Payments are in test mode — use card 4242 4242 4242 4242 to try checkout.
Tunytot

Privacy Policy

Version 2.2 · Effective 17 May 2026

We know you're a busy parent. So we've written this in plain English, with a short summary at the top of each section. The short version: Tunytot exists to make your toddler's day a little easier. We collect the minimum needed to make a personalised song, and we protect your child's information like it's our own.

1. Who we are

In plain English: Tunytot is run by Pritesh Vegad as a sole trader. Company incorporation is in progress — we'll update this section when complete.

Tunytot is operated by Pritesh Vegad trading as Tunytot ('we', 'us', 'our'). For anything to do with your data, email tunytot.app@gmail.com. We'll always respond within five working days.

For users in the UK and EEA, we process your personal data in line with the UK GDPR and the Data Protection Act 2018. For users in the United States, we comply with COPPA. We do not knowingly collect personal data directly from children under 13.

2. Who this is for

In plain English: This service is for parents and guardians, not for children.

Tunytot is built for adults aged 18 and over. By creating an account, you confirm that: you're at least 18; you're the parent or legal guardian of any child you create songs for; and you're happy for us to process the information described in this policy.

Children must not register or use the Service independently. If we discover that a child under 13 has created an account without verified parental consent, we'll delete that account and all associated data immediately.

3. What we collect

3.1 Your account details

In plain English: Just your email and a display name so you can log in and keep your songs saved.

When you sign up via Clerk (our authentication provider), we collect your email address and a display name. We don't ask for a phone number, date of birth, or payment details.

3.2 Your child's details

In plain English: A first name or nickname, an age range, and whatever interests you choose to share. Nothing more.

To make a personalised song, you give us your child's first name or nickname (never their full name), their approximate age range, and their interests — things like dinosaurs, trucks, or space.

Legal note: Child names never appear in URLs. We use opaque, randomised identifiers throughout. Child names are stored only in your private account — never visible to other users or shown publicly.

3.3 Song content

In plain English: Your child's name appears in the lyrics and title of their personalised song. This is the whole point of the service — but it means we need to be transparent about where that data goes.

When a song is generated, your child's name is incorporated into the song lyrics and title. These are then sent to Google's Lyria 3 music model (via the Gemini API) to generate the audio. This means your child's first name is processed by Google as part of the audio generation step.

Google processes this data as a data processor under our agreement with them, in accordance with their standard GDPR data processing terms. The name is used solely to generate the audio and is not retained by Google for any other purpose.

3.4 How you use the app

In plain English: We use PostHog for anonymised product analytics. No child names or interests are ever shared with PostHog.

We use PostHog (EU region) to collect anonymised usage data — which features you use, session duration, and device type. PostHog autocapture is restricted to an explicit opt-in allowlist only — child names, interests, lyrics, and all free-text inputs are excluded from capture at the configuration level. No child names, ages, or interests are passed to PostHog. PostHog operates under a data processing agreement with appropriate GDPR safeguards.

3.5 Anonymous sessions

In plain English: You can try making a song — up to 3 plays — before you sign up. Your song waits for you when you create an account.

If you use the Service before signing up, we store a temporary token in your browser to track your anonymous session. When you create an account, your anonymous songs are securely transferred via our claim process, and the temporary token is deleted.

3.5a Retention of anonymous creations

In plain English: If you make a song without signing up, the song waits 14 days for you to claim it. If you never play it and never sign up, we delete it within 48 hours. Audio files are stored privately and only opened with short-lived, signed links — they are not crawlable or shareable as public URLs.

Anonymous tunies are subject to two automatic retention windows enforced daily in our database:

  • 14-day claim window. Any anonymous song not claimed into a registered account within 14 days of creation is hard-deleted (lyrics, title, audio, and metadata). Share links stop working at that point.
  • 48-hour orphan sweep. Anonymous songs that have not been played at all are hard-deleted within 48 hours, even before the 14-day window expires. This minimises retention of personal data (including a child's first name in lyrics/title/audio) for funnel drop-offs that never reached playback.

Audio files live in a private storage bucket. We never serve the underlying object publicly: the player loads audio through a one-hour signed URL minted server-side at the moment of playback. The share page is also marked noindex so it does not appear in search engines. We are transparent that during an anonymous session, the child's first name you entered is embedded in the song's lyrics, title, and audio waveform — the retention windows above exist to keep that exposure narrow when a parent never returns.

3.6 Communications

In plain English: We only contact you if you've asked us to. You can turn this off any time.

If you opt in to routine notifications, we store that preference and act on it. We don't send marketing emails without your explicit consent.

4. How we use your information

In plain English: We use your data to make your songs, keep your library working, and make the app better. Not for advertising. Not for profiling. Just to make Tunytot work for you.

Making your songs (contract performance):

  • Generating and saving personalised Tunies
  • Maintaining your library and account across sessions
  • Transferring anonymous songs on signup

Improving Tunytot (legitimate interests):

  • Analysing anonymised usage data to improve song quality and app design
  • Identifying and fixing technical issues

Staying legal (legal obligation):

  • Keeping records required by law
  • Responding to lawful requests from authorities

With your permission (consent):

  • Sending notifications or email updates — withdraw consent any time
Legal note: We never use child names or interests for advertising, profiling, or any purpose beyond creating your songs.

5. Children's data — how we protect it

In plain English: This section matters most.
  • Child data is only accessible to the parent or guardian account that created it
  • Child names are never visible to other users or shown publicly
  • Child names never appear in shareable URLs — we use randomised share tokens
  • Songs you publish publicly are stripped of child-identifying information before display
  • We enforce these restrictions at the database level using Row-Level Security — a technical lock, not just a policy
  • We don't build profiles of children, sell child data, or use it commercially
Legal note: COPPA (US users): Your use of the Service constitutes parental consent for the limited data collection described here for children under 13. You can revoke consent and request deletion at any time by emailing tunytot.app@gmail.com.

6. Who we share your data with

In plain English: We don't sell your data. We share it only with the services that make Tunytot work.

Clerk — authentication
Handles your login. Processes your email and session tokens under a GDPR data processing agreement. Some authentication metadata may be stored outside the EEA under Standard Contractual Clauses.

Supabase — database, storage, and edge hosting
Stores your songs, children's profiles, and library. Tuny audio is held in a private storage bucket served only via short-lived signed URLs. Data is stored in EU/UK regions under a data processing agreement.

Lovable AI Gateway — lyric generation
Routes lyric-generation requests to large-language-model providers on our behalf. Your child's first name and chosen routine/interests are sent in the prompt so the lyrics can reference them. Lovable AI Gateway acts as our processor and does not retain the prompt for model training.

Google (Vertex AI / Lyria 3) — audio generation
Generates the song audio from the finished lyrics. Your child's first name appears in those lyrics, as described in Section 3.3. Google processes this under their standard GDPR data processing terms and does not use the content for model improvement.

Stripe — payments
Processes subscriptions and one-off purchases if you choose to upgrade. Stripe receives only the data needed to take payment (email, billing country, card details entered directly into Stripe's own form). We never see or store full card numbers.

OneSignal — push notifications
Delivers routine reminders if you opt in. Receives a device-level push token and the notification payload (no child name in the payload).

PostHog — analytics
Collects anonymised usage data. Autocapture is restricted to an opt-in allowlist — no child names, ages, or interests are captured. PostHog operates under a data processing agreement and stores data in the EU.

Cloudflare — edge delivery and DDoS protection
Serves the website and acts as a CDN/edge layer. Processes connection metadata (IP, user agent) for security and abuse prevention.

Legal requirements and business changes
We may share information if required by law or court order. If Tunytot is ever acquired, we'll notify you at least 30 days before any transfer of personal data.

7. Cookies and tracking

In plain English: We use essential cookies and PostHog analytics. No advertising or behavioural tracking.

We use essential cookies and browser storage to keep you logged in and remember your anonymous session. We also use PostHog for anonymised product analytics. PostHog autocapture is restricted to an explicit opt-in allowlist — form fields, child names, and free-text inputs are excluded. We don't use any advertising, behavioural, or third-party tracking cookies.

8. How long we keep your data

In plain English: Your data stays as long as your account is active. Delete your account and we delete your data within 30 days.

We keep your account data for as long as your account is open. If you delete your account, all personal data — including your child's name, interests, and songs — will be deleted or anonymised within 30 days. Backups are purged within 90 days. You can delete a specific child profile at any time; we'll complete this within 30 days and confirm in writing.

Anonymous songs (created before sign-up) are retained on a much shorter clock: 14 days from creation, or 48 hours if never played. See Section 3.5a.

Legal note: UK GDPR right to erasure: Soft-delete is implemented throughout the Service. We confirm completion in writing for every erasure request.

9. Your rights

In plain English: You're in control of your data and your child's data. Just email us.

Under UK GDPR you have the right to: access the data we hold; correct inaccurate data; request deletion; restrict processing; receive your data in a portable format; object to legitimate-interest processing; and withdraw consent at any time. Email tunytot.app@gmail.com. We'll respond within one month. You can also complain to the ICO at ico.org.uk.

10. Security

We protect your data using HTTPS/TLS for all data in transit; database Row-Level Security so users can only access their own records; opaque UUIDs and share tokens; rate limiting on anonymous sessions; input validation on server functions; HMAC signature verification on webhook endpoints; and content moderation on all generated and user-edited lyrics before audio is rendered. If we become aware of a breach, we'll notify you and the relevant authority within 72 hours.

11. International transfers

Our primary infrastructure is in the UK and EU (Supabase). Clerk may store authentication data outside the EEA — they use Standard Contractual Clauses as the transfer mechanism. Google (Gemini API) processes data internationally under Google's GDPR data processing terms. PostHog stores analytics data in the EU.

12. Changes to this policy

We'll tell you about any material changes — by email and on our website — at least 14 days before they take effect. For changes affecting how we use children's data, we'll ask for fresh consent first.

13. Get in touch

Questions? We actually read our inbox.

tunytot.app@gmail.com · www.tunytot.com