Privacy Policy

How we collect, use, and protect your information.

Privacy Policy

This page explains what we collect, why we collect it, and the choices you have. For a child‑safe summary, see Quick Summary below.

Quick Summary

  • We don’t sell personal data.
  • Children’s conversations are not used to train models by default.
  • Parents control chat history visibility and retention.
  • You can request access, correction, deletion, and export.

Quick Links

1. Information We Collect

We collect personal data relating to you ("Personal Data") as follows:

Personal Data You Provide

Account Information: When you create an account with us, we will collect information associated with your account, including your name, email address, password (stored securely as a hash), date of birth or age, and account creation timestamp.

User Content: We collect Personal Data that you provide in your interactions with our Services, including:

  • Chat messages and conversations with our AI assistant
  • Voice recordings when using voice features
  • Files, images, or other content you upload
  • Feedback and survey responses

Communication Information: If you communicate with us, such as via email or support channels, we may collect your name, contact information, and the contents of your messages.

Parental Control Information: For users who set up parental controls, we collect parental settings, passwords for verification, and monitoring preferences.

Guest User Information: For users who choose to use our services as guests, we collect basic information such as name and age, and generate temporary credentials for your session.

Personal Data We Receive from Your Use of the Services

Technical Information: When you visit, use, or interact with the Services, we receive the following information:

Log Data: Information that your browser or device automatically sends when you use our Services, including your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.

Usage Data: Information about your use of the Services, such as:

  • Types of content you view or engage with
  • Features you use and actions you take
  • Session duration and frequency
  • Time zone, country, and general location information
  • Conversation analytics and safety monitoring data

Device Information: Information about the device you use to access our Services, such as device name, operating system, device identifiers, and browser information.

Location Information: We may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to improve your experience. We do not collect precise location data unless explicitly permitted by you.

Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, maintain your preferences, and improve your experience. For details about our use of cookies, please see our Cookie Notice below.

Information We Receive from Other Sources

We may receive information from trusted security partners to protect against fraud, abuse, and other security threats to our Services.

2. How We Use Personal Data

We may use Personal Data for the following purposes:

Service Provision: To provide, operate, analyze, and maintain our Services, including:

  • Facilitating conversations with our AI assistant
  • Processing your requests and providing responses
  • Managing your account and authentication
  • Providing parental control and monitoring features

Service Improvement: To improve and develop our Services and conduct research, including:

  • Training and improving our AI models
  • Developing new features and capabilities
  • Analyzing usage patterns and user preferences
  • Conducting safety and content moderation

Communication: To communicate with you, including:

  • Sending service-related updates and notifications
  • Responding to your inquiries and support requests
  • Providing information about new features or changes

Safety and Security: To ensure the safety and security of our Services, including:

  • Detecting and preventing fraud, illegal activity, or misuse
  • Monitoring conversations for inappropriate content (especially for minors)
  • Protecting user safety and implementing parental controls
  • Maintaining system security and integrity

Legal Compliance: To comply with legal obligations and protect the rights, privacy, safety, or property of our users, Octo, or third parties.

Analytics and Research: We may aggregate or de-identify Personal Data so that it no longer identifies you and use this information for research, analytics, and service improvement purposes.

Content Usage and Model Training

  • We do not use children’s conversations or related content to train our models by default. Children’s content is processed only as needed to provide the Services (for example: safety filtering, speech‑to‑text transcription, generating voice responses, and producing reports for parents).
  • For adult users, we may use Content to improve our Services as described above. You can opt out of having your Content used for model training by contacting us at support@octo.toys.
  • Where we rely on third‑party AI providers, your content may be processed by those providers solely to deliver the requested feature. We configure providers to prevent training on your data where such controls are available and we contractually restrict provider use of your data.

3. How We Share Personal Data

We may disclose your Personal Data in the following circumstances:

Service Providers: We share Personal Data with vendors and service providers who assist us in operating our business, including:

  • Cloud hosting and data storage providers
  • Authentication and security services
  • Customer support platforms
  • Analytics and monitoring services
  • Payment processors (if applicable)

Service Providers We Use (categories and examples)

To deliver real‑time voice assistance and parental reports, we use service providers in the following categories. We share only what’s necessary to provide the feature, and providers may process data outside your country. We use appropriate transfer mechanisms and contractual protections.

  • Real‑time communications: e.g., LiveKit (carries audio/video streams). See LiveKit’s privacy materials at https://livekit.io.
  • Speech‑to‑Text (STT): e.g., Deepgram or OpenAI (transcribes voice to text). See Deepgram at https://deepgram.com and OpenAI policies at https://openai.com/policies.
  • Text‑to‑Speech (TTS): e.g., ElevenLabs (generates natural voice). See ElevenLabs privacy at https://elevenlabs.io.
  • Large Language Models (LLMs): e.g., OpenAI and Anthropic (generates and analyzes content, including educational framework summaries). See OpenAI at https://openai.com/policies and Anthropic at https://www.anthropic.com/policies.
  • Authentication/Storage: e.g., Supabase (account data, chat history storage where enabled). See Supabase privacy at https://supabase.com/privacy.
  • Memory/Context: e.g., Mem0 (conversation memory services, where used). See Mem0 at https://mem0.ai.

We do not authorize our providers to use children’s content to train their models. Where a provider offers a “no‑training” mode, we enable it.

Parental Access: For minor users, we may share conversation history and usage data with verified parents or guardians as part of our parental control features.

Business Transfers: If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your Personal Data may be transferred as part of that transaction.

Legal Requirements: We may share your Personal Data with government authorities or other third parties when required by law or to:

  • Comply with legal obligations or court orders
  • Protect and defend our rights or property
  • Detect or prevent fraud or other illegal activity
  • Protect the safety and security of our users or the public
  • Protect against legal liability

Affiliates: We may share Personal Data with our affiliates, who will use it consistently with this Privacy Policy.

With Your Consent: We may share information with your explicit consent or at your direction.

4. Data Retention

We retain your Personal Data for only as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Retention periods depend on several factors:

  • Account Data: Retained while your account is active and for a reasonable period thereafter
  • Chat History: Retained according to your settings and parental controls
  • Usage Data: Generally retained for up to 2 years for analytics and service improvement
  • Security Logs: Retained for up to 1 year for security and fraud prevention

We may retain certain information for longer periods when required by law or for legitimate business purposes such as safety monitoring.

5. Your Rights and Choices

Depending on where you live, you may have certain statutory rights regarding your Personal Data:

Access: You can request access to your Personal Data and information about how we process it.

Correction: You can request that we update or correct inaccurate Personal Data.

Deletion: You can request deletion of your Personal Data from our systems.

Portability: You can request to receive your Personal Data in a portable format or have it transferred to another service provider.

Restriction: You can request that we limit how we process your Personal Data.

Objection: You can object to our processing of your Personal Data.

Consent Withdrawal: Where we rely on consent, you can withdraw it at any time.

Complaint: You can lodge a complaint with your local data protection authority.

You can exercise many of these rights through your account settings. For other requests, please contact us at [privacy email].

Parental Controls and Your Choices

Parents/guardians can manage how data is collected, retained, and displayed through in‑app controls:

  • Content filtering: Turn on/off stricter content filtering for child‑appropriate interactions. Affects which messages may be generated or blocked.
  • Chat history retention: Choose whether conversations are retained. If disabled, new conversations are not stored for later review.
  • Chat history visibility: Control whether chat history is visible within the app’s views.
  • Password requirement: Require a parent password before applying settings changes.
  • Daily usage limit: Set a daily minutes limit; the app may use this to guide/limit session time.
  • Custom safety rules (guardrails): Create, edit, toggle, or delete your own safety rules that guide and constrain responses.
  • Conversation directives (prompt‑injection policies): Add/edit directives that further shape/monitor allowable content.
  • Memory configuration: Add/edit “memory” sources that influence what topics Octo can discuss; each source can be activated/deactivated.

Verified parents/guardians can request access, export, or deletion of a child’s data via support@octo.toys. We will verify parental status before fulfilling such requests.

Note About AI-Generated Content Accuracy

Our AI assistant generates responses by predicting likely next words based on your input. The AI may sometimes produce factually inaccurate information. If you notice inaccurate information about you in AI output and would like correction or removal, please contact us at [privacy email].

6. International Data Transfers

We process Personal Data on servers located in various jurisdictions, including the United States. We apply the protections described in this policy regardless of where data is processed, and only transfer data pursuant to legally valid transfer mechanisms.

7. Children's Privacy

Age and Consent

Our Services include features designed for children ages 4–9 and are intended for use under the supervision of a parent or legal guardian. We collect and process a child’s Personal Data only with verifiable parental consent and provide parents with tools to review, manage, and delete their child’s data.

If we learn that we have collected Personal Data from a child without verifiable parental consent, we will delete it. Parents/guardians can contact us at support@octo.toys to review, export, or delete their child’s data. We will verify parental status before fulfilling such requests.

Parental Controls

Parents/guardians can configure safety and privacy settings, including content filtering, chat history retention/visibility, password‑protected settings changes, daily usage limits, custom safety rules (guardrails), conversation directives, and memory configuration.

8. Security

We implement reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or electronic transmission is ever fully secure. Please take care when sharing information through our Services.

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Analyze usage patterns and improve our Services
  • Provide security features and fraud prevention

You can control cookie settings through your browser, though disabling certain cookies may limit functionality.

10. Additional Disclosures for Specific Jurisdictions

California Residents

California residents have specific rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what Personal Data we collect and how we use it
  • Right to delete Personal Data
  • Right to opt-out of the sale of Personal Data (we do not sell Personal Data)
  • Right to non-discrimination for exercising privacy rights

European Economic Area, United Kingdom, and Switzerland

Residents of the EEA, UK, and Switzerland have rights under the General Data Protection Regulation (GDPR) and similar laws, including all rights listed in Section 5 above.

Legal Basis for Processing: We process your Personal Data based on:

  • Performance of contract (providing Services to you)
  • Legitimate interests (service improvement, safety, security)
  • Legal compliance
  • Your consent (where specifically obtained)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you through other means such as email.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: support@octo.toys
Address: 1 Milfleet Court, King's Lynn

For data protection inquiries specifically, you can reach our Data Protection Officer at: support@octo.toys

Cookie Notice

What Are Cookies?

Cookies are small text files that are placed on your device when you visit our website or use our Services. They help us provide you with a better experience by remembering your preferences and enabling certain functionality.

Types of Cookies We Use

Essential Cookies: Required for the Services to function properly, including authentication and security features.

Functional Cookies: Help us remember your preferences and provide enhanced features.

Analytics Cookies: Help us understand how you use our Services so we can improve them.

Security Cookies: Help us detect fraud and protect your account security.

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may impact the functionality of our Services.

Cookie Retention

Cookies are retained for varying periods depending on their purpose:

  • Session cookies are deleted when you close your browser
  • Persistent cookies remain for up to 1 year or until you delete them
  • Authentication cookies expire based on your login session

For more information about specific cookies we use, please contact us at [privacy email].

This Privacy Policy was last updated on 2025-08-09. We encourage you to review this policy periodically for any changes.