📌 Quick Summary
- ✅ FERPA Compliant: We follow federal student privacy regulations
- ✅ No Data Sales: We will never sell your personal information
- ✅ Encrypted Storage: All data protected with industry-standard encryption
- ✅ Parent Control: You own your family's data - export or delete anytime
- ✅ Minimal Collection: We only collect what's needed to run the system
1. Information We Collect
Account Information
When you create a Kinderon account, we collect:
| Data Type |
Purpose |
Required? |
| Email address |
Account login, password recovery, system notifications |
Yes |
| Password (hashed) |
Account security |
Yes |
| User type (parent/teacher/student) |
Display correct dashboard features |
Yes |
| Display name (username/nickname) |
Personalization, progress tracking - can be nickname, not real name required |
Yes |
| Phone number |
Optional 2FA, urgent notifications |
No |
🎭 Privacy-Friendly Names: The "display name" field accepts usernames, nicknames,
or any identifier you prefer - real names are NOT required. Examples: "SuperKid", "Player1", "Emma", "Student A".
🔢 Internal ID System: All data is linked using auto-generated numeric IDs
(Family ID, Class ID, Kid ID, Student ID) - NOT names. This means:
- Database queries use ID numbers, never names
- API calls reference IDs (e.g., student_id: 12345)
- Analytics processed using anonymized IDs
- Even if you use real names, they're never used for system identification
Usage Data
As you use Kinderon, we automatically collect:
- Tap History: Timestamp, coin type, XP earned, student ID (numeric identifier, not name)
- Quest Progress: Quest ID, completion %, start/end dates, student ID
- Achievement Unlocks: Badge ID, unlock date, student ID
- Login Activity: Login timestamps, IP address (for security), user ID
- Device Info: Browser type, operating system (for compatibility)
🔐 ID-Based Architecture: All usage data references internal IDs (Family ID, Class ID, Kid ID, Student ID),
never display names. Example: "Student 12345 tapped Coin 678 for 50 XP" - no names in database logs.
Third-Party Data
We integrate with limited third-party services:
- OpenAI API: AI chat messages (anonymized - student IDs only, NO display names shared)
- DALL-E API: Image generation prompts (no personal info sent)
- Stripe (if applicable): Payment info for premium features (PCI-compliant)
✅ AI Privacy Protection: When you ask AI for help (e.g., "How is Student 12345 doing?"),
we send only numeric IDs to OpenAI - never display names, real names, or personally identifiable information.
AI responses are generic and can't identify specific students.
2. How We Use Your Information
✅ We Use Data To:
- Provide core functionality (tapping, quests, analytics)
- Track student progress and generate insights
- Send account notifications (quest completed, achievement unlocked)
- Improve system performance and fix bugs
- Generate anonymized analytics for product improvement
- Respond to customer support requests
❌ We DO NOT:
- Sell or rent your personal information to third parties
- Use student data to train public AI models
- Share data with advertisers or marketers
- Track students across other websites (no external cookies)
- Send spam or promotional emails without consent
3. FERPA Compliance (Schools & Teachers)
If you're a teacher using Kinderon in a K-12 school setting, we comply with the
Family Educational Rights and Privacy Act (FERPA):
🏫 FERPA Protections:
- School Official Exception: We act as a "school official" with legitimate educational interest
- Parental Rights: Parents can review, request corrections, or delete student data
- Directory Info: We only store minimal student info (display name/nickname - not required to be real name)
- Third-Party Limits: Student data not shared with unauthorized third parties
- Data Retention: Schools control data - can export or purge at any time
- ID-Based Records: All student records identified by auto-generated Student IDs, ensuring privacy even within the database
School Admins: Contact us for a signed FERPA Addendum and Data Processing Agreement (DPA).
4. Children's Privacy (COPPA)
Kinderon is designed for children under 13 (with parental/teacher supervision). We comply with
COPPA (Children's Online Privacy Protection Act):
- Parental Consent: Students cannot create accounts - parents/teachers create accounts on their behalf
- Minimal Data: We collect only what's necessary (display name/nickname, XP, taps - all linked by numeric ID)
- No Public Profiles: Student data never visible publicly (no social features)
- Parent Access: Parents can review, update, or delete child data anytime
- No Behavioral Ads: We don't use student data for targeted advertising
- ID-Based System: All student records identified by auto-generated Student IDs, not names
⚠️ Important: Parents and teachers are responsible for supervising children's use of Kinderon.
We recommend parents create accounts for children under 13 and maintain login credentials. Real names are never required -
use nicknames or usernames for added privacy.
5. Data Security
Encryption & Protection:
- Encryption at Rest: All database data encrypted with AES-256
- Encryption in Transit: HTTPS/TLS for all web traffic
- Password Hashing: Passwords hashed with bcrypt (never stored in plain text)
- Access Controls: Role-based permissions (parents see only their kids, teachers see only their classes)
- Regular Backups: Daily encrypted backups stored securely
- Security Audits: Quarterly vulnerability scans and penetration testing
🔐 Data Breach Policy: In the unlikely event of a security breach, we'll notify affected users within 72 hours via email and provide guidance on protective measures.
6. Your Privacy Rights
You Have the Right To:
| Right |
How to Exercise |
| Access - View all your data |
Dashboard → Settings → Export Data (CSV download) |
| Correction - Fix inaccurate data |
Dashboard → Settings → Edit Profile/Student Info |
| Deletion - Erase all your data |
Settings → Delete Account (irreversible - 30 day grace period) |
| Portability - Take your data elsewhere |
Export Data as CSV/JSON format |
| Opt-Out - Stop non-essential emails |
Unsubscribe link in emails or Settings → Notifications |
Can't find what you need? Email us at privacy@kinderon.com
and we'll respond within 7 business days.
7. Cookies & Tracking
We use minimal cookies to provide core functionality:
| Cookie Type |
Purpose |
Duration |
| Session Cookie |
Keep you logged in |
Expires when you close browser |
| Preference Cookie |
Remember dashboard settings |
1 year |
No third-party tracking cookies. We don't use Google Analytics or similar tracking tools.
We analyze anonymized usage data server-side for product improvement only.
8. Third-Party Services
We integrate with these services (with strict data sharing limits):
OpenAI (AI Features)
- Data Sent: Help chat messages with anonymized context (e.g., "Student ID 12345" - NO names/PII)
- Data Retention: OpenAI deletes prompts after 30 days
- Training Use: Opted out - your data not used to train public models
- Privacy Layer: Our system strips all display names before sending requests to OpenAI
DALL-E (Image Generation)
- Data Sent: Image prompts only (e.g., "draw a cartoon dragon")
- No PII: No personal information sent to DALL-E API
Stripe (Payments - if applicable)
- Data Sent: Payment card info (directly to Stripe - we never see it)
- PCI Compliance: Stripe is PCI DSS Level 1 certified
9. Data Retention
We retain your data for different periods depending on the type:
- Active Accounts: Data stored indefinitely while account is active
- Inactive Accounts: After 2 years of inactivity, we email you to confirm continued use (or account deleted)
- Deleted Accounts: 30-day grace period (can restore), then permanent deletion
- Backup Archives: Deleted data purged from backups within 90 days
- Legal Holds: If legally required to preserve data (e.g., subpoena), we'll notify you
10. International Users
Kinderon is based in the United States. If you're accessing from outside the U.S., your data will be
transferred to and stored in the United States.
🌍 GDPR Compliance (EU Users):
European users have additional rights under GDPR:
- Right to object to data processing
- Right to restrict processing
- Right to lodge a complaint with a supervisory authority
- Data Protection Officer contact: dpo@kinderon.com
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make changes:
- We'll update the "Last Updated" date at the top
- For minor changes (typos, clarifications): No notification required
- For major changes (new data collection, sharing practices): Email notification 30 days before taking effect
- You can view previous versions by emailing privacy@kinderon.com
📬 Stay Updated: Bookmark this page and check periodically for updates.
12. Contact Us
Questions about privacy or data practices? We're here to help!
📧 Email: privacy@kinderon.com
🏢 Mailing Address: Kinderon Privacy Team, [Your Address]
⏱️ Response Time: We respond within 7 business days
🔐 Data Protection Officer: dpo@kinderon.com
Your Privacy is Our Priority
We're committed to protecting your family's data with industry-leading security and transparency.