Skip to content

Privacy Notice

Effective date: April 20, 2026

This Privacy Notice explains how Carajillo Solutions LLC ("we," "us," or "our"), a Texas limited liability company, collects, uses, and protects your personal information when you use the Service. Our mailing address is 13423 Blanco Rd, San Antonio, Texas 78216. For privacy inquiries, contact us at privacy@caraji.io.

1. Information we collect

About the parent or guardian (account holder):

  • Email address (used for authentication and account communications)
  • Display name (optional, self-entered)
  • Google account ID and name (only if you choose to sign in with Google)
  • Stripe customer ID (created automatically when you make a payment)
  • IP address and browser/device information (collected automatically on each request)
  • Preferred locale and referral code (if applicable)

About your child (child profile data):

  • Nickname or name (does not need to be a legal name)
  • Age (1–17)
  • Gender (optional)
  • Interests and themes (e.g., dinosaurs, space, music)
  • Favorite fictional characters
  • Bedtime challenges (e.g., separation anxiety, fear of the dark)
  • Bedtime preferences (story vs. meditation, length)
  • Calming/comfort imagery (optional)
  • Names and relationships of family members or pets (optional, for meditation personalization)
  • Default story language

Usage and content data: generated stories (text, title, theme, mood, length, voice, language), audio files, parent-provided daily context (max. 200 characters per session), credit transaction history.

We do not collect payment card numbers or banking credentials. Payments are processed exclusively by Stripe, Inc.

2. How we use your information

Essential purposes (required to provide the Service):

  • Authenticating your account and delivering the Service
  • Generating personalized bedtime stories and meditations for your child using AI
  • Generating narrated audio using voice-synthesis technology
  • Processing payments and managing your subscription or credit balance
  • Sending transactional emails (magic links, receipts, account notices)

We do not use your data for targeted advertising, behavioral profiling, or third-party marketing.

3. AI story generation and Anthropic

To create personalized stories and meditations, child profile data (name, age, gender, interests, favorite characters, bedtime challenges, comfort imagery, family member names, and the optional daily context you provide) is transmitted to Anthropic, PBC via their Claude API. Anthropic processes this data solely to return story text to us.

Important: Anthropic does not use commercial API inputs or outputs to train its models (per Anthropic's Commercial Terms of Service). Data is transmitted over TLS encryption. Anthropic retains API inputs only for abuse monitoring in accordance with their data retention policy. You can delete a child profile at any time, which prevents any further transmission of that child's data to Anthropic.

4. Children's privacy — COPPA notice to parents

The Service is designed for parents and legal guardians to create personalized content for their children. We do not knowingly solicit data directly from children. All child profiles are created and managed by adult account holders.

Data we collect about children under 13 includes: nickname, age, gender (optional), interests, favorite characters, bedtime challenges, bedtime preferences, comfort imagery, family member names/relationships (optional), and default language. This data is used solely to personalize stories and meditations.

Parental rights:

  • Review: you may request a copy of the data we hold for your child by emailing privacy@caraji.io.
  • Delete: you may delete a child profile at any time within the app. Deleted profiles are purged from our systems within 30 days.
  • Refuse further collection: you may delete the profile to stop all further collection and transmission of that child's data.

We do not condition a child's participation in the Service on collecting more information than is reasonably necessary to provide it.

Parental consent is provided when you, as the account holder, check the consent acknowledgment when creating a child profile. This constitutes verifiable parental consent under COPPA's internal-activities exception (16 C.F.R. § 312.5(b)(1)).

5. Subprocessors

ProviderCountryPurpose
Anthropic, PBCUnited StatesAI story and meditation generation (Claude API)
Google LLCUnited StatesVoice synthesis (Text-to-Speech API) and optional OAuth sign-in
Stripe, Inc.United StatesPayment processing
Brevo (Sendinblue SAS)France (EU)Transactional email (magic links, receipts)
DigitalOcean LLCUnited StatesCloud hosting and database
Honeybadger Industries LLCUnited StatesApplication error monitoring

All subprocessors are bound by data processing agreements or terms of service that restrict their use of your data.

6. International data transfers

Our servers and most subprocessors are located in the United States. If you are located outside the United States (including Mexico), your data is transferred internationally when you use the Service. By creating an account you acknowledge and consent to this transfer. Brevo (our email provider) is based in France/EU and processes email delivery data within the EU.

7. Data retention

  • Active account: retained for the life of the account
  • Deleted child profile: purged within 30 days of deletion
  • Account deletion: personal data deleted or anonymized within 30 days of request
  • Payment records (Stripe): retained for 10 years as required by US tax law
  • Application logs: purged after 90 days

8. Security

We protect your data with: HTTPS/TLS encryption in transit, encrypted credential storage, Pundit-based authorization controls, and Rack::Attack rate limiting on authentication endpoints.

9. Your rights

Regardless of your location, you may:

  • Request a copy of the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Withdraw consent for child profile creation by deleting the profile

Mexican residents also have ARCO rights under the LFPDPPP (Access, Rectification, Cancellation, Opposition). To exercise ARCO rights, email privacy@caraji.io with your full name, registered email, and a description of your request. We respond within 20 business days. If unsatisfied, you may contact INAI (inai.org.mx).

To exercise any privacy right, email privacy@caraji.io.

10. Cookies

We use only strictly necessary cookies. See our Cookie Policy for details.

11. Changes to this notice

We will notify you of material changes by email at least 30 days before they take effect. The current version is always available on this page.

12. Contact

Privacy questions or requests: privacy@caraji.io
Carajillo Solutions LLC · 13423 Blanco Rd · San Antonio, TX 78216