Skip to main contentSkip to navigationSkip to footer

    Security & Privacy

    Your family's safety is our top priority. We use enterprise-grade security to ensure every magical moment with Santa is completely private and protected.

    End-to-End Encrypted
    COPPA Compliant
    GDPR Ready
    PCI-DSS Level 1

    How We Protect Your Calls

    End-to-End Encryption

    All video calls use WebRTC with military-grade encryption

    • DTLS (Datagram Transport Layer Security) for secure key exchange
    • SRTP (Secure Real-time Transport Protocol) for encrypted audio/video streams
    • 256-bit AES encryption for all data transmission
    • TLS 1.3 for all API and web communications

    Secure Infrastructure

    Enterprise-grade hosting with multiple security layers

    • SOC 2 Type II compliant cloud infrastructure
    • Data encrypted at rest using AES-256
    • Regular security audits and penetration testing
    • Geographically distributed servers for reliability

    Private Video Storage

    Call recordings are stored securely and accessible only to you

    • Private storage buckets with access controls
    • Time-limited signed URLs (7-day expiry)
    • Recordings sent only to verified email addresses
    • Automatic deletion after 90 days

    Secure Payment Processing

    Payments handled by Stripe, a PCI-DSS Level 1 certified provider

    • We never store your full credit card details
    • PCI-DSS Level 1 compliant payment processing
    • Tokenized payment information
    • Fraud detection and prevention

    Child Safety First

    We've built multiple layers of protection to ensure your child's experience is safe, private, and magical.

    Parent Gate Verification

    A math-based verification ensures only adults can access booking and payment flows. Children cannot accidentally make purchases or access sensitive areas.

    COPPA Compliance

    We comply with the Children's Online Privacy Protection Act. We collect only minimal data (first name and age) with parental consent to personalize the Santa experience.

    Zero-Data Mode During Calls

    During video calls, all third-party tracking and analytics are completely disabled. No advertising cookies, no tracking pixels—just a pure, private experience.

    Content Safety Guidelines

    Our AI-powered Santa follows strict content guidelines ensuring age-appropriate, positive interactions. Conversations are monitored for safety with automatic flagging of concerning content.

    Your Data Rights

    We respect your privacy rights. You have full control over your personal data:

    Access: Request a copy of the personal data we hold about you
    Correction: Update or correct inaccurate information
    Deletion: Request deletion of your personal data
    Portability: Export your data in a portable format
    Opt-out: Unsubscribe from marketing communications at any time
    Restriction: Limit how we process your data in certain circumstances

    To exercise any of these rights, contact us at:

    privacy@callsantaclaus.ai

    What We Collect & Why

    Data Type Purpose Retention
    Email Address Account, confirmations, recording delivery Until account deletion
    Child's First Name & Age Personalize Santa's conversation Until account deletion
    Interests & Wishlist Enable personalized Santa interactions Until account deletion
    Call Recordings Magical Memory Package delivery 90 days, then deleted
    Payment Info Process transactions (via Stripe) Handled by Stripe

    Related Policies

    Cookie Magic 🍪

    We use cookies to make this experience magical and improve our workshop.