MiniGenius AI Privacy

Data Controller

The data controller for personal data collected through MiniGenius AI is Alessandro Malizia, Italian VAT number 03204070605, based in Rome, Italy. For privacy requests, GDPR rights, or privacy concerns, contact hello@minigenius.ai.

Data we collect

We collect parent data such as email, the name provided during consent, country, preferred language, consent records, subscription status, and minimal technical data. For children, we collect only what is needed to run the service: nickname, age range, language, avatar color, parent-configured limits, and session metadata. We do not ask for a child's real name, address, school, city, phone number, photos, or free-text profile notes.

Purpose

We use data to create and protect the parent account, verify consent, let the child use Momo, apply time and profile limits, handle safety, billing and support, send operational emails and requested communications, improve reliability, and prevent abuse. We do not use children's data for behavioral advertising or commercial profiling.

First-party waitlist analytics

To understand which campaigns bring real visits and confirmed waitlist signups, we record minimized technical events such as page view, form started, form submitted, confirmation email accepted or failed, and waitlist confirmed. Events use a random visit identifier stored only in sessionStorage, not a persistent cookie. We store UTM values, page language, device category, and referrer domain, but not email, raw IP, full referrer URL, full user-agent, fingerprint, or child data. These data remain internal and are not sent to Meta Pixel or advertising platforms.

Legal basis

Processing is based on parent or guardian consent for the child's use of the service, performance of the contract for account and subscription features, compliance with legal obligations, and legitimate interest in keeping the service safe, reliable, and protected from abuse.

Voice, chat, and content

When a child talks with Momo, audio is used to transcribe the request and generate a spoken answer. MiniGenius AI does not store child audio or plain-text transcripts. For safety and audit, we store metadata, message hashes, counts, aggregated topics, and safety events when needed. Momo TTS responses may be cached in private storage to reduce cost and latency.

Recipients and Service Providers

To provide MiniGenius AI, we use selected technical providers. Some act as processors under Article 28 GDPR; where data is transferred outside the EU, we use appropriate safeguards such as Standard Contractual Clauses:

• Supabase Inc. — database and authentication. Servers located in the European Union (Frankfurt, Germany).
• Stripe Payments Europe, Ltd. and Stripe group companies — checkout, subscriptions, payments, invoices, customer portal, and billing history.
• OpenAI, L.L.C. — moderation, response generation, speech-to-text, and text-to-speech when configured as provider.
• ElevenLabs or an equivalent TTS provider — Momo voice generation when configured as the TTS provider.
• Resend, Inc. — operational emails, OTP, confirmations, and safety alerts.
• Vercel Inc. — site hosting. Servers located in the European Union (Frankfurt, Germany).
• Cloudflare, Inc. — DNS, site protection, and network security.
• We do not sell, rent or share your data with third parties for marketing purposes.

Retention

We keep account data while the account is active or for as long as needed for technical, tax, safety, support, or legal purposes. Message logs do not contain plain text and are designed for short retention. Safety and billing events may be kept longer for audit, abuse prevention, and legal obligations.

Unsubscribe and deletion

Operational emails, such as OTP, confirmations, safety, and billing messages, are necessary for the service. Marketing or launch communications require separate consent and can be stopped through email links or by writing to hello@minigenius.ai. After unsubscribe, we will no longer use the email for promotional communications except for minimal technical or legal obligations.

Your Rights

Under the EU General Data Protection Regulation (Regulation 2016/679) you have the right to:

• Access your personal data and receive a copy (Art. 15).
• Rectify inaccurate or incomplete data (Art. 16).
• Erasure of your data (Art. 17).
• Restriction of processing under certain conditions (Art. 18).
• Data portability to transfer your data to another controller (Art. 20).
• Object to processing on legitimate grounds (Art. 21).
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• To exercise any of these rights, write to hello@minigenius.ai. We will respond within 30 days of receiving the request.
• You also have the right to lodge a complaint with a supervisory authority. If you are based in Italy, the competent authority is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it). If you are based in another EU member state, you may contact your local data protection authority.

Privacy contact

For privacy requests, email hello@minigenius.ai and mention MiniGenius AI. To protect the account, we may ask for reasonable parent identity verification before exporting or deleting data.