Privacy Policy

Last Updated: May 26, 2026 | Version 1.3 | Effective Date: May 26, 2026

Table of Contents

  1. Introduction
  2. Definitions
  3. Information We Collect
  4. Information We Do NOT Collect
  5. How Voice Processing Works
  6. How We Use Information
  7. Information Sharing and Disclosure
  8. Third-Party Services
  9. Data Retention
  10. Data Security
  11. Parental Rights
  12. GDPR Rights (European Users)
  13. California Privacy Rights
  14. International Data Transfers
  15. Cookies and Tracking Technologies
  16. Updates to This Policy
  17. Contact Information

1. Introduction

Welcome to Kids Can Spell ("we," "our," or "us"). We are committed to protecting the privacy and safety of children who use our educational spelling application ("the App" or "Service"). This Privacy Policy explains our practices regarding the collection, use, and disclosure of information when you or your child uses our Service.

We have designed this policy to comply with applicable privacy laws, including the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA).

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Definitions

For the purposes of this Privacy Policy:

  • "Child" or "Children" refers to individuals under the age of 13 (or under 16 in the European Union)
  • "Parent" includes legal guardians
  • "Personal Information" means any information that can identify an individual
  • "Service" refers to the Kids Can Spell application
  • "Device" means any device that can access the Service
  • "Usage Data" refers to data collected automatically from Service use
  • "Voice Data" refers to audio input from users for speech recognition

3. Information We Collect

We collect minimal information necessary to provide and improve our educational service:

3.1 Information You Provide Directly

  • Nickname: A child-chosen username (no real names required)
  • Avatar Selection: Choice of cartoon character representation
  • Game Settings: Difficulty level, sound preferences, display preferences

3.2 Information Collected Automatically

  • Game Progress: Levels completed, scores achieved, words practiced
  • Learning Analytics: Time spent, accuracy rates, improvement metrics
  • Session Information: Login times, session duration, last activity
  • Device Information: Device type, operating system, app version
  • App Interaction Data: Touch interactions and session replays within the mobile app (see Section 8.3 for full details)

3.3 Voice Input Processing

IMPORTANT: Voice input is processed in real-time for speech recognition only. We do NOT record, store, or retain any voice data. The audio stream is immediately discarded after processing.

4. Information We Do NOT Collect

We are committed to child privacy. We specifically do NOT collect:

  • Voice Recordings: Audio is never recorded or stored
  • Real Names: We don't ask for or store actual names
  • Email Addresses: No email collection from children
  • Phone Numbers: No phone number collection
  • Physical Addresses: No address information
  • Precise Location: No GPS or precise geolocation data
  • Photos/Videos: No camera access or image storage
  • Social Media: No social media integration or sharing
  • Contact Lists: No access to device contacts
  • Biometric Data: No fingerprints, face scans, or voice prints
  • Marketing Site "Try It" Demo Input: The interactive spelling demo on our marketing site runs entirely in your browser. Letters you type are compared locally and never sent to our servers.

5. How Voice Processing Works

Our voice recognition feature is designed with privacy as the top priority:

  1. Child speaks into device microphone
  2. Audio is sent to our secure infrastructure (Modal.com platform)
  3. Speech is converted to text in real-time using NVIDIA Parakeet model
  4. Text is compared to the target spelling word
  5. Result (correct/incorrect) is returned to the app
  6. Audio is immediately discarded after processing

No audio is ever saved, stored, recorded, or used for any purpose other than immediate speech recognition. We process audio on our own dedicated infrastructure using the open-source NVIDIA Parakeet model.

6. How We Use Information

We use the limited information we collect to:

  • Provide the spelling education service
  • Track learning progress within the app
  • Customize difficulty based on performance
  • Display achievements and rewards
  • Maintain game state between sessions
  • Provide technical support when needed
  • Improve app functionality and user experience
  • Ensure app security and prevent misuse

We do NOT use information for advertising, marketing, or sale to third parties.

7. Information Sharing and Disclosure

We do not sell, trade, or rent children's personal information. We may share information only in these limited circumstances:

  • With Parental Consent: When a parent explicitly requests or approves
  • For Legal Reasons: To comply with laws, regulations, or valid legal requests
  • To Protect Rights: To protect the rights, property, or safety of our users
  • Service Providers: With trusted service providers who assist in operating our app (under strict confidentiality agreements)
  • Business Transfers: In connection with a merger or sale of assets (with continued protection)

8. Third-Party Services

We use minimal third-party services to operate our app:

8.1 Infrastructure Services

  • Cloudflare: Content delivery and DDoS protection
    Purpose: Faster loading and security
    Data Shared: None (they only see anonymous traffic)

8.2 Error Monitoring and Stability

  • Sentry: Error monitoring and crash reporting (website and backend only)
    Purpose: Application stability and bug detection for our website and server infrastructure
    Data Shared: Anonymous error logs, device type, OS version, app version
    Note: Sentry is not used in the mobile app

8.3 Mobile App Analytics

  • PostHog: Product analytics and session replay (mobile app only)
    Purpose: Understanding how users interact with the mobile app to improve usability and fix issues
    Data Shared: Touch interactions (tap coordinates and text content of tapped elements), session replays, randomly generated app-scoped identifier, device model and manufacturer, locale, timezone, screen dimensions, and the device and app information already described in Section 3.2
    Privacy Settings: All text inputs are masked in session replays, IP addresses are discarded after processing (not stored), EU data residency (data stored and processed in the European Union)
    Note: PostHog is used only in the mobile app, not on our website

8.4 Analytics Services (Consent Required)

The following analytics services are only enabled when users explicitly consent through our cookie consent banner:

  • Google Analytics 4: Website usage analytics
    Purpose: Understanding how visitors use our website to improve user experience
    Data Shared: Page views, anonymized IP addresses, browser type, device information
    Privacy Settings: IP anonymization enabled, no cross-device tracking, no personalized ads
  • Microsoft Clarity: Session recording and heatmap analysis
    Purpose: Understanding user interactions to improve website design and usability
    Data Shared: Session recordings, heatmaps, click patterns, scroll depth

Note: You can manage or withdraw consent for analytics at any time by clicking the "Manage Cookies" button in our cookie consent banner.

8.5 Payment Processing

  • Stripe: Payment processing for web subscriptions
    Purpose: Securely process credit card payments and subscriptions
    Data Shared: Payment information, billing details, transaction data
  • RevenueCat: Subscription management platform
    Purpose: Process in-app purchases and manage mobile subscriptions
    Data Shared: Device identifiers, purchase information, subscription status
  • Apple App Store / Google Play: Platform payment processing
    Purpose: Process payments for mobile app purchases
    Data Shared: Payment information processed by platform providers

8.6 No Advertising or Social Media

We do not use advertising networks or social media plugins. Mobile app analytics (PostHog) operate as described in Section 8.3.

9. Data Retention

We retain information only as long as necessary:

  • Game Progress: Retained while account is active
  • Voice Data: Never retained (immediate deletion)
  • Inactive Accounts: Deleted after 12 months of inactivity
  • Upon Request: Deleted immediately when parent requests

Parents can request immediate deletion of all data at any time.

10. Data Security

We implement industry-standard security measures to protect information:

  • Encryption: All data transmitted using HTTPS/TLS encryption
  • Access Controls: Limited access to authorized personnel only
  • Secure Storage: Protected databases with encryption at rest
  • Regular Updates: Security patches and vulnerability assessments
  • Incident Response: Procedures for handling security breaches
  • Minimal Data: Limited collection reduces security risks

While we strive to protect information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any breaches affecting your child's information.

11. Parental Rights

Parents and legal guardians have the following rights regarding their child's information:

  • Access: Review information we have about your child
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your child's information
  • Portability: Receive a copy of your child's data
  • Restriction: Limit how we use your child's information
  • Objection: Object to certain uses of information
  • Consent Withdrawal: Withdraw consent at any time

To exercise these rights, contact us at [email protected] with proof of parental relationship.

12. GDPR Rights (European Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

  • Consent: Parental consent for children under 16
  • Contract: Necessary to provide the service
  • Legitimate Interests: Improving service and security

12.2 Your Rights Under GDPR

  • Right to be informed (this privacy policy)
  • Right of access to your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

13. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What information we collect and how we use it
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

We do not sell personal information of any users, including California residents.

To exercise your rights, California residents may contact us at [email protected].

14. International Data Transfers

Our Service is operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States.

For European Union users, we ensure appropriate safeguards for data transfers:

  • Standard Contractual Clauses approved by the European Commission
  • Adequate security measures for data protection
  • Compliance with GDPR requirements for international transfers

15. Cookies and Tracking Technologies

We use minimal cookies and similar technologies:

15.1 Essential Cookies (Always Active)

  • Session Cookies: Maintain game state during play
  • Preference Cookies: Remember sound and display settings
  • Security Cookies: Protect against unauthorized access
  • Cookie Consent: Remember your cookie preferences

15.2 Analytics Cookies (Consent Required)

These cookies are only set if you consent to analytics tracking:

  • Google Analytics Cookies: Track page views, user interactions, and website usage patterns
  • Microsoft Clarity Cookies: Record session information for heatmaps and user behavior analysis

15.3 Mobile App Tracking

The mobile app uses non-cookie-based interaction tracking and session replay via PostHog. See Section 8.3 (Mobile App Analytics) for full details on what data is collected and our privacy settings.

15.4 What We Don't Use

  • No advertising cookies
  • No cross-site tracking cookies
  • No social media cookies

15.5 Cookie Management

You can manage your cookie preferences at any time:

  • Click the "Manage Cookies" button in our cookie consent banner
  • Control cookies through your browser settings (may affect app functionality)
  • Opt out of analytics cookies while keeping essential cookies

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top
  • For material changes, we will provide prominent notice
  • We may notify parents via email if we have contact information
  • Continued use after changes constitutes acceptance

We encourage you to review this policy periodically. All changes are effective immediately upon posting.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Insight Trail Pty Ltd - Privacy Team

Email: [email protected]
Mail: Insight Trail Pty Ltd
25B Kendall Street
Tarrawanna, NSW 2518
Australia

We aim to respond to all privacy inquiries within 30 days.