Email address (required), Name (optional but recommended), Password (hashed, never stored in plain text), Profile picture (optional), Account creation timestamp, Last login timestamp, IP address (for login history), Device and browser information (for technical support).

Purpose: User identification and authentication, Account security (password recovery, suspicious activity detection), Communication when necessary (notifications, support).

Retention: As long as your account is active. You can delete your account at any time.

Third parties: Clerk (https://clerk.com) - Authentication service provider. Data processing: EU/US (see Clerk's Privacy Policy). Privacy Shield / Standard Contractual Clauses.

2. Family Organization Information

Data collected: We collect: Clerk Organization ID (automatically generated), Family name, Family description (optional), Creation timestamp, Membership relationships (who belongs to which family).

Purpose: Grouping family-specific content, Enabling access control (only family members see content).

Retention: As long as the family organization exists. The family owner can delete the family at any time.

3. Family Member Information

Data collected: We collect: Name (required), Description (optional, e.g., '6-year-old boy who loves dinosaurs'), Birth year (optional), Birth month (optional, 1-12), Gender (optional: boy, girl, other, prefer not to say), Family role (optional: parent, child, grandparent, aunt/uncle, godparent, other), Hobbies (optional list), Toys (list: name, description), Friends (list: name, description), Reference image (optional, stored in Supabase Storage), Voice profile ID (optional, ElevenLabs voice ID).

CHILDREN'S DATA: The Service collects information about children (names, birth years, descriptions, images). This data is necessary for the Service to function (personalized stories). Data collection occurs only with parental/guardian consent. Children's data is not public; only family members can see it. Children's data is not shared with third parties (except technical partners, see below).

Purpose: Creating personalized stories, Visual consistency of characters in stories, Selecting voice profiles.

Retention: As long as the family exists. The family owner can delete members at any time.

Third parties: Supabase (https://supabase.com) - Image storage. Data processing: EU (Frankfurt data center). GDPR-compliant. OpenRouter/Google Gemini - Avatar image generation. Images sent to AI temporarily, not permanently stored on AI side. See OpenRouter and Google privacy policies.

4. Pet Information

Data collected: We collect: Animal species (e.g., 'dog', 'cat'), Name, Description (optional), Reference image (optional, stored in Supabase Storage).

Purpose: Including pets as characters in stories.

Retention: As long as the family exists.

5. Fictional Characters

Data collected: We collect: Name, Description, Reference image (optional, stored in Supabase Storage).

Purpose: Adding fictional characters to stories.

Retention: As long as the family exists.

6. Diary Entries

Data collected: We collect: Date, Free-text description of daily events, 0-5 images (stored in Supabase Storage), Creator's user ID (Clerk User ID), AI-cleaned version of text (optional, created only on user request), Reference to created story (if story created from diary entry).

Purpose: Storing user notes, Facilitating story creation (user can select diary events as story basis).

Retention: As long as the family exists. Users can delete individual entries.

Third parties: OpenRouter/OpenAI GPT-4o - Text 'cleaning' (optional feature). Text sent to AI temporarily, not permanently stored on AI side.

7. Created Stories

Data collected: We collect: Title, Language (fi/en), Story type (real/fiction), Main character (reference to family member/pet), Supporting characters (references to family members/pets/friends), Events (3-5 user-written descriptions, if real story), Lesson/moral (optional), Theme (if fiction story), Characters (snapshot of character data at story creation time), 8 scenes, each containing: Title, Text, References to characters in scene, Image generation prompt (in English), Image key (Supabase Storage), Cover image (Supabase Storage), AI-generated audio track (Supabase Storage), Timing file (JSON, Supabase Storage), Audio duration in seconds, User-recorded audio tracks (list): Narrator name, Audio file (Supabase Storage), Audio duration, Recording timestamp, Creator's user ID, Favorite flag (boolean), Moderation (isBanned, bannedReason, bannedAt), Credit charge information (periodKey, source, chargedAt).

STORY CONTENT: Stories are created using AI based on user-provided information. Story text, images, and audio tracks are stored in Supabase Storage. Stories are private; only family members can see them. Stories are not shared outside the Service without user permission.

Purpose: Storing and playing stories, Maintaining story library, Tracking credits.

Retention: As long as the user wants (can delete individual stories).

Third parties: OpenRouter/OpenAI GPT-4o - Story text generation. OpenRouter/Google Gemini - Image generation. ElevenLabs (https://elevenlabs.io) - Audio generation (Text-to-Speech). Data processing: see ElevenLabs Privacy Policy. Supabase - Image and audio storage.

8. Emotion Stories

Data collected: We collect: Same as regular stories, plus: Always 2 characters (protagonist + supporting), Theme (e.g., 'friendship', 'fear', 'new situation'), Moral/lesson, Always 8 scenes, 2 interactive dialogues: Location in story (middle and end), Scene context, Focus character (whose emotions are discussed), Main question, Emotion options (2-4, e.g., 'happy', 'sad', 'scared'), Follow-up questions for adults.

Purpose: Supporting socio-emotional learning, Interactive storytelling between parent and child.

Retention: Same as regular stories.

9. Payment Information

Data collected: We collect (in MongoDB): Subscription type (none, mini, basic, pro), Subscription status (none, incomplete, active, past_due, canceled, unpaid), Billing provider (stripe), Stripe Customer ID, Stripe Subscription ID, Stripe Price ID, Stripe Product ID, Billing period start and end dates, Period key, Credits used (storiesUsed, subscriptionCreditsLeft), Extra credits (extraCredits.stories). NOTE: Actual payment cards and payment history are stored in Stripe, not on our server.

Purpose: Managing subscriptions, Tracking and resetting credits, Enabling billing.

Retention: As long as the family exists. Stripe retains payment history according to their policies.

Third parties: Stripe (https://stripe.com) - Payment processing. Data processing: EU/US (see Stripe Privacy Policy). PCI DSS compliant. Stripe Customer Portal for customers to manage subscriptions.

10. Technical Data

Data collected: We collect: IP address (short-term, for security only), Device and browser (User-Agent), Operating system, Screen size (for responsive design optimization), Language settings (fi/en), Timestamps (createdAt, updatedAt), Error logs (only for troubleshooting technical issues).

Purpose: Technical maintenance of the Service, Security monitoring (detecting suspicious activity), Improving user experience.

Retention: Technical logs: maximum 90 days. User-Agent and language settings: session duration.

Third parties: Vercel Analytics (https://vercel.com) - Analytics. Data processing: EU/US. Anonymous analytics, no cookies.

11. Child Lock

Data collected: We collect: 4-digit PIN code (stored in family in MongoDB), Child lock state (localStorage on user's device).

Purpose: Restricting children's access to settings and billing information, Parental assistance tool.

Retention: PIN code: as long as the family exists (can be reset). Child lock state: localStorage (parent can remove anytime). NOTE: PIN code is stored in plain text (not hashed) as it is only a UI protection, not a security mechanism.

Legal Basis for Data Processing (GDPR)

Consent (Art. 6(1)(a) GDPR)

Users provide explicit consent for data processing when registering. Parents/guardians provide consent for children's data.

Contract Performance (Art. 6(1)(b) GDPR)

Data processing is necessary to provide the Service. Without family member information, personalized stories cannot be created.

Legitimate Interest (Art. 6(1)(f) GDPR)

Technical data (IP, User-Agent) is collected for security and service improvement purposes.

Sharing Data with Third Parties

We share data only with technical partners (data processors) necessary to provide the Service:

Clerk (https://clerk.com)

Purpose: User authentication and organization management

Location: EU/US

Protection: GDPR-compliant, Standard Contractual Clauses

MongoDB Atlas (https://www.mongodb.com)

Purpose: Database

Location: EU (Frankfurt)

Protection: GDPR-compliant

Supabase (https://supabase.com)

Purpose: Image and audio storage

Location: EU (Frankfurt)

Protection: GDPR-compliant

OpenRouter (https://openrouter.ai)

Purpose: AI models (text and image generation). Models: OpenAI GPT-4o, Google Gemini 2.5 Flash Image

Location: US

Protection: See OpenRouter, OpenAI, and Google privacy policies. NOTE: User-provided information (names, descriptions) is sent to AI for story creation. AI models do not permanently store user data (see OpenAI and Google Data Processing Agreements).

ElevenLabs (https://elevenlabs.io)

Purpose: Text-to-Speech audio synthesis

Location: US/EU

Protection: See ElevenLabs Privacy Policy. NOTE: Story text is sent to ElevenLabs for audio generation.

Stripe (https://stripe.com)

Purpose: Payment processing

Location: EU/US

Protection: GDPR-compliant, PCI DSS compliant. NOTE: Payment cards are stored in Stripe, not on our server.

Vercel (https://vercel.com)

Purpose: Hosting and analytics

Location: EU/US

Protection: GDPR-compliant

We do NOT share data with: Marketing partners, Advertisers, Data brokers, Other third parties (except technical partners listed above).

Exceptions: Government requests (if required by law), Legal obligations (e.g., criminal investigation).

Data Transfers Outside EU

Third parties processing data in the United States:

Clerk, OpenRouter (OpenAI, Google), ElevenLabs, Stripe (partially), Vercel (partially).

Safeguards: Standard Contractual Clauses (SCC), EU-US Data Privacy Framework (if applicable), Data Processing Agreements (DPA) with all partners.

User rights: Users can object to data transfers outside the EU. This may limit Service functionality (AI services won't work without data transfers).

Your Rights (GDPR)

You have the following rights regarding your personal data:

1. Right of Access (Art. 15 GDPR)

You can request a copy of all data we store about you. We will respond within 30 days. The first copy is free of charge.

2. Right to Rectification (Art. 16 GDPR)

You can correct incorrect information at any time. Most data is editable directly through the Service (settings, family members).

3. Right to Erasure (Art. 17 GDPR, 'right to be forgotten')

You can delete all your data at any time. Deletion includes: User account (Clerk), Family data (MongoDB), Stories (MongoDB), Images and audio (Supabase), Diary entries (MongoDB). Deletion is permanent and irreversible. Payment history remains in Stripe for accounting requirements (7 years).

4. Right to Restriction of Processing (Art. 18 GDPR)

You can request restriction of data processing in certain situations. E.g., if you dispute the accuracy of the data.

5. Right to Data Portability (Art. 20 GDPR)

You can request your data in machine-readable format (JSON). We will provide export functionality (coming soon).

6. Right to Object (Art. 21 GDPR)

You can object to data processing. This usually results in termination of Service use (data is necessary for Service functionality).

7. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

The Service uses AI for content creation, but not for automated decisions about users. Content moderation (story banning) may be done automatically, but users can appeal.

To exercise your rights: Email: hello@satuni.ai. We will respond within 30 days. First requests are free of charge. Repeated or manifestly unfounded requests may be charged.

Right to lodge a complaint: You can file a complaint with the supervisory authority: Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi, Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Postal address: PO Box 800, 00531 Helsinki, Phone: 029 566 6700, Registry office: 029 566 6768, Email: tietosuoja@om.fi

Data Security

Technical Safeguards:

  • Encryption: All data transmission encrypted (HTTPS/TLS), Database encrypted at rest (MongoDB encryption at rest), Supabase Storage encrypted
  • Access Control: Clerk authentication (OAuth 2.0), Organization-level access restrictions, Private Supabase buckets (no public access), Signed URLs with time limit (1 hour)
  • Passwords: Managed by Clerk (bcrypt/Argon2 hashing), Password requirements (minimum 8 characters)
  • API Security: Clerk middleware for authentication, Organization ID verification in every request, Rate limiting (coming soon)
  • Databases: MongoDB Atlas (managed service), Supabase (managed service), Automatic backups
  • Logging and Monitoring: Error logs (do not contain sensitive data), Access logs (IP addresses, timestamps), Suspicious activity detection (Clerk)

Organizational Safeguards:

  • Personnel: Only authorized personnel access production data, Non-disclosure agreements, Data protection training
  • Security Incidents: We will notify users within 72 hours, We will notify supervisory authority (GDPR Art. 33), We document and analyze incidents
  • Development Processes: Code reviews, Dependency checks (npm audit), Regular security updates

User Responsibility:

  • Password Security: Users are responsible for password security, Use strong passwords, Do not share passwords
  • Child Lock PIN: PIN is only UI protection, not a security mechanism, Do not share PIN with children (if you want to restrict access)
  • Device Security: Users are responsible for their own devices, Log out from public devices

Cookies

Necessary Cookies:

  • Clerk Session: Purpose: Keeping user logged in. Duration: Session or 'remember me' (30 days). Type: First-party cookie
  • Child Mode: Purpose: Remembering child lock state. Duration: Until user removes. Type: localStorage (not a cookie)

Non-Necessary Cookies: The Service does NOT use non-necessary cookies (e.g., advertising, tracking).

Analytics: Vercel Analytics - Anonymous analytics (no cookies), No personal data, No consent required.

Children's Privacy

Age Limit: The Service is intended for users 18 years and older. Minors may use the Service with parental/guardian permission.

Children's Data: The Service collects information about children only with parental/guardian consent. Data (names, birth years, descriptions, images) is necessary for Service functionality. Children's data is not shared outside the Service (except technical partners, see above). Parents can delete children's data at any time.

COPPA (Children's Online Privacy Protection Act): The Service is not primarily directed at children under 13. Parents use the Service to create content for their children. If used in the United States, parental consent is required (COPPA).

EU Recommendations: GDPR Art. 8: Parental consent required for children under 16 (in Finland: 13 years). Parents are responsible for their children's data processing.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated to users via email or through the Service. The latest version is always available at: https://app.satuni.ai/privacy.

Contact Information

Privacy Inquiries: Email: hello@satuni.ai, Address: Oivaltajantie 10, 60100 Seinäjoki, Finland

Data Protection Officer: Veikko Laitinen, Email: veikko@satuni.ai, Phone: +358 40 7193838

Supervisory Authority: Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi, Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Postal address: PO Box 800, 00531 Helsinki, Phone: 029 566 6700, Registry office: 029 566 6768, Email: tietosuoja@om.fi

Back to Home