Santa AIPrivacy Policy
Effective Date: April 2, 2026
Santa AI ("the App") is operated by rafcolm_ Software, operated by Rafael J. Colón, based in Caguas, Puerto Rico, USA ("we," "us," or "our").
This Privacy Policy explains how we collect, use, and protect information when you and your child use the Santa AI mobile application. Because our App is designed for use by children, we take privacy especially seriously and comply with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.
1. Information We Collect
We collect only the minimum data necessary to provide the service. Below is a complete description of the information we collect and how it is handled.
1.1 Information Provided by Parents/Guardians
When you create an account and set up a child profile, we collect:
- Parent email address — used for authentication and violation notifications
- Child's first name — used to personalize Santa's conversations
- Child's age and birthday — used for age-appropriate responses
- Wish list items — used to personalize conversations
- Interests — used to personalize conversations
- Good deeds — used to personalize conversations
- Language preference — English or Spanish
1.2 Information Generated Through Use
- Conversation text — messages between your child and Santa (text only; no audio is stored)
- Usage time — daily minutes spent chatting, used to enforce time limits
- Subscription status — whether the account is Free or Premium
- Content moderation records — flagged messages and violation categories, stored for parental review
- Theme preferences — light/dark mode selection
- Coarse location — city-level device location used by the Santa Tracker feature to estimate Santa's arrival time. This data stays entirely on the device and is never transmitted to our servers or any third party.
1.3 Information We Do NOT Collect or Store
- Audio recordings — your child's voice is recorded temporarily on the device, sent to our servers for transcription, and immediately discarded after transcription. We do not store any audio files. Santa's generated voice responses are streamed to the device and are also not stored on our servers.
- Photos or videos — the App does not access the camera
- Contacts — the App does not access the address book
- Device advertising identifiers — we do not collect or share advertising IDs for tracking purposes
- Browsing or search history — the App does not track browsing or search activity
2. How We Use Information
We use the information we collect to:
- Provide the service — generate personalized Santa conversations using AI
- Enforce safety — moderate all messages for inappropriate content using keyword filters and AI-based moderation
- Manage accounts — authenticate users, manage subscriptions, enforce daily time limits
- Notify parents — send email alerts when content moderation violations occur
- Improve the service — diagnose errors and improve reliability (via crash reporting)
We do not use children's personal information for marketing, advertising profiling, or any purpose unrelated to the App's core functionality.
3. Detailed Data Handling by Type
The following table provides a detailed breakdown of every data type collected, how it is handled, whether it is stored, and who it is shared with:
| Data Type | What We Collect | Purpose | Stored Where | Shared With |
|---|---|---|---|---|
| Email Address | Parent's email from account signup | Account authentication and violation notification emails | Firebase/Firestore | Firebase Auth, Sentry (error tracking), Zoho (notification emails) |
| Child Profile | First name, age, birthday, interests, wish list, good deeds | Personalize Santa's conversations to be age-appropriate and relevant | Firestore | Never shared with any third party |
| Conversation Text | Text messages between your child and Santa | Provide the conversation service and moderate content for safety | Firestore | OpenAI (for AI response generation and content moderation) |
| Audio (Voice Input) | Child's voice recording during conversations | Transcribed to text using speech-to-text, then immediately and permanently deleted | Never stored — discarded after real-time transcription | OpenAI Whisper (real-time transcription only; audio is not retained by OpenAI per their data usage policy) |
| Coarse Location | City-level device position (low accuracy) | Calculate estimated Santa arrival time in the Santa Tracker feature | Device memory only — never leaves the device | Never transmitted to any server or third party |
| Usage Time | Daily chat minutes consumed | Enforce daily time limits (3 min free / 30 min premium) | Firestore | Never shared with any third party |
| Purchases | Subscription status, product ID, purchase dates | Manage premium access and subscription lifecycle | Firestore | RevenueCat (subscription management), Apple App Store / Google Play Store |
| Advertising Data | Standard non-personalized ad request data | Display contextual ads to Free tier users | Not stored by us — managed by AdMob | Google AdMob (non-personalized, child-directed, COPPA-tagged, max content rating G) |
| User ID | Firebase-assigned unique identifier | Link account data and authenticate API requests | Firestore | Firebase, RevenueCat, Sentry |
| Crash & Diagnostics | Error logs, stack traces, performance data | Identify and fix bugs, improve app reliability | Sentry | Sentry (Functional Software, Inc.) |
| Moderation Records | Flagged text, violation category, timestamp | Enable parental review of safety incidents | Firestore | Sentry (as error context for debugging) |
4. No Sale of Data
We do not sell, rent, lease, or trade any personal information — including children's data — to any third party, for any purpose, ever.
- We do not share data with data brokers.
- We do not use children's data for advertising profiling or behavioral targeting.
- We do not build marketing profiles based on any user's activity.
- Data shared with the third-party services listed in Section 5 is strictly limited to what is necessary to operate the App and provide its core functionality. No third-party service receives more data than required for its specific function.
5. Third-Party Services
We use the following third-party services to operate the App. Each receives only the data necessary for its function:
| Service | Provider | Data Shared | Purpose |
|---|---|---|---|
| Firebase Authentication | Parent email, auth credentials | Account creation and sign-in | |
| Cloud Firestore | User profile and conversation data | Database storage | |
| Cloud Functions | Request data | Backend API processing | |
| OpenAI API | OpenAI | Conversation text, audio (for real-time transcription only) | AI conversation generation, speech-to-text (Whisper), text-to-speech, content moderation |
| RevenueCat | RevenueCat | Subscription/purchase data, user ID | Subscription management |
| Google AdMob | Standard non-personalized ad request data | Display non-personalized, child-directed ads (Free tier only). Ads are COPPA-tagged with a maximum content rating of G (General Audiences). No behavioral profiling is performed. | |
| Sentry | Functional Software | Error data, user ID | Crash reporting and error tracking |
| Zoho Mail | Zoho | Parent email address | Send violation notification emails |
Alternative text-to-speech providers (only one is active at a time): Fish Audio, Cartesia, or ElevenLabs may receive conversation text for voice generation. No user profile data or audio recordings are shared with these providers.
Each third-party service is governed by its own privacy policy. We encourage you to review them:
- Google/Firebase: https://firebase.google.com/support/privacy
- OpenAI: https://openai.com/privacy
- RevenueCat: https://www.revenuecat.com/privacy
- Sentry: https://sentry.io/privacy
- Zoho: https://www.zoho.com/privacy.html
6. Children's Privacy (COPPA Compliance)
Santa AI is directed at children and is designed to be set up and supervised by a parent or legal guardian. We comply with the Children's Online Privacy Protection Act (COPPA).
We collect only the minimum data necessary to provide the service. Child profile data (name, age, birthday, interests, wish list, and good deeds) is used exclusively for personalizing Santa's conversations and is never shared with advertisers, data brokers, or any third party.
6.1 Parental Consent
- A parent or legal guardian must create the account and complete the onboarding process before a child can use the App.
- During onboarding, the parent provides explicit consent for the collection of their child's information (name, age, birthday, interests, wish list, and conversation data).
- Parental consent is recorded with a timestamp.
6.2 Parental Controls
Parents have the following controls, protected behind biometric authentication (Face ID / Touch ID) or device passcode:
- View conversation history — review all messages between the child and Santa
- Review moderation violations — see flagged content, categories, and timestamps
- Acknowledge violations — chat remains paused until the parent reviews and acknowledges flagged content
- Update child profile — modify name, age, interests, and other personalization data
- Manage account settings — change language, theme, and other preferences
6.3 No Behavioral Advertising to Children
We do not serve behaviorally targeted advertising to children. Ads displayed in the Free tier are contextual only (Google AdMob), are non-personalized, are tagged for child-directed treatment (COPPA), carry a maximum content rating of G (General Audiences), and are not based on the child's personal information or activity.
6.4 Parental Rights
As a parent or legal guardian, you have the right to:
- Review your child's personal information by accessing the Profile section (protected by biometric lock)
- Request deletion of your child's data by contacting us at support@thesanta.ai
- Revoke consent at any time by contacting us, which will result in account deactivation and data deletion
To exercise these rights, contact us at support@thesanta.ai. We will verify your identity before processing any request.
7. Content Moderation
All conversations are monitored by a three-layer moderation system:
- Keyword filtering — blocks known inappropriate terms in English and Spanish
- AI input moderation — analyzes the child's messages using OpenAI's Moderation API before processing
- AI output moderation — analyzes Santa's responses before delivery; flagged responses are automatically replaced with a safe fallback message
When a child's message is flagged:
- The chat is temporarily paused (default: 2-hour cooldown)
- The parent receives an email notification with details of the violation
- The parent must review and acknowledge the violation in the App before chat resumes
Moderation records (flagged text, category, timestamp, and source) are stored for parental review. These records are accessible only to the parent through biometric-protected parental controls.
8. Data Retention
- Conversations and messages are retained as text only, indefinitely, unless the parent requests deletion.
- Moderation violation records are retained indefinitely for parental review and safety purposes.
- Audio recordings are never retained — user audio is transcribed in real-time and immediately discarded. Generated Santa voice responses are streamed to the device and not stored on our servers.
- Account data is retained as long as the account is active.
- Location data is never retained — coarse location is used in device memory only and is not stored or transmitted.
To request deletion of your data, contact us at support@thesanta.ai.
9. Data Security
We implement the following security measures:
- All data transmitted between the App and our servers is encrypted via HTTPS/TLS
- User authentication is managed by Firebase Authentication (Google)
- Parental settings are protected by biometric authentication (Face ID / Touch ID) or device passcode
- Backend access is restricted to authenticated API calls with Firebase ID token verification
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. Your Rights
Depending on your jurisdiction, you may have additional rights regarding your personal data:
- Access — request a copy of the data we hold about you and your child
- Correction — request correction of inaccurate data
- Deletion — request deletion of your data
- Portability — request your data in a portable format
To exercise any of these rights, contact us at support@thesanta.ai.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on our website at https://thesanta.ai/privacy and within the App. The "Effective Date" at the top will be updated accordingly. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
rafcolm_ Software Operated by Rafael J. Colón Caguas, Puerto Rico, USA
Email: support@thesanta.ai Website: https://thesanta.ai