Koaaly Privacy Policy

Last Updated: April 16, 2025

IMPORTANT LEGAL NOTICE: This Privacy Policy explains how Wondermind.ai ("us", "we", or "our") collects, uses, discloses, and safeguards information when you use the Koaaly device, mobile application, website, and related services (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the Service.

1. Introduction

We respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes:

As a company registered and governed by Australian law, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are committed to protecting your personal information in accordance with these legal requirements, in addition to other international regulations such as the General Data Protection Regulation (GDPR) and the Children's Online Privacy Protection Act (COPPA) where applicable.

• The types of information we may collect or that you may provide when you purchase, download, install, register with, access, or use the Koaaly Service.
• Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• Through the Koaaly App.
• Through the Koaaly Device when connected to the App.
• On our website koaaly.com.
• In email, text, and other electronic communications between you and us.

It does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Service (e.g., payment processors, App Stores).

2. Information We Collect

We collect several types of information from and about users of our Service, specifically:

• Parent/Guardian Information:
• Account Information: When a Parent creates an account, we collect information such as name, email address, password, and payment information (processed by third-party payment processors, see Section 5).
• Communication Information: If you contact us for support or other inquiries, we may collect your name, email address, and the content of your communication.
• Child Information (Collected with Verifiable Parental Consent):
• Profile Information: Parents create profiles for child users within the App, which may include a first name or nickname, age or age range, and avatar selection. We use age information to tailor content appropriateness and AI interactions.
• Voice Data: When a child interacts with the Koaaly Device's voice features (e.g., chat, interactive stories), audio recordings are processed to enable the Service's functionality. These recordings are processed transiently to convert speech to text and generate a response. We do not store voice recordings beyond the duration of the interaction session unless explicit parental consent is provided for specific purposes. If consent is given for temporary storage (e.g., for quality assurance or personalized response improvement), recordings are encrypted and retained for a maximum of 30 days before automatic deletion. Voice data is never used for AI model training without explicit, separate opt-in consent from the parent, which can be revoked at any time. All voice data processing adheres to strict security protocols, including end-to-end encryption during transmission and storage, to protect against unauthorized access. These practices are designed to comply with COPPA and GDPR requirements for data minimization and child privacy protection. VOICE DATA IS NOT USED FOR MARKETING OR ADVERTISING PURPOSES.
• Usage Information: We collect information about how the child uses the Service through the Device and App under the Parent's account, such as selected bots, content modules accessed, duration of sessions, and interactions with features (e.g., responses in interactive stories). This is used to provide reports to the Parent and personalize the experience.
• Technical and Device Information:
• App Usage Data: Information about your interaction with the App, such as crash logs, performance data, features used, and session times.
• Device Information: Information about the mobile device used to access the App (e.g., hardware model, operating system version, unique device identifiers) and the Koaaly Device itself (e.g., connection status, firmware version).
• Cookies and Similar Technologies: We may use cookies and similar tracking technologies on our website to collect usage data and improve user experience.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To provide, operate, maintain, and improve the Service.
• To set up and manage Parent accounts and child profiles.
• To process voice commands and generate AI responses for interactive features.
• To personalize content and experiences based on child profile information (e.g., age) and usage patterns.
• To provide Parents with reports and insights into their child's usage and engagement with the Service.
• To process transactions for Subscriptions and Credit packs (via third-party processors).
• To communicate with Parents, including responding to inquiries, sending service announcements, and providing support.
• To enforce our Terms of Service and other policies.
• To comply with legal obligations and protect our rights and the rights of others.
• For internal analytics and research to understand how the Service is used and to improve it. .
• Voice data or other child data is not used for AI model training unless we receive explicit, separate opt-in consent from the parent. This consent can be managed and revoked at any time through the App's privacy settings. We ensure compliance with GDPR by providing clear disclosure and obtaining affirmative consent, and we adhere to COPPA by limiting data usage to what is necessary for the Service's functionality unless further permission is granted. CHILD DATA IS NOT USED FOR TARGETED ADVERTISING.

4. Disclosure of Your Information

We do not sell your personal information or your child's personal information.

We may disclose information that we collect, or you provide:

• To Service Providers: We may share information with third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf. These providers are contractually obligated to safeguard the information and use it only for the purposes for which we disclose it to them.
• For Legal Reasons: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) prevent or investigate possible wrongdoing in connection with the Service, (d) protect the personal safety of users of the Service or the public, or (e) protect against legal liability.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, information may be transferred as part of that transaction. We will provide notice before information is transferred and becomes subject to a different privacy policy.
• With Consent: We may disclose personal information for any other purpose with your (the Parent's) consent.
• Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you or your child, for research, marketing, analytics, or other purposes.

5. Children's Privacy (COPPA and International Equivalents)

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar international regulations (like GDPR-K).

• Verifiable Parental Consent: We obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13. This consent is obtained during the Parent account setup and child profile creation process within the App.
• Parental Rights: Parents have the right to review the personal information we have collected from their child, request its deletion, and refuse to permit further collection or use of their child's information. Parents can exercise these rights by contacting us using the information in Section 10 or through account settings within the App.
• Information Collected: As detailed in Section 2, the child information we collect (with consent) includes profile details (name/nickname, age), voice data (processed for interaction), and usage information. We do not condition a child's participation in an activity on the child disclosing more personal information than is reasonably necessary to participate in that activity.
• Direct Notice: We provide direct notice to Parents about our information practices before collecting personal information from their children. This Privacy Policy serves as part of that notice.
• Our consent mechanism is COPPA-compliant, utilizing methods such as credit card verification or other secure parental identity confirmation processes during account setup to ensure verifiable parental consent before collecting any child data. We regularly review our practices to ensure they align precisely with our disclosures in this Privacy Policy.

6. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect the security of information submitted via the Service. However, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or other types of misuse. We cannot guarantee the security of information transmitted to our Service; any transmission is at your own risk. WHILE WE STRIVE TO PROTECT YOUR INFORMATION, YOU ACKNOWLEDGE THAT NO SECURITY SYSTEM IS COMPLETELY IMPENETRABLE.

In accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth), we are obligated to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in the event of an eligible data breach that is likely to result in serious harm. We will take prompt action to assess and respond to any data breaches in compliance with Australian law.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account information is typically retained as long as the account is active. Specific retention periods for data types are as follows: voice data is deleted immediately after processing unless explicit consent for temporary storage is provided, in which case it is retained for no longer than 30 days; child profile and usage information is retained until the parent requests deletion or the account is terminated; parent account information is retained until account deletion unless legal obligations require longer retention. These periods are designed to comply with COPPA and GDPR data minimization principles. Parents can request deletion of their account and associated child data as described in Section 5.

8. Your Data Protection Rights (GDPR/CCPA/Australian Law/Other)

Depending on your location, you may have certain rights regarding your personal information, including:

Under Australian law, specifically the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have rights to access and request correction of your personal information held by us. If you believe the information we hold about you is inaccurate, incomplete, or out-of-date, please contact us to update it.

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Parents also have these rights concerning their child's personal information. To exercise these rights, please contact us using the details in Section 10. PLEASE NOTE THAT EXERCISING CERTAIN DATA PROTECTION RIGHTS (E.G., DELETION) MAY IMPACT YOUR ABILITY TO USE CERTAIN FEATURES OR THE ENTIRE SERVICE.

California Consumer Privacy Act (CCPA) Notice

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information. These rights include:

• Right to Know: You have the right to request that we disclose certain information about our collection and use of your personal information over the past 12 months. This includes the categories of personal information we collected (as outlined in Section 2), the sources of that information, the business or commercial purpose for collecting or selling that information, the categories of third parties with whom we share that information, and the specific pieces of personal information we collected about you.
• Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information or your child's personal information as defined under CCPA. If our practices change, we will provide a clear mechanism for you to opt-out of any such sale.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you goods or services, charge you different prices or rates, or provide a different level or quality of goods or services based on your exercise of these rights.

To exercise your rights under CCPA, please contact us using the designated methods provided in Section 11. You may also designate an authorized agent to make a request on your behalf. We may require verification of your identity or authority to make such requests to protect your privacy. For questions or to submit a request, you can email us at hello@wondermind.ai or use the contact form on our website at koaaly.com. We will respond to verifiable consumer requests within the timeframes required by CCPA.

We have disclosed the categories of personal information collected in Section 2 of this Privacy Policy. For additional details or if you have questions about our data practices under CCPA or other regional laws, please contact us as described in Section 11.

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we may transfer the data, including personal data, to the United States and process it there. We comply with applicable cross-border data transfer mechanisms, such as Standard Contractual Clauses (SCCs) for data transfers outside the EEA/UK, to ensure that your data is protected in accordance with GDPR and other relevant regulations. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We may also provide notice through the App or via email for material changes. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

hello@wondermind.ai