LumiTales — Privacy Policy and Data Protection

Version: 1.6

Effective date: 16 May 2026

Last updated: 16 May 2026

Applicable regulatory framework: Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data (GDPR); Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD); the Children's Online Privacy Protection Act (COPPA, United States) where applicable to users under 13; the Google Play Developer Program Policies, including the Families Policy and the Designed for Families programme to which LumiTales voluntarily adheres; and Google Play's Child Safety Standards Policy with respect to the prevention of Child Sexual Abuse and Exploitation material (CSAE).

Language and prevalence: The original, legally-prevailing version of this Policy is in Spanish — see /es/privacy. This English version is provided as a courtesy translation. In the event of any discrepancy or conflict between language versions, the Spanish version shall prevail (Terms of Service §9.5).

1. Data Controller information


Controller	Jerónimo Repetto (natural person)
Country of residence	Spain
Contact email	lumitales.oficial@gmail.com
Product	LumiTales — children's storytelling mobile application (iOS and Android) and its public marketing website at `lumitales.net`
Scope of this Policy	This Policy applies jointly to (a) use of the mobile application by the adult holder and the minors under their account, and (b) visits to the public website `lumitales.net` by any person (including visitors who are not yet app users). The practices differ across each surface and are clearly identified as "app" or "website" in the sections that follow.
Data Protection Officer (DPO)	The formal appointment of a DPO under Article 37 GDPR is not required given the current nature, scope and volume of the processing activities. The Controller will handle data-protection enquiries through the contact email shown above.

2. Use model and age positioning

LumiTales is an application primarily directed to children (Children's app audience on Google Play, Designed for Families programme). Minors are the primary recipients and consumers of the content (illustrated stories, narration, ambient audio), while adult holders act as configurators and purchasers of the service: they create the account, configure the profiles of the minors in their care, sign up for the subscription, and supervise the use.

Account holder: must be 18 years of age or older. Only the adult holder signs up, configures profiles, and contracts the subscription.
Child profiles: are created and managed exclusively by the adult holder. They are not independent accounts but entities attached to the adult's account.
Minors cannot register or sign in by themselves. A minor consumes content within the account already configured and supervised by the adult holder.
Data relating to minors: are provided by the adult holder (names, ages, gender, avatar) and not collected directly from the minor. The lawful basis for the processing is the consent of the holder of parental authority or guardianship (Article 8 GDPR; COPPA section 6501(1)).

This architecture satisfies COPPA and the Google Play Families Policy: no personal data is collected directly from the minor, since all information about minors stems from the voluntary act of a verified adult holder. Adherence to the Designed for Families programme reflects the commitment to strict child-privacy and child-safety standards.

Related Terms clause

"Use of LumiTales requires the account holder to be 18 years of age or older. Minors may use the application under the supervision and within the account of their parent or legal guardian, who will create individual profiles for each minor. The application does not allow direct registration by minors."

Parental consent — implicit model by unequivocal act

The consent of the holder of parental authority or guardianship is deemed granted, by an unequivocal act in the sense of Article 4(11) GDPR, at the moment the adult holder creates a child profile within the application. This Policy expressly declares that model and therefore no additional acceptance checkbox is required on screen.

Designed for Families (Google Play) — age-neutral screen

LumiTales is distributed on Google Play under the Designed for Families audience (apps primarily directed to children). Even so, because account creation and subscription contracting are reserved to adults, the first launch — and any subsequent launch while the answer is "I'm a kid" — shows a preliminary screen asking whether the user is an adult or a minor:

"I'm an adult / parent" — the user proceeds to the regular flow (legal acceptance, sign-in, onboarding and the app).
"I'm a kid" — the user is taken to a demo mode that allows reading only the 5 stories published for the current day (next subsection). There is no path from this branch to account creation, sign-in, subscriptions, profile creation or the historical library.

The choice is persisted locally on the device. The adult holder can flip it back at any time from the demo banner.

Child Safety Standards — CSAE prohibition

LumiTales takes a zero-tolerance stance against Child Sexual Abuse and Exploitation material (CSAE):

Explicit prohibition in generated content. Any content generation that depicts, promotes or facilitates child sexual abuse or exploitation is strictly forbidden, and the AI models used are configured with prompts, filters and guardrails to prevent it.
Human review prior to publication. Every story, illustration and audio file is editorially reviewed before becoming available to user accounts. The team removes immediately any material that could violate this clause.
In-app reporting mechanism. Every reading screen exposes a visible "Report inappropriate content" button that lets any user — including a minor in demo mode — flag content without leaving the application. Reports are reviewed by the team within 24 business hours; flagged content is removed from the service when the report is founded.
Legal compliance and cooperation. Should confirmed CSAE be detected, LumiTales will follow applicable law and cooperate with competent authorities and with the United States National Center for Missing & Exploited Children (NCMEC) where appropriate.
Designated child-safety contact: lumitales.oficial@gmail.com (handled by the Controller identified in §1).

Demo mode for minors — no data collection

The demo mode reachable via "I'm a kid" exposes a curated set of 5 showcase stories selected by the editorial team as the public shop-window of the product. In this mode the app operates fully anonymously:

No sign-in is performed. The minor never obtains an account or an identifier attributable to the user within the meaning of Article 4(1) GDPR. They are not asked for an email, and are never shown the sign-in screen.
No reading sessions are recorded. Features of the app that depend on an authenticated account remain inactive in this branch.
No telemetry is sent. The usage-analytics system remains disabled while the app is in demo mode and is only enabled once the adult holder signs in. In demo mode, no analytics event leaves the device.
Favorites, ratings and subscription plans are unavailable. These features require an authenticated account and are not available in demo mode.
The curated showcase set is publicly readable without an account, precisely so that the demo can exist. The app's regular daily catalogue — the 5 fresh stories published each day — is NOT reachable from demo mode: our security rules reject any unauthenticated attempt to read dates other than the showcase one. Access to historical dates requires authentication plus an active Premium subscription (or trial period in progress). In any case, none of those documents contains personal data — only the story catalogue.

This architecture ensures that LumiTales does not collect personal information from minors within the meaning of Article 8 GDPR or the US Children's Online Privacy Protection Act during demo mode.

Telemetry off by default

As a direct consequence of being positioned as a Children's app within Google Play's Designed for Families programme, the usage-analytics (telemetry) system is initialized in the disabled state at every app start and is only enabled once the adult holder signs in to their account. Telemetry in demo mode is therefore technically impossible: no analytics event ever leaves the device in that branch.

Device identifiers not transmitted

In line with Google Play's requirements for apps with a child audience, LumiTales does not request or transmit the following identifiers: AAID (advertising ID — the corresponding permission is explicitly declined in the app's configuration), SIM serial number, IMEI, IMSI, BSSID, MAC, SSID or phone number. Precise location and Bluetooth are not requested either, and no third-party software development kits (SDKs) that are not approved for use in services directed to children are included in the application.

3. Data we collect

3.1 Account data (about the adult)

Field	Source	Purpose
Email	Google Sign-In	User identification
Auth UID	Firebase Auth	Internal identification
Display name and profile picture	Google (optional)	Show in UI
App language	User selection / OS	Localise the experience
Last activity date	System	Sync the correct day's content

3.2 Child profiles (provided by the adult)

Field	Type	Required
Name / nickname	Text	Yes
Gender (M/F)	Selection	Yes (for grammatical agreement in stories)
Preset avatar	Selection	Yes
Profile colour	Selection	Yes
Date of birth OR age	Numeric	No — optional, either of them
Reader settings (font, size, dyslexia font, mute)	Toggles / sliders	No

UX note: the app accepts either a date of birth (which then derives and locks the age) or the age directly. If the adult fills in neither, both stay empty. This is a deliberate data minimisation choice — we ask for the minimum and leave the rest to the user's discretion.

3.3 Usage data

Field	Storage	Purpose
Reading sessions (story identifier, duration, completed, date and time)	Server + device	History, streak, eligibility to rate
Favorites (story identifier, title, date, language)	Server + device	"Favorites" feature
Ratings (1-5 stars, optional tags)	Server	Product improvement, anonymous aggregates
Reading schedule (days, time)	Server	Local reminders
Usage stats (streak of days with reading, total completed stories, time-of-day distribution of activity)	Server + device	Show the adult holder the in-app progress and unlock medals
Collectible album cards (one record per completed story, with its title and the date it was earned). Associated with the profile under which the reading happened	Server + device	Profile's card album
Unlocked medals (medal identifier and date earned). Associated with the holder's account	Server + device	"My medals" feature inside the app

About profiles and gamification features. The profiles the adult holder creates inside the application are configurable entities tied to their account: the adult names them, picks an avatar, a colour and, optionally, indicates an age or date of birth. These profiles are not identities of real minors and LumiTales does not treat them as such — the holder is free to create them with fictitious data, with nicknames, or with whatever combination they prefer. LumiTales does not collect, verify, profile or analyse data of any real minor beyond what the adult holder voluntarily enters in the profile-creation form. The usage stats, the collectible cards and the medals are computed exclusively from the activity carried out inside the app under that profile (which stories were opened, how many completed, on what date) — they are product-usage metrics, not inferences about the person behind the profile.

3.4 Subscription data

Premium status (premium active, trial active, none): managed by RevenueCat on behalf of LumiTales. LumiTales queries RevenueCat for your subscription state when you sign in, complete a purchase or restore purchases, in order to grant or deny access to Premium features.
Receipt / proof of purchase: validated by RevenueCat.
Payment data (card, etc.): processed directly by Apple App Store or Google Play. LumiTales never has access to payment data.
7-day free trial: offered as a native Introductory Offer of the subscription product configured in Apple App Store and Google Play. The one-trial-per-Apple-ID / one-trial-per-Google-account rule is enforced natively by the platform — LumiTales does not maintain any internal trial eligibility list.

3.5 Technical data

Installed application version
Device locale
Device model and operating-system version
IP address (briefly recorded in Cloud Functions logs; see retention)

3.6 Microphone data — Magical Reading ⭐

When the user enables the "Magical Reading" feature:

Audio is processed exclusively on-device through the operating system's native speech recogniser (Apple SFSpeechRecognizer / Android SpeechRecognizer).
Audio is NEVER transmitted to LumiTales servers or any third party.
Audio is NOT stored after processing.
It is used solely to detect the trigger phrase of each scene and play the corresponding sound effect.
The user must enable the feature explicitly from Settings and grant the microphone permission to the operating system.
The user can disable the feature at any time.

3.7 Push notifications

LumiTales may send remote push notifications to the adult holder's device. The feature is off by default and is only enabled if the adult explicitly turns it on from Settings: the toggle is protected by a parental gate (a maths question) and, on activation, the operating system also requests its own notification permission. It can be turned off at any time from Settings.

There are two types of remote push notification:

"New stories" — a notice that the day's stories are available, delivered around 10:00 in the device's local time.
"Reminder" — if the app is not opened for 3 days, a notice to resume reading, with a second and final notice at 14 days. The message may include the name of the most recently used child profile, to personalise the reminder. Inactivity is determined from the "last activity date" already described in §3.1.

To make this feature possible, while it is enabled the following are stored in Firebase, associated with the adult's account:

FCM token — the device identifier assigned by Firebase Cloud Messaging, required to deliver the notification. It is automatically invalidated when the app is uninstalled and removed when the feature is disabled or the user signs out.
Device time zone — to deliver the "New stories" notice at a reasonable hour in the user's local time.
App language — to write the notification in the user's language.
Identifier of the most recent active child profile — to personalise the "Reminder" with that profile's name.

Push notifications do not include third-party advertising and do not collect location data. The reading-schedule reminders (§3.3) are a separate feature: they are scheduled locally on the device and do not depend on this feature or on the FCM token.

3.8 Analytics (Firebase Analytics)

Events collected:

first_open, session_start, screen_view, user_engagement, login, app_remove (Firebase standard)
story_read (custom — full reading of a story)

Data attached to each event:

Device model, OS version, app version
Country (derived from IP, not the full IP)
Locale
Persistent pseudonym (Firebase Instance ID — not direct PII)

Opt-out: the user can disable analytics from Settings (the "Share anonymous usage data" toggle). When disabled, the app stops sending analytics events.

3.9 Crashlytics (planned, not active yet)

When activated:

Error stack traces
Device model, OS version
App version
No personal data in the reports

3.10 Data collected when you visit `lumitales.net` (website — does not apply to the app)

Unlike the mobile application, the public LumiTales website is a marketing channel: it introduces the product to parents who are not yet app users and measures the effectiveness of the campaigns that fund the operation of the service. When you visit lumitales.net and grant consent through the cookie banner, we collect:

Data	Source	Purpose
IP address (truncated by Google prior to storage)	Browser's HTTP request	Approximate country of origin, ad-fraud mitigation, security
User-Agent (browser and OS model)	HTTP request	Technical compatibility and aggregated statistics
Anonymous visit identifier (`_ga`, `_gcl_au`, `_gcl_aw`)	First-party cookie set by gtag.js	Distinguish unique visits, attribute conversions to Google Ads campaigns, measure aggregated audience
Ad-click identifier (`gclid`)	URL parameter when you arrive from an ad	Attribute your visit to the specific ad you chose to click
Page visited, referrer, time on page, clicks on store-badge links	Events sent by gtag.js	Measure which pages and messages perform best
Site preferences (`lt_consent`, `lt_theme`, `lt_music`, `lt_locale`)	First-party cookie set by the site itself	Remember your decision on the banner and your visual / language preferences

If you reject consent through the banner, none of the cookies in the first two categories (Google Ads, Google Analytics) are installed in your browser. The site preferences (lt_consent, lt_theme, lt_music, lt_locale) are technically necessary to remember your own decision and preferences and rely on legitimate interest, not consent.

The website does not collect your name, email, age, gender, data about minors or any other identifying data. The only way to create an account with personal data is through the mobile application, where the rest of this Policy applies.

4. Third-party processors (with whom we share data)

Provider	Country	Data received	Purpose	Legal mechanism
Google LLC — Firebase (Auth, Firestore, Storage, Cloud Functions, Analytics, FCM)	USA	Email, UID, profiles, sessions, ratings, favorites, analytics events, IPs (logs)	Backend + analytics	EU-U.S. Data Privacy Framework (certified)
RevenueCat Inc.	USA	UID + subscription data (NOT the card)	In-app purchase validation	EU-U.S. Data Privacy Framework (certified)
Apple App Store / Google Play	USA	Payment data	Payment processing	T&Cs of the respective platform
OpenAI Inc.	USA	Generation prompts + dictionary long-press words only. No PII.	Story generation, translation, validation, dictionary lookups	Standard Contractual Clauses (SCCs)
Google AI Studio (Gemini)	USA	Generation prompts only. No PII.	Story generation, QA, VCS	EU-U.S. Data Privacy Framework (Google)
ElevenLabs Inc.	USA	Short SFX prompts only. No PII.	Sound generation	Standard Contractual Clauses (SCCs)
Apple Speech / Google SpeechRecognizer	On-device processing on the user's own device	Microphone audio	On-device STT	No international transfer — the data does not leave the device
Google LLC — Google Ads (website only, not app)	USA	Truncated IP, user-agent, cookie identifiers (`_gcl_au`, `_gcl_aw`, `gclid`), store-badge click events	Attribute visits and app downloads to Google Ads campaigns, build remarketing audiences, measure ad effectiveness	EU-U.S. Data Privacy Framework (Google certified) — only when the visitor has consented through the cookie banner
Google LLC — Google Analytics 4 (website only, not app)	USA	Cookie identifiers (`_ga`), navigation events, truncated IP	Aggregated website statistics (traffic, sources, behaviour)	EU-U.S. Data Privacy Framework (Google) — only under banner consent

External links (not our processors)

Google Search (via the dictionary's "Search on Google" button): opens the user's browser with the query. Once outside LumiTales, Google's terms apply.

Future processors (planned)

Veo3 / video generator (when integrated): this table will be updated with its transfer mechanism and shared data.

5. Data retention (Path A — "while you are a user")

Category	Retention
Account data + profiles + favorites + ratings + sessions + schedule	While the account exists. Erased / anonymised within ≤30 days after a deletion request.
Subscription invoices	5 years (AEAT obligation — Spanish tax law). Only the legally required minimum is kept (transaction + amount).
Firestore backups	+90 extra days after active deletion (Google's natural rotation)
Firebase Analytics	14 months (GA4 default) — aggregated, not individual data
Cloud Functions logs (IPs)	30 days
Crashlytics (when activated)	90 days
FCM token (push notifications)	While the push-notifications feature is enabled. Automatically invalidated when the app is uninstalled and removed when the feature is disabled or the user signs out.
Opaque anti-abuse identifier for free-trial prevention	For as long as LumiTales operates the service. This is an irreversible identifier derived through a one-way cryptographic function that does not allow the user to be re-identified and therefore does not constitute personal data within the meaning of Art. 4(1) GDPR.

6. Lawful bases for processing (GDPR Art. 6)

Activity	Lawful basis	Justification
Authentication + user profile	Performance of contract (6.1.b)	Without email / UID we cannot deliver the service the user signed up for
Child profiles + favorites + reading schedule	Performance of contract	Core product features
Subscription + invoices	Performance of contract + legal obligation (6.1.b + 6.1.c)	Charging = contract; 5-year retention = AEAT obligation
Reading sessions + ratings	Performance of contract	The user wants their history, streak, etc.
Firebase Analytics	Legitimate interest (6.1.f)	Product improvement. Opt-out via toggle in Settings.
Crashlytics (when activated)	Legitimate interest	Bug fixing. Opt-out via toggle.
Cloud Functions logs	Legitimate interest	Security and debugging. Short retention.
Microphone — Magical Reading	Explicit consent (6.1.a + Art. 9 sensitive data)	Voice can be biometric data. In-app toggle + OS permission = double consent.
Push notifications	Consent (6.1.a)	Explicit OS permission + in-app opt-in behind a parental gate. Off by default; revocable at any time.
Cultural filter	Performance of contract	Tailoring the service to the user
Children's data	Parental consent (Art. 8)	The parent / guardian consents by creating the profile — implicit model attached to the act of creation
Free-trial abuse prevention	Legitimate interest (6.1.f)	We retain an opaque, irreversible identifier derived from the authentication provider the user signed in with (Google Sign-In / Apple Sign-In) for as long as we keep the service open, with the sole purpose of preventing the same provider account from repeatedly obtaining the free trial period after requesting deletion. This identifier does not allow the user to be re-identified and does not contain personal data within the meaning of Art. 4(1) GDPR.
Google Ads + Google Analytics cookies on the website (website only)	Consent (6.1.a)	The website visitor explicitly accepts or rejects the installation of these cookies via the consent banner shown on first visit. Until acceptance, no advertising or analytics cookie is installed — only anonymised pings are transmitted to Google under "Consent Mode v2" for aggregated statistical modelling, without identifying the visitor. The choice is stored locally in the browser and can be reverted at any time by clearing the site's cookies.
Functional cookies on the website (`lt_consent`, `lt_theme`, `lt_music`, `lt_locale`) (website only)	Legitimate interest (6.1.f)	Remember the visitor's own decision on the consent banner and their theme, music and language preferences on the site. They are technically necessary for the site to behave as the visitor configured it and do not involve advertising tracking.

7. Your rights (GDPR Art. 15-22)

You may exercise the following rights at any time:

Right	How to exercise it
Access (Art. 15) — knowing what data we hold about you	Email `lumitales.oficial@gmail.com` — answered within ≤30 days with a structured export
Rectification (Art. 16) — correcting data	Self-service from Settings (profile, schedule, etc.); the rest by email
Erasure (Art. 17) — deleting your account and data	"Delete my account" button inside Settings → automatic deletion within ≤30 days. After deletion we retain only an opaque, irreversible identifier derived from the identifier that the authentication provider (Google/Apple) assigned to the account. This identifier is non-personal under GDPR: it cannot be used to re-identify the user, and it is used solely to prevent free-trial abuse via repeated account creation.
Restriction (Art. 18) — pausing processing	Email
Portability (Art. 20) — structured export	Email — the controller generates the JSON manually
Object (Art. 21) — opting out of legitimate-interest processing	Analytics toggle in Settings (no email needed)
Withdraw consent (Art. 7)	Corresponding toggles (mic, notifications) or email
No automated decisions (Art. 22)	N/A — we do not perform automated profiling with legal effects

Right to lodge a complaint

If you believe LumiTales has not handled your data appropriately, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD):

https://www.aepd.es

8. International transfers

Some of the providers we rely on to deliver the service are based in the United States. Personal-data transfers to those providers are made under the following legal mechanisms:

Google LLC (Firebase, Cloud Functions, Cloud Storage, Analytics) and RevenueCat Inc.: certified under the EU-U.S. Data Privacy Framework.
OpenAI Inc. and ElevenLabs Inc.: under Standard Contractual Clauses (SCCs) approved by the European Commission.

For microphone data processed locally by the device's OS (Apple / Google), there is no international transfer because the data does not leave the user's device.

9. Cookies, tracking and equivalent technologies

LumiTales operates two surfaces with distinct technical practices: the mobile application (iOS / Android) and the public website (lumitales.net). This section covers each one separately.

9.1 Inside the mobile application (iOS / Android)

LumiTales is a native mobile application and does not use HTTP cookies inside the app. We use the following equivalent technologies:

Local on-device storage: keeps user preferences, the cache of downloaded stories and the last-activity date. This data remains on the device and is not transmitted to our servers.
Firebase Instance ID: a pseudonymous identifier assigned by Google to the device, used by Firebase Analytics and Firebase Auth. This identifier does not contain direct personal information but allows associating analytics events with the same device. The user can reset it by clearing the app's data from the OS settings, or by disabling analytics from LumiTales' Settings.
Inside the app we DO NOT use advertising identifiers (Apple IDFA / Google Advertising ID) and we do not participate in advertising networks directed at the app user's device. For this reason, on iOS the app does not show the App Tracking Transparency prompt — it is not required.

9.2 On the public website (`lumitales.net`)

The website is our marketing channel: it introduces the product to visitors who are not yet app users and, when they arrive from an ad, attributes the visit to the corresponding campaign. Unlike the app, the website does use HTTP cookies.

Cookies installed in your browser when you visit lumitales.net:

Cookie	Type	Purpose	Duration
`_gcl_au`, `_gcl_aw`	Advertising — Google Ads	Attribute clicks from ads and conversions (clicks on store badges) to the campaigns that generated them	90 days
`_ga`, `_gid`	Analytics — Google Analytics 4 (via gtag.js)	Distinguish unique visits and measure aggregated traffic to the site	24 months / 24 hours
`lt_consent`	Functional — LumiTales	Remember your decision on the cookie banner (accept / reject)	12 months
`lt_theme`, `lt_music`, `lt_locale`	Functional — LumiTales	Remember your theme, background music and language preferences	12 months

Legal basis:

For Google Ads and Google Analytics cookies: your explicit consent granted via the banner shown on your first visit (GDPR Art. 6.1.a).
For LumiTales functional cookies (lt_consent etc.): legitimate interest in the correct functioning of the website according to your own choices (GDPR Art. 6.1.f).

Google Consent Mode v2: we have implemented Google's consent mode. Until you accept the banner, no advertising or analytics cookie is installed in your browser. Google only receives anonymised pings used for aggregated statistical models that do not allow you to be identified.

How to grant, withdraw or change your consent:

On your first visit to the site, a banner at the bottom lets you Accept or Reject ad tracking.
To change your decision later, clear cookies for lumitales.net from your browser settings or use a private window; on the next visit the banner will reappear.
You may also use your browser's global settings ("Block all cookies", "Private mode", etc.) — the site honours that choice without needing the banner.

International transfers: Google cookies are transmitted to Google LLC in the United States, which adheres to the EU-U.S. Data Privacy Framework (European Commission Adequacy Decision of 10 July 2023), providing a level of protection equivalent to GDPR. See §8 for more detail.

10. Communications with the user

LumiTales may send you the following communications:

10.1 Transactional communications (necessary to deliver the service)

These do not require additional consent beyond using the service:

Local reminders about the reading schedule you have configured in the app.
Subscription notifications, including:
- Automatic monthly or yearly renewal (the subscription renews itself at the end of each period unless cancelled in advance).
- Cancellation: if you cancel your subscription, you keep Premium access until the end of the paid period.
- Free-trial expiration.
Confirmations of changes to your account (deletion, etc.).
Relevant specific notices that directly affect the user or the platform (security incidents, important service changes).

10.2 Marketing communications

LumiTales NEVER sends promotional emails, newsletters or email advertising. Email is reserved exclusively for matters that directly affect the user.

LumiTales sends remote push notifications for engagement (detailed in §3.7): a notice that the day's stories are available and a reminder to resume reading after several days without opening the app. These communications:

Are off by default (opt-in model), and enabling them requires passing a parental gate.
Can be turned on or off at any time from Settings.
Do not include third-party advertising.

11. Acceptance of this policy and updates

11.1 When acceptance is requested

There are two independent consent mechanisms, one for each product surface:

Inside the mobile application (contractual acceptance): after signing in for the first time with your Google account, before you can access the application's main screen, you will see a screen showing a summary of this Privacy Policy and the Terms of Service. To continue using LumiTales you must confirm via a single combined checkbox that you have read and accept both documents. Without that confirmation you will not be able to access the service.

Links to the full version of each document are visible on that screen and remain accessible at any time from Settings → "Privacy Policy" / "Terms of Service".

On the website (cookie consent): the first time you visit lumitales.net a banner appears at the bottom of the page allowing you to accept or reject the use of advertising and analytics cookies (see §9.2). This decision is independent of any acceptance you may have made inside the app. Acceptance of the Terms of Service is not required to browse the public website — that contract only applies when you create an account and/or subscribe inside the application.

11.2 Updates to this policy

When we make changes to this Policy, the treatment depends on the nature of the change:

Material changes (new processor, new data category, new lawful basis, new purpose): we will notify you via an in-app banner on the next start. You will need to accept the new version to continue using LumiTales.
Non-material changes (wording fixes, clarity improvements, date refresh): the new version is published silently. The current version can always be reviewed from Settings.

11.3 Acceptance record

For each user and each accepted version we securely retain:

On the device itself: the last accepted version, used to determine when a re-acceptance notice should be shown.
In our systems: a record of the date and time of acceptance, the accepted versions of the Privacy Policy and the Terms of Service, the language of the version read and the platform of the device from which acceptance took place.

This record allows us to demonstrate at any time which version of the document each user accepted and when, in accordance with Article 7.1 GDPR.

12. Where you can find this policy

12.1 Public URL

The current version of this Policy is always available at the following public URLs:

Spanish version (the Controller's official language): https://lumitales.net/es/privacy
English version (courtesy translation): https://lumitales.net/en/privacy

12.2 Inside the application

Settings → Privacy Policy — opens the current version.
Settings → Terms of Service — opens the twin document.