← Back to home

Privacy Policy

Last updated: February 2026

Popping Time (“we”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

Popping Time Pte. Ltd. is the data controller for personal data collected through the Service. Contact: hello@poppingtime.com.

2. Data We Collect

Account Data: Email address, display name (optional).

Content Data: Audio recordings, transcripts, story text, and generated illustrations — all created by you.

Payment Data: Processed securely by Stripe. We store only your Stripe customer ID and subscription status, never card details.

Usage Data: Recording duration, feature usage metrics, and session data for service improvement.

3. Legal Basis for Processing

We process your data based on:

  • Contract performance: To provide the Service you signed up for.
  • Legitimate interest: To improve the Service and prevent fraud.
  • Consent: For marketing emails (you can opt out at any time).

4. How We Use Your Data

  • To provide and maintain the Service
  • To process audio recordings through AI transcription (OpenAI Whisper)
  • To generate text rewrites (Anthropic Claude) and illustrations (Google Gemini)
  • To process payments through Stripe
  • To send transactional emails (chapter notifications, book completion)
  • To improve service quality and fix issues

5. Third-Party Processors

We use the following third-party services to process your data:

  • Supabase (database, authentication, file storage) — EU/US
  • OpenAI (audio transcription) — US
  • Anthropic (text processing) — US
  • Google (illustration generation) — US
  • Stripe (payment processing) — US/EU
  • Resend (transactional email) — US

All processors are bound by data processing agreements and maintain appropriate security measures.

6. Data Retention

We retain your account data and content for as long as your account is active. Audio recordings are retained until deleted by you. Upon account deletion, all data is permanently removed within 30 days. Payment records are retained as required by applicable tax and accounting laws.

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Erase your personal data (“right to be forgotten”)
  • Restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@poppingtime.com. We will respond within 30 days.

8. Children's Privacy

The Service is intended for parents and guardians. We do not knowingly collect personal data from children under 13. Audio recordings may contain children's voices recorded by their parent/guardian. Parents are responsible for the content they record and share.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Audio files and PDFs are stored in private, access-controlled storage buckets.

10. Cookies

We use essential cookies for authentication and session management only. We do not use tracking or advertising cookies.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email before they take effect.

12. Contact & Complaints

For privacy inquiries or to file a complaint: hello@poppingtime.com. You also have the right to lodge a complaint with your local data protection authority.