Privacy Policy

Last updated: May 4, 2026

COPPA Compliance (Children's Online Privacy Protection Act)

Piepie is fully compliant with the Children's Online Privacy Protection Act (COPPA), administered by the U.S. Federal Trade Commission (FTC). We are specifically designed for children under 13 and take special precautions to protect their privacy.

We do not collect personal information from children without verifiable parental consent. Parents create accounts and set up child profiles, providing explicit consent. We do not collect children's email addresses, full names, or persistent identifiers beyond what is necessary for service delivery.

Children's data is used solely to provide the Piepie service, including age-appropriate AI chat, safety filtering, parental controls, safety notifications, and support. We never sell children's data or use children's data for advertising. Parents may delete their account in the app or request deletion by contacting privacy@piepie.ai.

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process data under the legal bases of: (1) contract performance for subscription services; (2) legitimate interests for safety monitoring; (3) parental consent for children's data processing.

EEA residents have the right to access, rectify, erase, restrict, and port their data. To exercise these rights, contact dpo@piepie.ai.

FERPA Compliance

For educational use, Piepie supports FERPA-ready school data handling, with workflows designed to help schools and educators handle student data carefully and responsibly.

Data We Collect

Parents: Email address, name, profile picture or sign-in identifier from Google Sign-In or Sign in with Apple, subscription status, purchase identifiers, support messages, and account settings.

Children: First name only, age or birth date for content calibration, optional gender for pronoun use, parent-selected safety settings, conversation messages, AI responses, safety event logs, usage counts, and invite-code state.

We do not collect children's email addresses, precise location, contacts, advertising identifiers, or biometric identifiers. Microphone access in the mobile app is used for dictation; chat text is sent to Piepie after transcription.

Third-Party AI Service

When a user chooses to chat, request an image, or use related safety features, Piepie sends the message, recent conversation history, image prompt, child's first name and age, parent-selected safety settings, memories or safety context, and related usage metadata to the Piepie API. Piepie then shares the information needed to generate or check the response with OpenAI, our third-party AI service provider.

OpenAI is used only to provide age-appropriate AI replies, safety checks, conversation titles, memory extraction, text-to-speech, and image generation. Piepie does not sell children's data, use children's data for advertising, or allow third-party AI providers to use it for unrelated marketing purposes. Piepie requires service providers to protect data with the same or equal privacy and security protections.

Data Retention

Conversation history is retained for 90 days by default unless a parent deletes the account earlier. Safety notifications may be retained for up to 1 year for audit and child-safety purposes. Parent account data is retained while the account is active. Store transaction records may be retained as required for accounting, fraud prevention, tax, and legal compliance.

Security

All data is encrypted in transit and at rest. We use strong technical and organizational safeguards, regular security reviews, and controls that support data sovereignty requirements.

Contact Us

Privacy questions or data requests? Email privacy@piepie.ai. Support requests can be sent from the support page or to support@piepie.ai.