Yore is built for kids and families. This is what we collect, why, who else sees it, and how to delete it. We've kept it short and plainspoken — if any of it is unclear, email [email protected].
kids.helloyore.com).Yore is operated by Yore PBC, a Delaware Public Benefit Corporation. The privacy contact is [email protected].
Yore is directed at kids and complies with the U.S. Children's Online Privacy Protection Act (COPPA). For any user under 13, we require verifiable parental consent before collecting personal information beyond what's strictly necessary to run the chat. The consenting parent is the person who creates the account.
Hard rules. Coded into every character — not toggleable, not negotiable. The same five apply to every kid, every conversation, every character on Yore.
You can change any of these in Settings → Privacy at any time. Withdrawing consent stops new collection immediately and gives you a one-click delete for past data.
We share data only with the service providers we need to run Yore:
| Provider | What they receive | Why |
|---|---|---|
| Anthropic | Conversation text (kid's questions + character's replies), via the API | The character's responses run on Anthropic's Claude models. Anthropic's API tier has a contractual no-training default — submitted data is not used to train their models. |
| Deepgram | Voice audio, transient (discarded immediately after transcription) | Speech-to-text transcription |
| ElevenLabs | Reply text only (no kid voice or kid text) | Text-to-speech — the character's voice playback |
| Cloudflare | IP + request metadata for routing (no kid PII; no parent email shared with Cloudflare) | DDoS protection + WAF at the edge; DNS |
| Render | Encrypted HTTPS traffic; runs the application servers and routes requests | Application hosting |
| Neon | Database contents — accounts, conversations, memories, audit logs | Encrypted database hosting in AWS US-East-1 |
Yore is the COPPA-compliant operator for any data we collect about your kids. We use Anthropic, Deepgram, and ElevenLabs as service providers under COPPA's service-provider framework (16 CFR 312.4(d)(3)) — they process data on our instruction and are bound by their own terms to use submitted data only for providing their service to us. Specifically:
None of these providers receives any data they don't strictly need for their function. We do not sell or rent any data to anyone.
Before broader launch, we will obtain formal Data Processing Agreements (DPAs) with each provider that explicitly acknowledge the operator/processor relationship under COPPA. The friend pilot operates under each provider's standard terms, which we have reviewed for COPPA-compatibility. Voice recordings are never stored on Yore servers.
You can, at any time, in Settings → Privacy:
Passwords are hashed with Argon2id. Session tokens are HMAC-hashed at rest. Sensitive content (kid names, conversation text, memories, summaries) is encrypted at rest with AES-GCM via AWS KMS in production. All traffic is HTTPS via Cloudflare edge. The dev/admin dashboard sits behind an admin-email allowlist. Your kid's PIN is stored hashed within your family's namespace only.
Yore has no ads. We don't share data with advertisers, data brokers, or social platforms. Our cookies are first-party only (sign-in session + family code) and do not follow your kid across the internet.
For aggregate site analytics on
parents.helloyore.com and helloyore.com,
we use Plausible Analytics — a privacy-focused
analytics service that uses no cookies, collects no personal
identifiers, and does not track individuals across sites.
Plausible records only aggregate counts (pageviews, button-click
tallies) for product improvement. It is never loaded on
the kid-facing surface (kids.helloyore.com)
per our L1.13 commitment.
If we change anything material, we'll email every active parent account 30 days before the change takes effect, and we'll require fresh consent from any parent of an under-13 kid before continuing to collect data under the new terms.
Privacy questions, deletion requests, or concerns: [email protected]. We answer within 7 days.
Required by 16 CFR §312.6 — formal COPPA inquiries, deletion requests, or compliance-related correspondence should be directed to:
Anthony Liu
Designated COPPA Compliance Officer, Yore PBC
[email protected]
For deletion requests, the parent dashboard includes one-click data deletion (Settings → Privacy → "Delete my entire family from Yore"). For non-self-service requests or any other COPPA matter, email above and we'll respond within 7 days.