Section 1
Overview
Sproutsi is a personalised therapeutic children's storybook service operated by Seven Pines Collective, LLC ("Sproutsi," "we," "us," or "our"). We create custom illustrated eBooks for children that are clinically grounded in therapeutic principles and tailored to each child's unique emotional and developmental needs.
To create a personalised story, we collect information provided by parents and guardians about their children. This information includes the child's name, age, photograph, and details about challenges the child is experiencing. Because this information relates to children, we treat it with the highest standard of care and legal protection.
This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what rights you have as a parent or guardian. Please read it carefully before using our service.
Section 2
1. Children's Privacy: Our Core Commitment
Sproutsi's service is directed at parents and guardians, not at children directly. We do not knowingly permit children under 13 to create accounts or interact with our platform independently. All data about children is provided by, and with the consent of, a parent or guardian.
1.1 COPPA Compliance (Children Under 13). The Children's Online Privacy Protection Act (COPPA) imposes specific requirements on operators of websites and online services directed to children under 13, or that knowingly collect personal information from children under 13.
Sproutsi operates as a service directed to parents and guardians. The parent or guardian creates the account and provides all child information. However, because we knowingly receive personal information about children under 13 as part of our service, we comply with COPPA requirements including the practices listed below.
1.2 Verifiable Parental Consent. Before we collect any information about a child, we require the parent or guardian to complete the consent steps below. This confirmation constitutes verifiable parental consent as required under COPPA. We do not accept information about any child without this prior consent step being completed.
- Create an account and confirm they are at least 18 years of age.
- Read and actively accept this Privacy Policy.
- Confirm that they are the parent or legal guardian of the child whose information they are providing.
- Confirm that they have the authority to consent on behalf of the child.
- Collecting only the minimum information necessary to provide the personalized story service.
- Not sharing children's personal information with third parties for marketing or advertising purposes.
- Not conditioning participation in the service on a child providing more personal information than is reasonably necessary.
- Maintaining reasonable security procedures to protect the confidentiality of children's personal information.
- Providing parents with the ability to review, correct, and delete their child's information.
Section 3
2. Information We Collect
We collect two categories of information: information about the parent or guardian (the account holder) and information about the child (the story subject).
Section 4
2.1 Parent / Guardian Account Information
| Data Element | Why We Collect It | Required? |
|---|
| Name | Account identity and personalisation of communications. | Yes |
| Email address | Account identity and personalisation of communications. | Yes |
| Payment information | Processing the one-time book purchase. Handled by third-party payment processor; we do not store card details. | Yes |
| IP address / device data | Account login, order confirmation, book delivery notification, security, fraud prevention, and service analytics. | Automatic |
Section 5
2.2 Child Information (Story Subject)
This is the most sensitive category of data we process. All child information is provided by the parent or guardian. We collect only what is necessary to create the personalised story.
| Data Element | How We Use It | Retention |
|---|
| Child's first name | Personalising the story text and dedication page. | Retained with the order record. |
| Age / age range | Calibrating story complexity, vocabulary, and therapeutic arc to developmental stage. | Retained with the order record. |
| Gender / pronouns | Ensuring correct pronouns and hero gender in the story. | Retained with the order record. |
| Photograph (most sensitive) | Processed by AI vision model to extract appearance attributes like hair colour, hair texture, skin tone, and eye colour to describe the illustrated hero. The photograph is not directly embedded in the book. Extracted attributes are passed to our illustration engine. | Photo processed at generation time. Extracted attributes retained with the order record. Original photo: see Section 5. |
| Challenge situation (sensitive) | Used to generate a therapeutically appropriate story premise. | Retained with the order record. |
| Challenge response (sensitive) | Used by the clinical prompt to infer emotional cycle and select therapeutic interventions embedded in the story. | Retained with the order record. |
| Story preferences | Used to personalise the narrative world, including genre, desired feeling, story goal, and supporting characters. | Retained with the order record. |
| Supporting character photos | Processed the same way as child photographs. Extracted attributes are used to describe supporting character illustrations. | Same as child photograph. |
"Challenge situation" and "challenge response" data describes a child's emotional and behavioural difficulties. The source document states this is treated as sensitive health-adjacent information and used exclusively to generate the personalised story, never for advertising or profiling.
Section 6
3. How We Use the Information We Collect
We use the information we collect for one primary purpose: creating your child's personalised therapeutic storybook.
3.1 Story Generation. Child information is processed through a four-stage AI pipeline.
No stage of this pipeline involves human review of individual child data in the ordinary course of service delivery. Automated processing is used to produce your child's book.
3.2 Service Delivery. We send you a notification when your book is ready, deliver the completed eBook to you, and store your order history to allow reordering.
3.3 Service Improvement. We analyze aggregated, de-identified usage patterns to improve our story generation pipeline and identify categories of challenges and stories that work well or need improvement.
We do not use individual child data to train AI models without separate, explicit parental consent. Aggregate and de-identified data that cannot be linked to any individual may be used for model improvement.
3.4 Legal and Safety. We may use information for legal compliance, lawful requests, and protecting the safety of children, our users, and our platform.
- Stage 0 (Photo Analysis): The child's photograph is analysed by an AI vision model to extract appearance descriptors used in illustration prompts.
- Stage 1 (Clinical Assessment): Age, challenge situation, challenge response, and outcome goal are processed by an AI model acting in the role of a child therapist to generate a clinical brief.
- Stage 2 (Story Generation): The clinical brief drives creation of a therapeutically calibrated story prose.
- Stage 3 (Illustration): Appearance descriptors and story content drive generation of custom illustrations.
- We do not sell child data to any third party.
- We do not use child data for advertising or behavioural profiling.
- We do not share challenge or response data with schools, insurers, employers, or government agencies except as required by law.
- We do not use child photographs for any purpose other than generating the illustrations for your book.
- We do not use child data to train commercial AI models without explicit consent.
Section 7
4. Who We Share Information With
We share child information only as strictly necessary to deliver our service. We do not sell personal information.
4.1 Data Processing Agreements. All third-party service providers who process child data on our behalf are required to enter into a Data Processing Agreement (DPA) that prohibits them from using child data beyond Sproutsi services, requires appropriate security measures, prohibits selling or further sharing the data, and requires deletion upon termination of the service relationship.
4.2 AI Provider: Special Notice. The source policy notes that when child information is submitted to Anthropic's API for story generation, that data is transmitted to Anthropic's servers for processing and that Anthropic's then-current API terms state API inputs and outputs are not used to train models by default.
| Recipient | Purpose | Child Data Shared |
|---|
| AI API Provider (Anthropic or similar) | Processing the four-stage story generation pipeline. | Name, age, gender, appearance descriptors, challenge data, story preferences. |
| Image generation API provider (OpenAI or similar) | Generating the custom illustrations for each page spread. | Appearance descriptors and illustration prompts only. |
| Payment processor (Stripe or similar) | Processing the purchase transaction. | None. Payment processor does not receive child data. |
| Cloud hosting provider (Microsoft Azure or similar) | Storing order data and completed eBooks. | All order data, stored encrypted. |
| Law enforcement / courts | Compliance with valid legal process. | As required by law. |
The source document recommends parents review Anthropic's current privacy information at https://www.anthropic.com/privacy for the most up-to-date details.
Section 8
5. Children's Photographs: Special Handling
Photographs of children are among the most sensitive data we process. We apply the safeguards below.
5.1 Purpose Limitation. Photographs are used exclusively to extract appearance attributes such as hair colour, texture, skin tone, and eye colour for use in illustration prompts.
5.2 Retention of Photographs. Original uploaded photographs are processed at story generation time. After appearance attributes have been successfully extracted, the source document states that the original photograph is either deleted within 30 days or retained for a shorter verification period pending final counsel confirmation.
The source policy also states that extracted appearance attribute text is retained as part of the order record and that no facial geometry, biometric identifiers, or machine-learning embeddings derived from the photograph are retained.
The document additionally notes that some states, notably Illinois, Texas, and Washington, have biometric privacy laws that may apply to facial photographs. It states that Sproutsi does not collect or retain biometric identifiers or biometric information templates.
- The photograph is never embedded in the finished eBook.
- The photograph is never displayed publicly or shared with any third party beyond the AI processing pipeline.
- The photograph is never used for facial recognition, identity verification, or biometric profiling.
- The photograph is never used in marketing, advertising, or promotional material.
Section 9
6. Data Security
We implement security measures appropriate to the sensitivity of the data we process, with particular attention to the protection of children's information.
6.1 Technical Safeguards and 6.2 Organisational Safeguards are summarized below. 6.3 Breach Notification states that in the event of a data breach affecting children's personal information, we will notify affected parents or guardians as required by applicable law, including the FTC under COPPA and applicable state breach notification laws, using the email associated with the account.
- All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256 or equivalent.
- Access to child data is restricted to personnel and systems that require it to deliver the service.
- API calls to third-party AI providers are transmitted over encrypted connections.
- Completed eBooks are stored in access-controlled cloud storage.
- Access to production systems containing child data is limited to authorised personnel.
- We conduct periodic reviews of our security practices.
- Third-party service providers are assessed for their security practices before onboarding.
Section 10
7. Data Retention
The source document provides the following retention framework and states that upon account deletion, Sproutsi will delete or anonymise all child personal information within [30 days], except where retention is required by law such as financial records.
| Data Type | Retention Period | Basis |
|---|
| Parent account information | Duration of account + [2] years after account closure | Contractual obligation, legal compliance. |
| Child name, age, gender, preferences | Duration of account + [2] years | Service delivery and reorder capability. |
| Child photograph (original) | [30 days] after generation completion | Minimum necessary and deleted after use. |
| Extracted appearance attributes | Duration of account + [2] years | Linked to order record for reorder. |
| Challenge and response data | Duration of account + [2] years | Linked to order record. |
| Completed eBook file | Duration of account + [2] years (accessible for re-download) | Service delivery. |
| Payment records | [7] years | Tax, accounting, and legal compliance. |
Section 11
8. Your Rights as a Parent or Guardian
As the parent or guardian who provided your child's information, you have the following rights. These rights are in addition to any rights you may have under state law.
8.1 Right to Access. You may request a copy of all personal information we hold about you and your child. We will respond within [30 days] of a verified request.
8.2 Right to Correct. You may request that we correct inaccurate information about you or your child. You can update most information directly in your account settings.
8.3 Right to Delete (COPPA). You may request deletion of your child's personal information at any time. We will delete the information within [30 days] of a verified request, subject to retention required by law. Deletion of child information will make it impossible to reorder or modify an existing book.
8.4 Right to Refuse or Withdraw Consent. You may refuse to provide information, but certain information is required to generate a personalised story. You may withdraw consent at any time by deleting your account, which will trigger deletion of your child's data as described in Section 7.
8.5 How to Exercise These Rights. The source document directs requests to [privacy@sproutsi.com] or to Seven Pines Collective, LLC at [ADDRESS], and notes that identity verification may require confirmation of the account email and additional fraud-prevention steps.
Section 12
9. State-Specific Privacy Rights
9.1 California Residents (CCPA/CPRA). California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
9.2 Other States. Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights. The source document states Sproutsi honours rights requests from residents of all states to the extent required by applicable law.
- Right to know what personal information is collected, used, disclosed, or sold.
- Right to delete personal information.
- Right to opt out of the sale or sharing of personal information. The policy states Sproutsi does not sell personal information.
- Right to non-discrimination for exercising privacy rights.
- Right to limit the use of sensitive personal information.
Section 13
10. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website and service. We do not use third-party advertising cookies or tracking pixels.
| Cookie Type | Purpose | Duration | Required? |
|---|
| Session cookies | Operate the website during the active session. | Session | Yes |
| Authentication cookies | Maintaining your login session and keeping you logged in between visits. | [30 days] | Yes |
| Analytics cookies | Understanding how users navigate the intake flow to improve the experience. No child data is included in analytics. | [13 months] | Optional |
Section 14
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, particularly changes that affect how we handle children's data, we will notify you by email at least [30 days] before the changes take effect, post a prominent notice on our website, and for changes that affect children's data in a material way, obtain fresh parental consent before the changes apply to any existing child profiles.
Your continued use of Sproutsi after the effective date of any changes constitutes acceptance of the updated policy.
Section 15
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your child's data, please contact us using the details below.
| Contact | Details |
|---|
| Privacy team | Sproutsi Privacy Team |
| Company | Seven Seven Pines Collective, LLC |
| Email | support@sevenpinescollective.com |
For COPPA-specific inquiries or to exercise parental rights, the source document asks users to include "COPPA Request" in the email subject line. It also notes that urgent child safety concerns should be raised by phone.