Skip to main content

Privacy Policy

Kidhoot is built with children's privacy as a core design principle β€” not an afterthought.

Last updated: April 2025

Overview

Kidhoot is a free, offline-first educational app for young children. We take the privacy of children and families extremely seriously. This Privacy Policy explains what information Kidhoot collects, how it is used, and the choices available to parents and guardians.

Key facts: No advertising. No social features. No microphone access. No data sold to third parties. All sensitive data stays on your device by default.

Kidhoot is designed for use by children under the supervision of a parent or guardian. We comply with applicable children's privacy laws, including COPPA (Children's Online Privacy Protection Act) and the EU General Data Protection Regulation (GDPR).

Data We Collect

Data stored locally on your device (by default)

The following information is stored only on your device in app storage. It is never transmitted to Kidhoot servers unless you explicitly enable cloud backup.

  • Child profile: First name, birth year, and avatar selection β€” used to personalise the experience and unlock age-appropriate modules.
  • Language preference: The language(s) selected for exercises β€” stored so the app remembers your choice between sessions.
  • Learning progress: Which modules have been completed, test scores, accuracy rates, and attempt counts β€” used to show progress and unlock badges.
  • Badges earned: Records of completed module achievements β€” displayed in the badge gallery.
  • App preferences: Volume, TTS provider, theme, and opt-in settings β€” used to remember your settings between sessions.

Data you choose to sync to the cloud (optional)

Cloud backup is fully optional. If a parent or guardian links an email address in Settings, the above profile and progress data is synchronised to Firebase (Google Cloud) to enable backup and restore across devices.

Email address: Your email address is used only for account recovery (magic-link sign-in). It is stored by Firebase Authentication and never used for marketing or shared with third parties.

Data we do NOT collect

  • Device identifiers, advertising IDs (IDFA / GAID), or hardware specs
  • Location data of any kind
  • Contacts, calendar, or photos
  • Voice recordings or microphone input β€” the app has text-to-speech output only
  • Browsing history or cross-app data
  • Payment or financial information (the app is free with no purchases)
  • Any information from children without verifiable parental consent

How We Use Your Data

Data collected by Kidhoot is used solely to provide and improve the app experience:

  • Personalisation: Display the child's name, avatar, and progress dashboard.
  • Module unlocking: Use birth year to determine which modules are age-appropriate.
  • Progress tracking: Show parents a summary of completed exercises and accuracy.
  • Crash diagnostics: If you opt in to crash reporting, anonymised error data is sent to Sentry to help us fix bugs.
  • Account recovery: If you link an email, Firebase uses it to send you a sign-in link when you need to restore your data.
We never: Sell, rent, or share your data with advertisers, data brokers, or marketing companies.

Third-Party Services

Firebase (Google LLC)

Firebase provides the optional cloud backup and anonymous account system. Services used: Firebase Authentication (anonymous sign-in + email magic-link) and Firestore Database (encrypted cloud storage). Data is stored in Google Cloud infrastructure. Firebase does not use Kidhoot user data for advertising.

Firebase Privacy Policy: firebase.google.com/support/privacy

Sentry (Functional Software, Inc.) β€” opt-in only

Sentry is used for crash reporting and is disabled by default. A parent must explicitly enable it in Settings β†’ Backup & Sync. When enabled, it captures anonymised crash reports (error messages, stack traces, and breadcrumbs). No personal information, screen content, or child data is included in crash reports. Session replay is disabled.

Sentry Privacy Policy: sentry.io/privacy

Text-to-Speech voices

Kidhoot uses on-device text-to-speech voices to read exercise content aloud. By default, audio is generated locally on your device β€” no text content is sent to external servers. The app may optionally use cloud-based TTS services when configured by the parent in Settings. Any such integration will be clearly disclosed in the app and in this policy.

Expo Updates (Expo / Meta)

Kidhoot uses Expo's over-the-air (OTA) update system to deliver bug fixes between App Store releases. The update service receives only the app's runtime version identifier β€” no personal data is transmitted.

Data Retention & Deletion

All data stored locally on your device can be removed by uninstalling the app. If you linked an email address for cloud backup, your Firestore data is associated with your Firebase anonymous user ID.

Manage your data in-app: You can delete all locally stored data or export a copy of your data directly from Settings β†’ Backup & Sync, without needing to contact us.
Deleting your cloud data: To delete your cloud data, please contact us at privacy@kidhoot.com with the subject "Data Deletion Request". We will permanently delete all data associated with your account within 30 days.
  • Local data: Deleted immediately when you uninstall the app.
  • Cloud data (Firebase): Retained as long as the account exists. Deleted within 30 days of a verified deletion request.
  • Crash reports (Sentry): Retained for 90 days by Sentry per their standard policy, then automatically deleted.
  • ElevenLabs API key: Stored only locally on your device. Removing the app removes the key.

Your Rights

As a parent or guardian, you have the following rights regarding your child's data:

  • Access: Request a copy of all data we hold associated with your account.
  • Correction: Update or correct your child's profile information directly in the app.
  • Deletion: Request permanent deletion of all data (see Data Retention above).
  • Portability: Request your data in a machine-readable format.
  • Withdrawal of consent: Disable cloud sync or crash reporting at any time in Settings.

EU residents have additional rights under the GDPR, including the right to lodge a complaint with your local Data Protection Authority. US residents in states with applicable privacy laws (e.g., California CCPA) may exercise their rights by contacting us directly.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Privacy Enquiries

privacy@kidhoot.com
We respond to all privacy-related requests within 5 business days.
Back to Top