Privacy Policy
Last updated: January 21, 2026
At TuHistoria.App, privacy is sacred, especially because our service is family-focused. This Privacy Policy describes how we collect, use, and protect your personal information and that of the minors under your guardianship, in compliance with the General Data Protection Regulation (GDPR) and child protection regulations (such as COPPA/GDPR-K).
1. Data Controller
- Identity: Intelecta EspaƱa, S.L.
- VAT Number: B72576176
- Contact: info@tuhistoria.app
2. Data We Collect
We classify data into two categories:
A. User Data (Parent/Guardian/Adult)
- Identification: Email, User ID (UID generated by Firebase Auth).
- Technical: IP address, device data, error logs (Crashlytics).
- Transactional: Purchase history of credits (but we do NOT store full credit card data; this is managed by Stripe/Apple/Google).
- Apple Sign In: If you use "Hide My Email," we receive a private alias (@privaterelay.appleid.com) that we treat as your real email for service communications.
- Voice Samples and Biometry: In case you use the "Voice Cloning" functionality, you voluntarily provide us with recordings of your voice. These audios are processed through our provider ElevenLabs exclusively to generate a synthetic voice model (Voice ID) linked to your account. You retain the intellectual property of your voice, grant a limited license of use to the platform for the exclusive narration of your own stories, and can request the removal of the biometric model at any time from the settings.
B. Character Data (Including Minors)
To generate personalized stories, you voluntarily provide us with:
- Name or Alias: (We recommend using only the first name or a nickname).
- Date of Birth: (Used exclusively to calculate age and adapt the story's vocabulary to their developmental level. Not used for marketing).
- Interests: (e.g., "Dinosaurs," "Space").
- Emotional/Educational Focuses: (e.g., "Overcoming fears," "Courage").
- Relationship: (e.g., "Son/Daughter").
- Visual Personalization (Optional): So that the stories' illustrations resemble the
characters, the User can:
- Manually enter a physical description (e.g., "girl with glasses and blonde hair").
- Upload a photograph: In this case, the AI processes the image to automatically generate a textual description of the physical traits.
Ephemeral Privacy: If the photograph option is used, the image is employed exclusively to generate the mentioned technical description and is deleted from our servers and AI systems immediately after processing. We do not store the photograph permanently, nor is it used to train models. The resulting textual description is stored in your profile so that the AI can generate the story illustrations, and the User can edit or delete it at any time.
3. Purpose of Processing ("What we use the data for")
- Service Provision (Contractual): Generate personalized stories (text, audio, and image).
- Service Improvement (Legitimate Interest): Analyze which types of stories are most liked to adjust the system's "prompts."
- Security (Legitimate Interest): Monitor usage to prevent abuse (generation of inappropriate content) and protect the platform.
- Communications: Send you notifications about ready stories, low balance, or legal updates (no third-party advertising spam).
4. Data Sharing with Third Parties (Sub-processors)
For the magic to work, we need to share strictly necessary fragments of the data with top-tier technology providers. All of them comply with security standards (SOC2 / ISO 27001) and operate under confidentiality clauses:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Cloud (Vertex AI) | Text/Image Generation | Textual Prompt (Name, Age, Interests) | USA/Global (DPF Certified) |
| OpenAI | Text/Image/Audio Generation | Textual Prompt | USA (DPF Certified) |
| ElevenLabs | Voice Synthesis | Story text (no extra personal data) | USA/EU |
| Firebase (Google) | Database and Auth | Email, Encrypted Profiles, Avatars | Global |
| AWS (Amazon) | Transactional Email Delivery | EU/USA | |
| Stripe | Payment Processing | Billing data (tokenized) | Global |
NO TRAINING Policy: We have configured our contracts and API parameters with IA providers to request that they DO NOT use your data or your stories to train their public models. Your data is yours.
5. International Transfers
Some providers are in the USA. The data transfer is legitimized by the Data Privacy Framework (DPF) EU-USA to which Google and OpenAI are adhered, or through Standard Contractual Clauses (SCC) approved by the European Commission.
6. Child Safety
Registration in TuHistoria.App is restricted to those over 18 years old (or the legal age in your jurisdiction). This service is not designed to be used directly by minors without supervision. We require the account holder to be an adult. By entering a minor's data, you guarantee that you exercise parental authority or guardianship and grant your Express Consent for the processing of such data with the sole purpose of creating the story.
We do not share or sell children's data to advertising networks.
7. Your Rights (ARCO)
You can exercise your rights of Access, Rectification, Erasure ("Right to be Forgotten"), Limitation, and Portability:
- From the App: In "Settings > My Account > Delete Account" (this permanently deletes all data, stories, and credits).
- By Email: Writing to info@tuhistoria.app with the subject "Data Rights."
8. Conservation
We will keep your data as long as you have an active account. If you delete your account, we will block the data for the legal period necessary to meet potential liabilities (e.g., 5 years for billing) and subsequently delete them permanently.
Audit Logs: For security reasons, fraud prevention, and resolution of technical disputes, we keep activity logs for a maximum period of 90 days, after which they are automatically deleted.
9. Technological Security
We implement state-of-the-art technical measures to protect your information:
- Encryption in Transit: All communications are carried out using secure HTTPS protocols with TLS 1.3.
- Encryption at Rest: Data stored in our databases and file systems use high-security native encryption (AES-256).
- Data Isolation: We use server-level security rules that guarantee that only you can access your own information through unique identifiers (UID).
10. Tracking Technologies
TuHistoria.App uses internal technical identifiers to maintain the session and preferences. We do not use IDFA (Identifier for Advertisers) for advertising tracking.
We use aggregate analysis tools (such as Firebase Analytics and Crashlytics) that do not personally identify minors, solely to improve the technical usability of the application.
For any questions regarding privacy, contact our Data Protection Officer (DPO) at: info@tuhistoria.app