Get Started

Legal

Privacy Policy

Last updated: April 2026

This page explains what information Daily Adventure collects, how we use it, who we share it with, and what rights you have over your data. If anything here is unclear, email us at privacy@storyseeds.org.uk and we will do our best to explain it properly.

Who we are

Daily Adventure is operated by Story Seeds Somerset CIC, a Community Interest Company registered in England and Wales (company number 15451729). We are the data controller for information processed through the Daily Adventure service at dailyadventure.io.

Daily Adventure is not affiliated with Yoto. Yoto is a registered trademark of Yoto Limited.

What we collect

We collect only what we need to run the service:

  • Account details. When you log in with Yoto we receive a unique identifier from Yoto (your sub claim) plus any profile information you authorise us to see. If you sign in with Google we also receive your email address and display name.
  • OAuth tokens. Short lived access tokens and longer lived refresh tokens for Yoto, and for Google Calendar if you connect it. These live in our database and are only used to call the APIs you have authorised.
  • Child profiles. First name, age or school stage, interests, and any preferences you enter to personalise stories. We do not collect surnames, addresses, or photos of children.
  • Content you generate. The stories, news briefings, bedtime tracks, and pixel art produced for your family. These are linked to your account so we can deliver them to your Yoto player and let you play them again.
  • Device and usage data. Which Yoto players are linked to your family, whether they are online at delivery time, and basic logs of what was delivered. We use this to avoid generating audio when nobody is listening.
  • Payment information. If you become a paid supporter, Stripe processes your payment. We store only the Stripe customer reference and the tier you are on. We never see or store your card details.
  • Support conversations. Messages you send us through live chat or email.

How we use it

  • To generate and deliver daily audio content to your Yoto player.
  • To sign you in and keep you signed in.
  • To bill supporters and provide paid features.
  • To diagnose bugs, monitor reliability, and improve the service.
  • To send essential service emails, for example delivery failures or billing.

We do not sell your personal data, use it for advertising, or feed it back to AI providers to train their models. Story generation uses your child's preferences as input to a one off request. The providers we use have committed not to train on our API traffic.

Yoto account permissions

When you connect Yoto, the Yoto consent screen lists the permissions (called scopes) that Daily Adventure is asking for. We ask for only what the features you use actually need. Here is every scope we request, and why.

offline_access

Keep your Yoto connection working in the background

Daily Adventure delivers content at scheduled times, like a morning story or a bedtime track. Without this permission we would have to ask you to log in every hour, which would break scheduled delivery.

openid

Uniquely identify your Yoto account

Used to match your Yoto login to your Daily Adventure account so your content, children, and preferences stay with you between sessions.

profile

Show your name in the app

Lets us greet you by name and show your Yoto avatar inside Daily Adventure. No other profile data is stored.

user:content:view

Read the Daily Adventure cards on your Yoto account

Lets us check which cards we have already created for you and pick up where we left off, so we do not duplicate content on your account each day.

user:content:manage

Create, update, and delete Daily Adventure cards on your account

Daily Adventure works by writing Make Your Own cards into your Yoto account. One for the morning story, one for bedtime, one for news, and so on. This permission lets us create those cards, refresh their audio each day, upload the transcoded audio files, and remove cards when you cancel a feature or disconnect. It only affects cards Daily Adventure creates. We do not touch anything else in your library.

user:icons:manage

Upload and manage custom track icons for Daily Adventure cards

Each track in a Daily Adventure card gets a custom icon so your child can tell today's story apart from yesterday's on the player screen. This permission lets us upload, pick, and tidy up those icons.

family:view

See who is in your Yoto family

Used to offer faster onboarding in future. When you create a child profile in Daily Adventure, we can suggest matching them to an existing Yoto family profile instead of asking you to enter details twice. We do not contact or message other family members through this permission.

family:library:view

See which cards are in your Yoto library

Needed for our card chaining feature. When a Daily Adventure card finishes, we can queue the next card for you, for example continuing into one of your purchased storybooks. Read only. We never add, remove, or rearrange cards in your library.

family:devices:view

List your Yoto players

We need to know which of your Yoto players to deliver audio to. Without this we would not know where to send your stories.

family:devices:control

Start playback on your player and check if it is online

Lets Daily Adventure play a story, news briefing, or bedtime track on your chosen player at the time you scheduled, and check whether the player is online so we can skip delivery (and save costs) when nobody is listening. We only send playback commands for Daily Adventure content, and only at the times you have configured.

You can revoke these permissions at any time from your Yoto account settings, or by disconnecting Yoto from the Daily Adventure account menu. Revoking access stops all future delivery immediately.

Who we share data with

We use a small number of trusted service providers (our data processors) who handle data on our behalf, under contracts that restrict them to using it only for the service they provide to us.

  • Yoto to deliver content to your player (UK).
  • MongoDB Atlas for our primary database (EU region).
  • Vercel for web hosting, edge caching, background jobs, and audio file storage (US and EU).
  • OpenAI and ElevenLabs for story text and audio generation. Child preferences are sent as one off prompts, and these providers have committed not to train on our API traffic.
  • Stripe for supporter payments.
  • Sentry for error tracking. Sensitive fields and tokens are redacted before sending.
  • Crisp for live chat support.
  • QStash (Upstash) for our scheduled job queue.
  • Sanity for blog content management.
  • Google only if you connect Google Calendar. We read events you explicitly authorise us to see.

We will share data with law enforcement or regulators only where we are legally compelled to do so.

How long we keep data

  • Account and child profiles. Kept while your account is active. Deleted within 30 days of you closing the account.
  • Generated audio. Kept for replay for up to 90 days, then deleted.
  • OAuth refresh tokens. Kept until you disconnect or revoke them.
  • Billing records. Kept for 7 years to meet UK accounting requirements.
  • Error logs. Kept for 30 days.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time for anything based on consent.
  • Complain to the UK Information Commissioner's Office (ico.org.uk) if you think we have handled your data unfairly.

To exercise any of these, email privacy@storyseeds.org.uk.

Children's data

Daily Adventure is designed for parents to set up content for their children. Accounts are held by the parent, and children do not log in directly. We collect only the minimum needed to personalise stories (first name, age or stage, interests). We never ask for surnames, addresses, school names, or photos.

Security

Data in transit is protected with TLS. Data at rest is stored in encrypted databases and object storage. Access to production systems is restricted to the minimum set of operators needed to run the service, and secrets are stored in a managed secret store, never in code.

Changes to this policy

We will update the “Last updated” date at the top whenever this policy changes, and notify active users by email if the changes are material.