Privacy Policy
Last Updated: November 28, 2024
Effective Date: November 28, 2024
Table of Contents
- Introduction
- Children's Privacy (COPPA Compliance)
- Information We Collect
- How We Use Information
- Data Sharing & Disclosure
- Data Retention
- Your Rights
- GDPR Rights (European Users)
- CCPA Rights (California Residents)
- International Data Transfers
- Data Security
- Cookies & Tracking
- Third-Party Services
- Changes to This Policy
- Contact Us
1. Introduction
Welcome to AllKids AI ("we," "our," or "us"). We are committed to protecting the privacy of all our users, especially children. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our mobile application, website, and related services (collectively, the "Service").
AllKids AI provides AI-powered educational companions ("AI Buddies") for children ages 5-11. We understand the importance of protecting children's privacy online and are committed to complying with:
- COPPA - Children's Online Privacy Protection Act (United States)
- GDPR - General Data Protection Regulation (European Union)
- GDPR-UK - UK General Data Protection Regulation (United Kingdom)
- CCPA/CPRA - California Consumer Privacy Act / California Privacy Rights Act
- PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
- APPs - Australian Privacy Principles (Australia)
- LGPD - Lei Geral de Proteção de Dados (Brazil)
- POPIA - Protection of Personal Information Act (South Africa)
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Children's Privacy (COPPA Compliance)
Our Commitment to Children's Privacy
AllKids AI is designed for children ages 5-11. We are fully committed to protecting children's privacy and complying with COPPA and equivalent international regulations.
2.1 Verifiable Parental Consent
We require verifiable parental consent before collecting any personal information from children under 13. Parents must:
- Create a parent account and verify their identity
- Explicitly consent to our Privacy Policy and Terms of Service
- Approve the creation of their child's profile
- Review and approve data collection practices
2.2 Information We Collect from Children
With parental consent, we collect only the minimum information necessary to provide our educational service:
- First Name Only - Used for personalization (no last names collected)
- Age/Birth Year - To provide age-appropriate content
- Learning Preferences - Interests and learning style preferences
- Educational Progress - Learning milestones and achievements
- Voice Recordings - For AI Buddy interactions (processed locally when possible, not stored permanently)
2.3 What We Do NOT Collect from Children
- Full names or last names
- Home addresses or precise location
- Phone numbers
- Photos or videos of children
- Social media profiles
- Any information that could identify a child outside our Service
2.4 Parental Rights Under COPPA
Parents have the right to:
- Review - Access all personal information collected from their child
- Delete - Request deletion of their child's personal information
- Refuse - Refuse further collection of their child's information
- Withdraw Consent - Revoke consent at any time
To exercise these rights, contact us at privacy@allkidsai.com or through the Parent Dashboard in our app.
2.5 No Behavioral Advertising
We do NOT display behavioral advertising to children. We do NOT share children's data with advertisers or ad networks.
3. Information We Collect
3.1 Information You Provide
| Data Type | Purpose | Collected From |
|---|---|---|
| Parent Account Information | Account creation, authentication, communication | Parents/Guardians |
| Email Address (Parent) | Account verification, important notifications, password recovery | Parents/Guardians |
| Payment Information | Subscription processing (processed by Stripe) | Parents/Guardians |
| Child's First Name | Personalized AI Buddy interactions | Parents/Guardians (with consent) |
| Child's Age/Birth Year | Age-appropriate content delivery | Parents/Guardians (with consent) |
| Learning Preferences | Customized educational experience | Collected during onboarding |
3.2 Automatically Collected Information
- Device Information - Device type, operating system version
- Usage Analytics - App usage patterns, feature engagement (anonymized)
- Error Logs - Technical errors for service improvement
- Session Duration - Time spent in educational activities
3.3 Voice and Audio Data
When children interact with their AI Buddy using voice:
- Voice data is processed to understand spoken requests
- Audio recordings are NOT stored permanently on our servers
- Voice data is processed using secure, encrypted connections
- Parents can disable voice features in settings
4. How We Use Information
We use collected information only for the following purposes:
- Service Delivery - Providing personalized AI Buddy experiences
- Educational Progress - Tracking learning milestones and achievements
- Service Improvement - Enhancing our educational content and features
- Safety & Security - Protecting users and preventing misuse
- Communication - Sending important updates to parents (never to children)
- Legal Compliance - Meeting regulatory requirements
4.1 Legal Bases for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service | Performance of contract |
| Processing children's data | Parental consent |
| Safety and fraud prevention | Legitimate interests |
| Legal compliance | Legal obligation |
| Marketing communications (parents only) | Consent |
5. Data Sharing & Disclosure
We Do NOT Sell Personal Data
We have never sold, and will never sell, personal information of any user, including children.
5.1 Service Providers
We share limited data with trusted service providers who help us operate:
- Cloud Infrastructure - Amazon Web Services (AWS) - Data storage and processing
- Payment Processing - Stripe - Secure payment handling (no children's data shared)
- AI Services - OpenAI - AI-powered educational interactions (anonymized)
- Analytics - Mixpanel - Usage analytics (anonymized, no children's PII)
- Error Monitoring - Sentry - Technical error tracking
All service providers are contractually bound to:
- Use data only for providing services to us
- Maintain appropriate security measures
- Comply with applicable privacy laws
- Delete data upon request
5.2 Legal Requirements
We may disclose information if required by law, court order, or to:
- Comply with legal process
- Protect safety of children or others
- Prevent fraud or illegal activity
- Enforce our Terms of Service
5.3 Business Transfers
If AllKids AI is acquired or merges with another company, user data may be transferred. In such cases:
- Parents will be notified before any transfer
- The acquiring company must honor this Privacy Policy
- Parents may request deletion of their child's data
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account + 30 days |
| Children's profile data | Until parent requests deletion or account closes |
| Voice recordings | Processed immediately, not stored permanently |
| Learning progress | Duration of subscription |
| Payment records | 7 years (legal requirement) |
| Anonymized analytics | Up to 3 years |
Upon account deletion, we will delete or anonymize all personal data within 30 days, except where legal retention is required.
7. Your Rights
All users have the following rights regarding their personal data:
- Access - Request a copy of your data
- Correction - Request correction of inaccurate data
- Deletion - Request deletion of your data
- Portability - Receive your data in a portable format
- Objection - Object to certain processing activities
- Restriction - Request restriction of processing
- Withdraw Consent - Withdraw previously given consent
To exercise any of these rights:
- Use the Parent Dashboard in our app
- Email: privacy@allkidsai.com
- Response time: Within 30 days (45 days for complex requests)
8. GDPR Rights (European Users)
If you are in the European Economic Area (EEA) or United Kingdom, you have additional rights under GDPR:
8.1 Data Protection Rights
- Right to be Informed - Clear information about data processing
- Right to Access - Obtain copies of your personal data
- Right to Rectification - Correct inaccurate personal data
- Right to Erasure - Request deletion ("right to be forgotten")
- Right to Restrict Processing - Limit how we use your data
- Right to Data Portability - Receive data in machine-readable format
- Right to Object - Object to processing based on legitimate interests
- Rights Related to Automated Decision-Making - Not be subject to solely automated decisions
8.2 Data Controller
AllKids AI acts as the Data Controller for personal data collected through our Service.
Contact our Data Protection Officer:
Email: dpo@allkidsai.com
8.3 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.
9. CCPA/CPRA Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1 Your California Privacy Rights
- Right to Know - Categories and specific pieces of personal information collected
- Right to Delete - Request deletion of personal information
- Right to Correct - Request correction of inaccurate information
- Right to Opt-Out - Opt out of sale/sharing of personal information
- Right to Limit - Limit use of sensitive personal information
- Right to Non-Discrimination - Equal service regardless of privacy choices
9.2 Categories of Information
In the preceding 12 months, we collected the following categories of personal information:
| Category | Collected | Sold |
|---|---|---|
| Identifiers (name, email) | Yes | No |
| Commercial information | Yes (subscription data) | No |
| Internet activity | Yes (app usage) | No |
| Geolocation data | No (general region only) | No |
| Audio/visual information | Yes (voice, not stored) | No |
| Professional information | No | No |
| Education information | Yes (learning progress) | No |
9.3 Do Not Sell My Personal Information
We do not sell personal information. We have never sold, and will never sell, your personal information to third parties.
9.4 Submit a Request
To exercise your California privacy rights:
- Email: privacy@allkidsai.com
- Subject Line: "California Privacy Request"
- Include verification information (email used for account)
10. International Data Transfers
AllKids AI is based in the United States. If you access our Service from outside the United States, your data may be transferred to, stored, and processed in the United States.
10.1 Transfer Mechanisms
For transfers from the EEA, UK, or Switzerland, we use:
- Standard Contractual Clauses (SCCs) - EU-approved data transfer agreements
- Adequacy Decisions - Where applicable
- Binding Corporate Rules - For intra-group transfers
10.2 Data Localization
Where required by local law (e.g., China, Russia), we comply with data localization requirements.
11. Data Security
We implement comprehensive security measures to protect your data:
11.1 Technical Measures
- Encryption - All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls - Role-based access, principle of least privilege
- Authentication - Multi-factor authentication for sensitive operations
- Monitoring - 24/7 security monitoring and intrusion detection
- Regular Audits - Third-party security assessments
11.2 Organizational Measures
- Employee background checks and security training
- Data protection impact assessments
- Incident response procedures
- Business continuity planning
11.3 Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected users within 72 hours
- We will notify relevant authorities as required by law
- We will provide clear information about the breach and remediation steps
13. Third-Party Services
Our Service integrates with the following third-party services:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | AWS Privacy |
| Stripe | Payment processing | Stripe Privacy |
| OpenAI | AI processing | OpenAI Privacy |
| Mixpanel | Analytics | Mixpanel Privacy |
| Sentry | Error monitoring | Sentry Privacy |
| ElevenLabs | Text-to-speech | ElevenLabs Privacy |
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this page
- For material changes, we will notify parents via email
- For changes affecting children's data, we will obtain renewed parental consent
- Continued use of the Service after changes constitutes acceptance
15. Contact Us
AllKids AI Privacy Team
Email: privacy@allkidsai.com
Data Protection Officer: dpo@allkidsai.com
Mailing Address:
AllKids AI
Attn: Privacy Team
[Address to be added]
United States
Response Time: We aim to respond to all privacy inquiries within 48 hours.