DaddyDrawing - AI Drawings for Kids | Because Your Drawings Are Terrible. Your Love Isn't.

Last updated: March 2026 · Compliant with Hong Kong Personal Data (Privacy) Ordinance (PDPO, Cap. 486)

1. Data We Collect

We collect the following personal data:

Account data: Name, email address, profile photo (from OAuth provider)
Child profile data: Child's name, age, sex, personality traits, interests (provided by you)
Usage data: Drawings generated, prompts used, token transactions, login activity
Payment data: Processed by Stripe. We do not store credit card numbers.
Device data: Browser type, IP address, device type (for security and analytics)

2. How We Use Your Data

To provide and personalise the drawing generation service
To manage your account, subscription, and token balance
To process payments and issue refunds
To send service-related communications
To prevent fraud and abuse
To improve the Service

3. Children's Data

We take children's privacy extremely seriously. Child profile data (name, age, interests) is provided by the parent/guardian and is used solely to personalise AI-generated drawings. We do not collect data directly from children. Child profile data is encrypted at rest and in transit. We never share children's data with third parties. Parents may delete child profiles at any time.

4. Photo Upload Privacy

Photos uploaded to the Memory Room are processed solely for image transformation. Photos are permanently deleted immediately after the AI generation is complete. We do not store, retain, or use uploaded photos for training, analytics, or any other purpose. Photos are transmitted over encrypted connections (TLS 1.3).

5. Storage & Security

Data is stored in Supabase (PostgreSQL) hosted in the Asia-Pacific region (Singapore). All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We implement row-level security policies to ensure users can only access their own data. Regular security audits are conducted.

6. Data Retention

Account data is retained for the lifetime of your account. Generated drawings are retained until you delete them or close your account. Upon account deletion, all personal data is permanently deleted within 30 days. Payment records are retained for 7 years as required by the Hong Kong Inland Revenue Ordinance.

7. International Data Transfers

DaddyDrawing.com is operated from Hong Kong SAR and serves users worldwide. Your personal data may be transferred to and processed in jurisdictions outside your country of residence, including Hong Kong SAR, Singapore, and the United States (for payment processing via Stripe and AI generation via OpenAI). We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

8. Your Rights Under the PDPO (Cap. 486)

Under Hong Kong's Personal Data (Privacy) Ordinance, you have the right to:

Access: Request access to your personal data held by us
Correction: Request correction of inaccurate personal data
Deletion: Request deletion of your data (subject to legal retention requirements)
Opt-out: Opt out of direct marketing communications at any time
Complaint: Lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) at pcpd.org.hk

To exercise these rights, contact us at privacy@daddydrawing.com.

9. Third-Party Services

Supabase: Database and authentication (Singapore)
Stripe: Payment processing (Hong Kong / international)
OpenAI / Stability AI: Image generation (prompts only, no personal data sent)
Vercel: Application hosting
Resend: Transactional email

10. Contact

Privacy Officer: Alan Ha · privacy@daddydrawing.com · DaddyHandbook Limited, Hong Kong SAR