Data Handling Policy
Last updated: April 13, 2026
1. Overview
Magic Moments is committed to protecting the privacy and security of all data entrusted to us, especially data relating to children. This policy describes how we collect, process, store, and delete data throughout our service.
2. Data We Process
2.1 Personal Data
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email address | Account management, order communications | Contract performance |
| Password (hashed) | Account authentication | Contract performance |
| Child's first name | Personalizing the call experience | Contract performance |
| Zip code | Assigning local phone numbers for calls | Contract performance |
| Phone number | Placing outbound calls | Contract performance |
| IP address | Security, fraud prevention | Legitimate interest |
2.2 Sensitive Data — Call Content
Call transcripts and audio recordings contain voice data of children. We treat this as highly sensitive:
- Transcripts are stored encrypted at rest
- Audio recordings are available for download for 7 days, then permanently deleted
- Transcripts and recordings are only accessible to the parent/guardian account holder
- We never use call content for advertising, profiling, or training AI models beyond the individual call experience
3. Third-Party Data Processors
| Processor | Data Shared | Purpose | Location |
|---|---|---|---|
| Twilio | Phone numbers, call routing data | Placing and receiving phone calls | United States |
| ElevenLabs | Child's first name, character system prompt | AI voice generation during calls | United States |
| Shopify | Order details, no card data | Payment processing | United States / Canada |
| Resend | Email address, name, call summary | Transactional email delivery | United States |
All processors operate under data processing agreements and are compliant with applicable data protection regulations.
4. Data Flow Diagram
You (Parent/Guardian)
↓ Sign up, provide child info, pay
Magic Moments (Our Servers)
↓↓↓
Twilio ElevenLabs Resend
(call routing) (AI voice) (emails)
↓ ↓
Phone Call Transcript/Recording
↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
You (receive transcript email, download recording)
5. Data Retention Schedule
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account data | Until account deletion | Manual deletion on request |
| Child profiles | Until account deletion | Deleted with account or on request |
| Call transcripts | 1 year after call | Automatic deletion |
| Audio recordings | 7 days after call | Automatic deletion |
| Order records | 7 years | Financial regulation requirement |
| Session cookies | 30 days | Automatic browser expiry |
6. Data Breach Procedures
In the event of a data breach:
- We will assess the scope and severity within 24 hours
- Affected users will be notified via email within 72 hours
- Regulatory authorities will be notified as required by applicable law
- We will take immediate steps to contain the breach and prevent recurrence
7. Children's Data Protections
Because our service involves interactions with children, we implement additional safeguards:
- Minimal data collection — we collect only first name and zip code; we never ask for or store full names, addresses, or schools
- Parental gates — all purchases require an adult account; calls can only be initiated by a logged-in parent/guardian
- AI safety guardrails — characters are programmed to never ask for personal information (address, phone number, school, etc.)
- Content isolation — call transcripts and recordings are accessible only to the parent account, never shared or sold
- No behavioral advertising — we do not use children's data for advertising or create behavioral profiles
8. Your Rights and Requests
To exercise any of the following rights, contact support@magicmomentslab.app:
- Access — receive a copy of all personal data we hold about you
- Correction — update or correct any inaccurate data
- Deletion — request permanent deletion of your account and all associated data
- Data portability — download your call transcripts and recordings
- Objection — opt out of non-essential processing
We respond to all data requests within 30 days.
9. Contact
For data handling inquiries, privacy concerns, or to exercise any of your rights under this policy:
- Phone: (786) 755-1839 (24/7 AI support agent)
- Email: support@magicmomentslab.app
- Contact form: magicmomentslab.app/contact
We respond to all data requests within 30 days.
