Privacy Policy
Effective Date: May 21, 2026
‘Little Why?’ is built for families. We collect as little as we can and use what we do collect only to make the app work and to keep your account in good shape.
This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. It applies to the ‘Little Why?’ mobile app and to littlewhy.app.
‘Little Why?’ is provided by the individual developer listed for ‘Little Why?’ in the Apple App Store (referred to here as ‘we’, ‘us’, and ‘our’).
1. Who Uses the App
‘Little Why?’ is designed to be used by adults — parents, guardians, and caregivers — with children. Children should use the app only with adult involvement and supervision.
We do not knowingly create accounts for children under the age required in your region (for example, under 13 in the United States, or other ages required by local law). If we learn that an account belongs to a child who should not have one, we will deactivate it. If you believe a child has an account, contact us at support@littlewhy.app.
2. What We Collect
Account information. When you sign up we store your email address (or, if you use Sign in with Apple, the relayed Apple email Apple chooses to share with us). For email/password accounts we store a salted password hash — never the raw password.
Profile. A small profile per account: your chosen interface language and the age setting the answers are tuned to (a number, such as 5). We don’t ask for a name, photo, location, or any other identifier of a child.
Questions and answers. The questions you (or your child, with your supervision) ask in the app and the answers we provide, plus a timestamp. These build your in-app journal so you can scroll back through past questions.
Subscription and quota. If you subscribe, we store your subscription status, plan, and the number of questions used in the current billing cycle. We don’t see or store your payment card details — those stay with Apple.
Device and technical data. Minimal: the device locale (to pick a default language), the app version, and basic logs that exist for any internet service (e.g. that a request was made, when, and whether it succeeded). We don’t collect advertising identifiers, contacts, microphone audio, photos, or your precise location.
Product analytics. We log a small set of in-app events to understand how the app is used and to improve it — for example, that the app was launched, that a question was submitted (without the question text), that an answer finished streaming, that the paywall was shown, or that the language setting was changed. Each event is sent with your account identifier and the profile fields above (interface language, child age setting). We do not send the text of your questions or answers to our analytics provider. See §6 for the provider (Statsig).
Error and crash reports. When the app encounters an error or crash, we collect a diagnostic report so we can fix it: the stack trace, app version, device model, operating system version, the IP address the request came from, your account identifier, and any in-app log messages around the error (which may include short technical strings such as a failed network endpoint). We do not include the text of your questions or answers in error reports. See §6 for the provider (Sentry).
What we deliberately don’t collect. No advertising identifiers. No cross-app tracking. No contacts, microphone, or location. No content from outside the app. We do not use the third-party analytics or error-monitoring described above for advertising or for any purpose other than running and improving ‘Little Why?’.
3. How We Use What We Collect
- Sign you in and keep your account secure.
- Generate, store, and read back age-appropriate answers in your chosen language.
- Show you your past questions (your in-app journal).
- Enforce your free-question quota and unlock paid features if you subscribe.
- Detect abuse, debug problems, and keep the service running.
- Measure how the app is used (in aggregate) so we can improve it.
- Receive crash and error reports so we can fix bugs.
- Respond to support emails you send us.
We don’t sell your personal information. We don’t train any AI model on your data ourselves. See §4 for how OpenAI — the AI provider that generates the answers — handles the questions we send to them.
4. AI Processing of Your Questions
When you ask a question, ‘Little Why?’ sends the question text, the child age setting, and the selected language to OpenAI so OpenAI can generate an answer. We do not intentionally send your email address, name, or account identifier with the question.
Please avoid including personal information about a child or anyone else in questions unless it is necessary and appropriate.
OpenAI is an independent processor that handles this information under OpenAI’s applicable terms and privacy commitments for API services. OpenAI states that API data is not used to train its models unless a customer opts in or otherwise agrees, and that API data may be retained for safety, security, abuse monitoring, legal, or operational reasons as described in its own policies. OpenAI’s policies may change, so OpenAI’s current policies are the authoritative source — see openai.com/policies/api-data-usage-policies.
5. Children’s Privacy
‘Little Why?’ is designed as a family-use app where the parent, guardian, or caregiver owns the account and supervises use.
We do not ask children to create accounts. We do not intentionally ask for a child’s name, photo, contact information, precise location, school, or other direct identifier.
However, because users type their own questions into the app, a question may contain personal information if someone chooses to include it. Please do not include personal information about a child or another person unless it is necessary and appropriate.
If you are a parent or guardian and believe a child has provided personal information through ‘Little Why?’ in a way you did not authorize, contact us at support@littlewhy.app and we will delete the relevant information from our systems.
We do not use third-party advertising in the app. We use third-party service providers only as needed to provide and improve the app — such as authentication, storage, subscriptions, AI answer generation, product analytics, and crash and error monitoring. See §6 for the list.
6. Who We Share Data With (Sub-processors)
We only share data with the services we need to make ‘Little Why?’ work. We don’t sell your data and we don’t share it for advertising.
- Supabase — hosts our database, authentication, and serverless functions. Stores your account, profile, journal, and subscription state.
- OpenAI — generates answers from your questions (see §4).
- RevenueCat — manages subscription state by syncing with Apple. Receives a pseudonymous user identifier from us and subscription events from Apple. RevenueCat may also forward subscription lifecycle events (such as trial start, purchase, renewal, cancellation) to Statsig so those events appear alongside our in-app product analytics.
- Statsig — receives the in-app product-analytics events described in §2 (such as ‘app_launched’, ‘question_submitted’, ‘paywall_shown’), tagged with your account identifier, interface language, and child age setting. Statsig also delivers feature flags and experiment configuration to the app. We do not send question or answer text to Statsig.
- Sentry — receives the crash and error reports described in §2, tagged with your account identifier. Sentry helps us detect and fix bugs.
- Apple — runs the App Store and handles all payments, renewals, refunds, and Apple Sign-In. Apple’s own privacy policy governs that data.
- Hosting (Vercel) and Google Fonts — used by this website (littlewhy.app), not by the app itself. Standard web request logs (IP, user agent, timestamp) apply.
Each of these processors has its own privacy practices and locations of operation. We choose them because they’re widely used, have good security track records, and commit to acting only on our instructions.
7. How Long We Keep Data
We keep your account, profile, subscription state, and journal data for as long as your account exists.
We may cache generalized answers to improve app performance and reliability. We do not intentionally keep cached answers that contain personal information. If we identify cached content that contains personal information, we will delete or anonymize it.
When you delete your account, we delete your profile, journal entries, and subscription record from our database within 30 days, except where we are required to keep limited information for legal, security, fraud-prevention, tax, or payment-record reasons. Backup copies may persist for a short period before being overwritten.
8. Your Choices and Rights
You can:
- Clear your in-app journal from Settings.
- Change your child’s age and interface language from Settings.
- Ask us for a copy of the personal data we hold about you.
- Ask us to correct anything that’s wrong.
- Ask us to delete your account and personal data (see §9).
If you’re in the EU/UK, you also have rights under the GDPR including the right to object, restrict processing, and lodge a complaint with your local supervisory authority. If you’re in California, you have rights under the CCPA/CPRA. Email us and we’ll handle any of these requests.
9. How to Delete Your Account
Email support@littlewhy.app from the address you used to sign up (or from the Apple-relay address Apple gave us, if you used Sign in with Apple) and ask us to delete your account. We will delete your account data within 30 days, except where we are required to keep limited information for legal, security, fraud-prevention, tax, or payment-record reasons.
Deleting your account does not automatically cancel an Apple App Store subscription. To stop renewals you must cancel the subscription through your Apple App Store account settings. We do not control Apple’s billing, cancellation, or refund process.
10. Data Security
We use industry-standard practices to protect your data: encryption in transit (HTTPS) and at rest, hashed passwords, row-level access controls at the database, and least-privilege keys for our integrations. No system is perfectly secure, but we work to keep ours safe and to notify you if something material happens.
11. International Transfers
‘Little Why?’ is provided from the United States. Our processors (Supabase, OpenAI, RevenueCat, Statsig, Sentry, Apple, Vercel) may store and process your data in the US, the EU, or other countries depending on the service. If you’re in a region with data export rules, please be aware your data may be transferred and stored outside that region.
12. Cookies and Tracking
The ‘Little Why?’ app does not use cookies or advertising identifiers and is not part of any cross-app or cross-site tracking. The app does include the Statsig (product analytics, feature flags) and Sentry (error and crash monitoring) SDKs described in §2 and §6; both receive only data we ask them to receive for those specific purposes.
The website (littlewhy.app) is a static page with no analytics, no advertising, and no first-party cookies. Web fonts are loaded from Google Fonts; that request includes your IP and user agent (standard for any web page load).
13. Third-Party Links
We may link to third-party sites such as the Apple App Store or external policies. We aren’t responsible for the content or privacy practices of those sites.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date at the top and, where appropriate, notify you in the app or by email. Your continued use of ‘Little Why?’ after the changes means you accept the updated policy.
15. Contact Us
If you have questions about this Privacy Policy or about your data, contact us at:
‘Little Why?’ Support
support@littlewhy.app