Skip to content
Dandali
Join waitlist

Privacy Policy

Last updated: 29 April 2026

Dandali ("we", "our", or "us") is a storytelling app for children aged 3 to 12, built by a small team that deeply cares about cultural preservation and children's safety. This Privacy Policy explains what we collect, how we use it, and the choices you have.

If anything here is unclear, email us at privacy@dandali.app and a real person will answer.

1. Who this policy applies to

This policy applies to the Dandali mobile app (iOS, Android, Android TV) and the website at dandali.app. When we say "the Service", we mean all of them.

2. Information we collect

Account information. When a parent creates an account, we collect an email address and an authentication token. We do not store passwords ourselves — we use Firebase Authentication and support sign-in via email, Google, Apple, or guest mode (anonymous).

Child profiles. Parents may add profiles for their children, including a display name or nickname, age or age range, preferred language (Hausa, Yoruba, Igbo, or Fulfulde), and optional avatar. We do not require real names, birthdates, photos, or any other personally identifiable information about children.

Usage data. We record which stories, proverbs, and riddles are played, progress within a story, downloads for offline use, and basic performance data (load times, crashes) so we can improve the app. Analytics on our website are cookieless and aggregate-only via Plausible.

Device information. Device model, operating system version, app version, language, and a randomly generated installation ID. We use this for crash reporting and to understand which devices we need to support.

Push notification token. If you grant notification permission, we receive a Firebase Cloud Messaging token from the device. We use this only to deliver in-app reminders and content updates. You can revoke notification permission at any time from your device settings.

Payment information. If you subscribe to Dandali Premium or Premium Plus, payment is handled entirely by the App Store or Google Play. We never see your card details — we only receive a subscription status from RevenueCat.

3. Children's privacy (COPPA / GDPR-K)

We comply with the Children's Online Privacy Protection Act (COPPA) in the United States and the GDPR-K provisions for children in the European Union and UK.

  • We do not knowingly collect personally identifiable information from children under 13 without verifiable parental consent.
  • Children cannot create an account on their own — only a parent or guardian can.
  • Children cannot communicate with other users inside Dandali.
  • Children are never shown third-party advertising, ever. This is a permanent commitment.
  • Parents can review, export, or delete any information we hold about their child by emailing privacy@dandali.app.

4. How we use information

We use the information we collect to:

  • Provide and maintain the Service.
  • Personalise content recommendations for each child profile (e.g., suggesting more Hausa folktales if that's what a child prefers).
  • Improve the app — for example, fixing crashes, optimising audio playback, planning new language support.
  • Communicate with parents about their account, subscription, or important updates.

We do not sell personal information. We do not use children's data to build advertising profiles.

5. Who we share information with

We share information only with the third-party services required to run Dandali, and only to the extent needed:

  • Firebase (Google) — authentication, database, file storage, crash reporting, push notifications, analytics.
  • RevenueCat — subscription management.
  • OpenAI & ElevenLabs — used to generate story text and audio narration. Child profile data is never sent to these services; only story prompts written by our content team.
  • Plausible Analytics — aggregate, cookieless website analytics. No personal data leaves the device.

Each of these providers is bound by strict confidentiality and data-processing agreements.

6. Data retention

We keep account and child-profile information for as long as the account is active. If you delete your account, we delete all associated profile and usage data within 30 days, except where we are legally required to retain it (e.g., financial records for subscription receipts).

7. Data security

We use industry-standard security practices: TLS in transit, Firebase's encryption at rest, hardware-backed key storage for auth tokens on device, and restricted server access. No system is perfectly secure, but we take this seriously and have a disclosure channel at security@dandali.app for researchers.

8. Your rights

Depending on where you live, you have the right to access, correct, delete, or port your personal information, and to object to certain processing. You can exercise any of these rights by emailing privacy@dandali.app. We respond within 30 days.

9. International transfers

Dandali is operated from Nigeria. Our hosting infrastructure (Firebase) may store and process data in the United States and the European Union. By using the Service, you consent to these transfers.

10. Changes to this policy

If we make material changes to this policy, we will notify parents by email and update the "Last updated" date above. Continued use of the Service after a change indicates acceptance of the updated policy.

11. Contact us

For any privacy question, concern, or request, email us at privacy@dandali.app.