This Privacy Policy explains how the Fiabalo service, operated by WEB DEV s. r. o. (“we”, “us”, or “our”), collects, uses, discloses, and protects personal information when you use the Service.
Fiabalo is a digital storytelling service designed for parents and legal guardians who provide access to children’s audio and reading content.
1. Controller / Operator
WEB DEV s. r. o.
Zuzany Chalupovej 8A
851 07 Bratislava
Slovak Republic
Company ID: 50468201
VAT ID: SK2120352267
Contact email: [email protected]
For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), we act as the data controller.
2. Who the Service Is For
Fiabalo is a “General Audience” service intended strictly for parents, legal guardians, and adults over the age of 18.
- The user account is always owned, managed, and paid for by a parent or legal guardian.
- Content is designed for children, but the Service interface and account management are designed for adults.
- Children are not permitted to create accounts or interact with the Service independently.
For clarity, any child-related information is provided exclusively by the parent or legal guardian and is treated as part of the parent’s account data.
3. Information We Collect
3.1 Information You Provide to Us
- Account Data: Name or nickname, email address, and encrypted password.
- Child Profile Data (Optional): To personalize the experience, you may voluntarily provide your child's first name (no surnames), approximate age or age range, and gender. This information is linked to your parent account.
- Transaction Data: Purchase history and subscription tier.
- Communications: Any messages or support inquiries you send to us.
3.2 Information Collected Automatically
- IP address and general location derived from IP
- Device type, operating system, and browser
- Usage data (pages viewed, content played, features used)
- Cookies and similar tracking technologies
3.3 Information We Do Not Collect
- Children’s surnames
- Photographs or biometric data of children
- Children’s precise geolocation
- Full payment card numbers (processed securely by Stripe)
4. How We Use Personal Information
- Create and manage user accounts
- Provide and maintain the Service
- Personalize content based on child profile data (if provided)
- Process subscriptions and payments
- Communicate with users
- Respond to support inquiries
- Improve and optimize the Service via analytics
- Ensure security and prevent misuse
- Protect the Service from spam, abuse, automated traffic, and fraudulent activity
- Comply with legal obligations
5. Legal Bases for Processing (GDPR)
- Performance of a contract (providing the Service)
- Consent (optional child profile data)
- Legal obligations (tax and accounting)
- Legitimate interests (security and service improvement)
6. Cookies and Tracking Technologies
- Essential cookies
- Analytics cookies
- Preference cookies
You can manage cookie preferences via our Cookie Consent Tool or your browser settings.
We may also use security technologies, including Cloudflare Turnstile, to distinguish legitimate use of the Service from automated or abusive activity. These technologies may run in the background where necessary to protect the Service.
7. Analytics
We use PostHog Cloud EU analytics to understand how parents use the Service and to improve functionality, usability, and the overall experience.
PostHog processes analytics data on our behalf. We use the EU-hosted version of PostHog Cloud, where analytics data is processed on servers located in the European Union.
We do not use analytics data for targeted advertising or profiling of individual users or children.
8. Payments and Subscriptions
Payments are processed through Stripe, Inc.. We do not store full payment card details.
9. Service Providers and Technical Systems
- Hosting and cloud infrastructure providers
- Content delivery, security, and bot protection provider: Cloudflare, Inc.
- Product analytics provider: PostHog Cloud EU
- Payment processors
- Email and communication services
- Customer support systems operated by us
We use Cloudflare Turnstile to help protect Fiabalo from spam, abuse, fraudulent activity, and automated traffic. Turnstile may operate in invisible mode, which means that a security check can run in the background without displaying a visible CAPTCHA or requiring the user to solve a puzzle.
When Cloudflare Turnstile is used, Cloudflare may process certain technical information, such as information about the browser, device, IP address, and interaction with the Service, for security and fraud-prevention purposes. This processing is described in Cloudflare’s Privacy Policy and the Cloudflare Turnstile Privacy Addendum .
10. Data Retention
- Account & Child Profile Data: retained while the account is active
- Deleted accounts: removed within 30 days
- Billing records: retained as required by law
11. Data Security
- Encrypted connections (HTTPS)
- Secure password hashing
- Restricted access to data
- Regular security updates
12. Children’s Privacy (COPPA & GDPR-K)
Fiabalo is intended for parents and legal guardians. We do not knowingly collect personal data directly from children.
Any child-related data is provided solely by parents and is used only for internal personalization purposes.
13. Your Rights and Data Deletion Requests
Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data.
All requests to delete an account or personal data must be submitted by email.
Requests must be sent from the email address associated with your Fiabalo account to: [email protected].
We may request additional information to verify your identity before processing your request.
14. California Privacy Rights (CCPA / CPRA)
We do not sell personal information.
California residents may request information about the data we collect or request deletion by contacting us.
You may opt out of analytics data sharing via cookie settings or by enabling Global Privacy Control (GPC) in your browser.
15. International Data Transfers
Personal data may be processed in the European Union and the United States. For product analytics, we use PostHog Cloud EU, where analytics data is processed on servers located in the European Union.
Transfers outside the EU are protected using appropriate safeguards such as Standard Contractual Clauses or the EU–US Data Privacy Framework. All international data transfers are conducted in accordance with applicable data protection laws.
16. Changes to This Privacy Policy
Updates will be posted on this page with a revised date.
17. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Address: WEB DEV s. r. o., Zuzany Chalupovej 8A, 851 07 Bratislava, Slovak Republic