Privacy Policy

Last updated: June 11, 2026

At Fabloom ("we", "our app"), we take your family's privacy seriously. This policy explains what information we collect, how we use it, and how we protect it.

1. Children's Privacy (COPPA Compliant)

Fabloom is an audiobook app designed for children ages 3-7. We comply with the Children's Online Privacy Protection Act (COPPA).

• We do not collect personal information directly from children. The account is created by a parent (via Apple Sign In) and child profile details are entered by the parent.
• A child profile contains only: a first name (often a nickname) entered by the parent, birth year, the chosen avatar character, and a language preference.
• There are no ads anywhere in the app; we never show ads to children.
• We never share or sell children's data to any third party for advertising or analytics.
• External links and purchase flows are protected by a Parental Gate.

2. Information We Collect

Parent Account Information

• Apple Sign In identifier (email address — may be hidden via Apple's "Hide My Email")
• Subscription status (free / Premium — via RevenueCat)

Child Profile (entered by the parent)

• First name or nickname, birth year, avatar character, language preference

Usage Data

• Listening progress (which book, which chapter, playback position)
• Listening session durations
• Words and facts learned from stories (powers the parent Dashboard)

Diagnostics (Sentry)

• If the app crashes: the crash report (stack trace), device model, and iOS version
• Crash reports contain no user identifiers, child names, or emails; IP addresses are discarded server-side

Information We Do NOT Collect

• Location data
• Contact lists
• Photos or media
• Advertising identifiers (IDFA) or behavioral analytics

3. How We Use Data

We use collected data only for:

• Account management and authentication
• Resuming playback and tracking listening progress
• The parent-facing Dashboard and end-of-book recap
• Subscription entitlement management
• Finding and fixing crashes

We do not build profiles, do not serve behavioral advertising, and do not use your data to train AI models.

4. Data Storage and Security

• Data is stored encrypted on Supabase infrastructure (PostgreSQL, hosted in the United States).
• Row Level Security restricts every record to the account that owns it.
• Audio files and content are served securely via CDN.
• All communication is encrypted with HTTPS/TLS.

5. Third-Party Services (Data Processors)

• Apple Sign In: Authentication (Apple Inc.)
• Supabase: Database and storage (United States)
• RevenueCat: Subscription state management — receives only an anonymous app user ID and the App Store purchase record; never profile or listening data
• Sentry: Crash reporting — receives only the diagnostics described in section 2

These services process data solely to operate Fabloom; none may use it for advertising or their own purposes. None collect advertising identifiers (IDFA). Reminders are scheduled locally on the device — no remote push servers are used.

6. App Tracking Transparency & Privacy Manifest

Per Apple's App Tracking Transparency (ATT) framework, Fabloom does not track any user or child across devices or apps. Our Privacy Manifest (PrivacyInfo.xcprivacy) explicitly declares every data type we collect to the App Store.

7. International Transfers, GDPR-K & KVKK

Data is hosted in the United States. For users in the EU and Türkiye, transfers rely on appropriate safeguards such as Standard Contractual Clauses (SCCs). EU users may exercise their GDPR-K rights, and users in Türkiye their KVKK rights, by contacting support@fabloom.app.

8. Data Retention

• Account and child data: Permanently deleted the moment you delete your account in the app (see section 10).
• Diagnostic (crash) reports: Automatically expire after at most 90 days.
• Subscription/purchase records: Retained by Apple and RevenueCat under their own legal retention rules.

9. Parental Rights

As parents, you have the right to:

• Know whether your personal data is being processed
• View data collected about your child
• Request correction or deletion of data
• Delete the account and all associated data
• Withdraw consent for data collection
• Know third parties to whom data has been transferred

To exercise these rights, email support@fabloom.app. We respond within 30 days.

10. Account Deletion

You can delete your account directly from the app: Settings → Delete My Account (protected by the Parental Gate and a confirmation step). This immediately and permanently removes your parent account, all child profiles, listening history, and learned items.

Important: Deleting your account does not automatically cancel an active App Store subscription. Cancel separately via iPhone/iPad → Settings → Apple ID → Subscriptions.

11. Cookie Policy (Web)

The Fabloom mobile app does not use cookies. The fabloom.app website uses only essential cookies for session management — no analytics or advertising cookies.

12. Policy Changes

We may update this privacy policy periodically. We will notify you of significant changes via in-app notification and update the "Last updated" date.

13. Contact

For privacy-related questions or requests:

📧 support@fabloom.app

Data controller: Fabloom (Türkiye). For any submission under GDPR / KVKK, please use the email address above.