Legal

Privacy Policy

Effective date: June 12, 2026

1. Who we are

ToyAI makes plush companion toys with a built-in voice assistant for children, controlled and supervised by parents through a dashboard. This policy explains, in plain language, what data we collect, why we collect it, and the choices you have. Because our product is used by children, we hold ourselves to a higher standard than the legal minimum.

The data controller is OnePlankton (reg. No. 1238924), a self-employed enterprise registered in Lithuania (individuali veikla), registered address 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. You can reach us about anything in this policy at support@bentleyhugs.com.

2. What we collect

Parent account data. Your name, email address, optional phone number, a hashed password (we never store the password itself), and your notification preferences.

Child profile data.The information you choose to give the toy so it can be a better companion: your child's first name, age or birthday, a short description of interests, and the personality mode you select. We ask for a first name only — never a surname, address, school, or photo of your child.

Conversation data. When your child talks to the toy, their speech is converted to text and the toy replies. We store the conversation transcripts so that you — the parent — can review every conversation in the dashboard. Each conversation is also analysed by our AI safety layer, which produces a short summary, sentiment, and any safety flags. Transcripts are processed by OpenAI acting as our data processor (see Section 5); under our agreement with OpenAI, this data is not used to train their models.

Device telemetry. Battery level, firmware version, connection status, and last-seen time — purely so the toy works reliably and you can see its status.

Order and payment data. Your order history and billing details. Card payments are handled by Stripe; we never see or store your full card number.

Support and waitlist messages. If you contact us or join our launch updates list, we keep your message and email address so we can respond and keep you posted.

3. Why we collect it (lawful bases)

To provide the service (Art. 6(1)(b) GDPR): account management, conversations, the parent dashboard, orders, and the subscription.

With your consent(Art. 6(1)(a) GDPR): your child's profile and conversation data. Because the service is directed at children, we rely on verifiable parental consent under Art. 8 GDPR: only an adult account holder can create a child profile, pair a device, and enable conversations, and you can withdraw that consent at any time by deleting the profile or the data.

Legitimate interests (Art. 6(1)(f) GDPR): keeping the service secure, preventing fraud and abuse, and improving reliability — never advertising.

Legal obligations (Art. 6(1)(c) GDPR): keeping invoices and tax records as required by law.

4. What we never do

We do not show ads. We do not sell or rent your data — or your child's data — to anyone. We do not build advertising profiles of children. We do not use your family's conversations to train AI models. If that ever changes (we don't plan for it to), we would ask for your explicit consent first.

5. Who helps us process data

We use a small number of processors, each under a data processing agreement:

  • OpenAI— generates the toy's responses and the safety analysis of conversations. API data is not used for model training. Transfers to the US are covered by EU Standard Contractual Clauses and applicable adequacy frameworks.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email (order confirmations, alerts you opt into).

Our application data is hosted in the European Union. Where a processor operates outside the EU, we rely on the safeguards above.

6. How long we keep data

  • Conversation transcripts — until you delete them (you can delete individual conversations or wipe everything from the dashboard at any time).
  • Child profiles — until you delete the profile or your account.
  • Account data — for the life of your account, then deleted within 30 days of account deletion.
  • Order and invoice records — for the period required by tax and accounting law.
  • Device telemetry — rolling operational data, kept only as long as needed to run the service.

7. Your rights

Under the GDPR you can access, correct, export, delete, and restrict the processing of your data, object to processing based on legitimate interests, and withdraw consent at any time. These are not just words: the parent dashboard includes working export and delete controls for conversation data, and full account deletion is available. For anything you cannot do yourself in the dashboard, email support@bentleyhugs.com and we will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority, or with the supervisory authority of our establishment (OnePlankton is registered in Lithuania, so this is the State Data Protection Inspectorate, vdai.lrv.lt).

8. Cookies

We use strictly necessary session cookies only: one to keep parents signed in to the dashboard and one for administrator sessions. They are httpOnly, are not used for tracking, and are not shared with anyone. We do not use advertising or third-party tracking cookies. If we enable website analytics, we use a cookieless, privacy-first tool (Plausible) that collects no personal data.

9. Security

Data is encrypted in transit (TLS). Passwords are stored as salted bcrypt hashes. Device communication is authenticated per device, and dashboard access is restricted to the verified parent account that owns the device. We practice data minimisation: the toy is designed to gently redirect children away from sharing personal information, and we collect only what the product needs to work.

10. Children's privacy & COPPA (US customers)

The website, shop, and dashboard are intended for adults. Child data enters the service only after a parent creates a profile and pairs a device. For customers in the United States, we align our practices with COPPA: we obtain verifiable parental consent before collecting information from children under 13, we let parents review and delete their child's information at any time, we collect no more information than is reasonably necessary, and we never condition a child's use of the toy on disclosing extra personal information.

11. Changes to this policy

If we make material changes, we will email account holders and post the updated policy here with a new effective date before the changes take effect.