Privacy Notice
Last updated: 7/1/2026
Who we are
The Glimmering Wings service ("Service") is provided by Northstart Systems LLC, the data controller of personal data described below. Contact us at support@kidsfairyglow.com.
What we collect
- Account data — email address, password hash (for email sign-in), or provider identifiers (Google / Apple).
- Keepsake inputs — child's first name, age, tooth number, gender (optional), favorite color/hobby (optional), and other details you submit to personalize the letter, story, certificate, and video.
- Generated content — the resulting letters, certificates, stories, narration audio, and short videos.
- Optional child photo — only if you choose to upload one to personalize visuals. Stored in a private bucket and never shared publicly.
- Usage & device data — IP address, browser, log timestamps, error reports.
- Payment data — handled by Paddle (our Merchant of Record). We do not see or store card numbers.
How we use your data & legal bases
- Provide the Service (create the account, generate keepsakes, deliver videos) — contract performance.
- Authentication and security — legitimate interest.
- Process payments and grant credits — contract performance.
- Support requests — legitimate interest.
- Service quality and abuse prevention — legitimate interest.
- Legal compliance — legal obligation.
Who we share data with
- Paddle — Merchant of Record for sale, payment, tax compliance, and invoicing.
- Hosting & database provider — Lovable Cloud (Supabase) for app data, authentication, and storage.
- AI providers — Replicate (video) and our text/image AI gateway, processing inputs to generate keepsakes. Prompts and inputs may be processed in the United States.
- Professional advisers — legal, tax, and accounting where needed.
- Authorities — where required by law.
We do not sell personal data and do not show third-party advertising.
Children's data
The Service is intended for parents and guardians. Keepsake inputs describing a child are provided by an adult on the child's behalf. We don't create accounts for children, target advertising to them, or sell their data. On request from a parent or guardian we will delete a child's data within 30 days.
Retention
We keep account data for as long as your account is active. Keepsakes and generated videos remain available to you while your account exists. When you delete your account, we delete or anonymize associated data within 30 days, except where law requires longer retention (e.g. tax records held by Paddle).
International transfers
Our providers may process data in the United States and other countries. Where required, transfers are protected by appropriate safeguards (e.g. Standard Contractual Clauses).
Your rights
Subject to applicable law, you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing or withdraw consent. EU/UK residents may complain to a supervisory authority. To exercise rights, email support@kidsfairyglow.com. We respond within 30 days.
Security
We apply appropriate technical and organizational measures, including encryption in transit, access controls, row-level security on user data, and least-privilege server credentials.
Cookies
We use only essential cookies and local storage required to keep you signed in and to operate the Service. We do not use third-party advertising or analytics cookies.
Changes
We may update this Notice and will post the revised version with a new effective date.
Contact
Northstart Systems LLC · support@kidsfairyglow.com