Privacy Policy

Effective April 3, 2026 | Polly Labs, LLC

The short version: We collect what we need to make Polly work. We don't sell your data. We don't use your stories to train AI. We're transparent about which third parties help us run the service.

1. Information We Collect

Account Information

  • Name, email address, and password (stored hashed, never in plain text)
  • Household name

Family & Personal Data

  • Family tree: names, relationships, birth years, bios, deceased status, minor status
  • Family member email addresses (used for Polly-to-Polly connection matching)
  • Photos uploaded to the gallery (with optional captions and dates)
  • Hometown and birth year (used for nostalgia generation)

Voice & Story Data

  • Audio recordings captured by the Polly device after wake word activation
  • Transcriptions of those recordings
  • AI-generated narratives, chapters, prayers, and nostalgia content
  • Messages exchanged between family members and connected households

Care Data

  • Reminder names, notes, and scheduled times
  • Prayer requests and names

Device & Technical Data

  • Device IDs and firmware versions
  • WiFi connection status and IP addresses (for weather features)
  • Session cookies for authentication
  • CSRF tokens for security

Payment Data

  • Processed entirely by Stripe. Polly Labs never sees or stores your full credit card number.

2. How We Use Your Data

  • Core service: Recording, transcribing, storing, and playing back your stories
  • AI features: Generating narrative chapters, nostalgia snippets, and prayers from your content
  • Legacy book: Organizing stories into a printable book with your photos
  • Family connections: Matching family members by email, enabling shared walls
  • Payments: Processing subscriptions through Stripe
  • Notifications: Sending account-related emails (password resets, connection requests)
  • Improvements: Understanding usage patterns to improve the service

What we do NOT do:

  • We do NOT sell your personal data to anyone
  • We do NOT use your stories or recordings to train AI models
  • We do NOT show you ads or share data with advertisers
  • We do NOT share your content with anyone you haven't authorized

3. Third-Party Services

We use the following services to operate Polly Connect. Each processes specific data as described:

Google Cloud Speech-to-Text

Receives: audio recordings for transcription

Purpose: Converting your voice to text

OpenAI (GPT-4)

Receives: story transcriptions for narrative generation

Purpose: Writing book chapters, nostalgia snippets, prayers

Note: OpenAI's API does not use API inputs to train models

Amazon Web Services (Polly TTS)

Receives: text for speech synthesis

Purpose: Polly's voice responses through the device

Stripe

Receives: payment card information (directly, not through our servers)

Purpose: Subscription billing

Lulu Press

Receives: legacy book PDF files for printing

Purpose: Print-on-demand book fulfillment

ElevenLabs

Receives: text for voice synthesis

Purpose: Enhanced voice generation (future feature)

4. Data Sharing Between Families

  • Shared walls: Photos, stories, and messages you share on a connected family's wall are visible to both households.
  • Family access codes: Family members who join with an access code can view stories, photos, and messages within your household.
  • Email matching: Family member email addresses are used to detect if someone has their own Polly account, enabling one-click connection. Emails are never displayed to other users.
  • Connection requests: When you send a connection request, the other household sees your household name. They can accept or decline.

5. Children's Privacy

  • You must be 18 years or older to create a Polly Connect account.
  • Children may be mentioned in family trees and stories. This content is controlled by the adult account owner.
  • We mark family members under 18 with a "minor" flag. Minor members' bios are hidden from family role users.
  • We do not knowingly collect personal information directly from children under 13.
  • If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly.
  • If you believe a child has provided us personal information, contact us immediately.

6. Cookies & Local Storage

  • Session cookies: Required for login authentication. Cannot be disabled while using the service.
  • CSRF tokens: Security tokens to prevent cross-site request forgery.
  • localStorage: Stores UI preferences (dismissed page tips, sound settings). Stays on your device.
  • We do not use third-party tracking cookies, analytics pixels, or advertising cookies.

7. Data Retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted content: When you delete a story, photo, or recording, it is removed from our servers.
  • Messages: Expire after 24 hours automatically.
  • Account deletion: Contact us to delete your entire account and all associated data.
  • Canceled subscriptions: Your data remains safe. You retain read-only access. We do not delete data due to non-payment.

8. Data Security

  • Passwords are hashed using bcrypt (never stored in plain text)
  • All data transmitted over HTTPS (SSL/TLS encryption)
  • CSRF protection on all forms
  • Rate limiting on authentication endpoints
  • Tenant isolation: each household's data is separated in our database
  • Photo access requires authentication

No system is 100% secure. We take reasonable measures to protect your data, but cannot guarantee absolute security.

9. Your Rights

  • Access: View all your data through the web portal at any time.
  • Edit: Correct any personal information through the Settings page.
  • Delete: Remove individual stories, photos, or your entire account.
  • Export: Download your legacy book as a PDF (Legacy tier).
  • Disconnect: Remove connections with other families at any time.

To exercise any of these rights, use the web portal or email us at support@polly-connect.com.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we'll notify you by email. The effective date at the top of this page will always reflect the latest version.

11. Contact Us

Polly Labs, LLC
Email: support@polly-connect.com
Web: polly-connect.com/contact