Privacy Policy

Last updated: May 15, 2025

COPPA Compliance (Children's Online Privacy Protection Act)

Piepie is fully compliant with the Children's Online Privacy Protection Act (COPPA), administered by the U.S. Federal Trade Commission (FTC). We are specifically designed for children under 13 and take special precautions to protect their privacy.

We do not collect personal information from children without verifiable parental consent. Parents create accounts and set up child profiles, providing explicit consent. We do not collect children's email addresses, full names, or persistent identifiers beyond what is necessary for service delivery.

Children's data is used solely to provide the Piepie service. We never sell, share, or use children's data for advertising, marketing, or any third-party purpose. Parents may request deletion of their child's data at any time by contacting privacy@piepie.ai.

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process data under the legal bases of: (1) contract performance for subscription services; (2) legitimate interests for safety monitoring; (3) parental consent for children's data processing.

EEA residents have the right to access, rectify, erase, restrict, and port their data. To exercise these rights, contact dpo@piepie.ai.

FERPA Compliance

For educational use, Piepie supports FERPA-ready school data handling, with workflows designed to help schools and educators handle student data carefully and responsibly.

Data We Collect

Parents: Email address, name, profile picture (from Google OAuth), subscription information, payment information (processed by Polar, not stored by us).

Children: First name only, age/birth year (for content calibration), gender (optional, for pronoun use), conversation history, safety event logs.

We do not collect: Children's full names, email addresses, location data, biometric data, persistent advertising identifiers.

Data Retention

Conversation history is retained for 90 days by default. Parents may request immediate deletion. Safety notifications are retained for 1 year for audit purposes. Parent account data is retained while the account is active.

Security

All data is encrypted in transit and at rest. We use strong technical and organizational safeguards, regular security reviews, and controls that support data sovereignty requirements.

Contact Us

Privacy questions? Use our contact form or email privacy@piepie.ai and our team will get back to you.