Privacy Policy

We fully comply with COPPA. For users under 13:

• Verifiable Parental Consent via our in-app consent flow before account activation.
• Data Minimization — only what's needed to deliver therapy.
• Parental Access — review, modify, or delete a child's data from the Parent Dashboard.
• No Behavioral Advertising.
• No Third-Party Sharing of children's data for commercial purposes.
• Right to Revoke consent and request full deletion at any time.

When WobbleTalk is used in clinical settings by licensed SLPs:

• Session data may constitute Protected Health Information (PHI).
• Business Associate Agreements (BAAs) available for clinical accounts.
• Encryption at rest (AES-256) and in transit (TLS 1.3).
• Role-based access control and audit logging of all AI interactions.
• Clinical Mode flag enforces stricter de-identification and full audit capture.

WobbleTalk uses OpenAI's GPT-4o mini model to power AI features such as session summaries, vocabulary suggestions, and exercise generation. We do not use any heavy on-device SDKs, and all AI requests are made server-to-server.

• De-identification layer: Before any text is sent to OpenAI, our server runs a de-identification pass that strips emails, phone numbers, SSNs, dates of birth, ZIP codes, and common name patterns.
• Metadata-only requests: Vocabulary and exercise prompts contain only counts, levels, and category metadata — never PHI.
• Audit trail: Every AI call is logged with action type, data category, status, latency, and a clinical-mode flag — without storing input or output content.
• No model training: Our usage of OpenAI's API does not contribute to model training under OpenAI's API data policy.
• Clinical Mode: When enabled by a therapist, AI calls log additional context and require de-identified inputs.