Koaaly Privacy Policy
Last Updated: April 16, 2025
IMPORTANT LEGAL NOTICE: This Privacy Policy explains
how [Your Company Legal Name] ("us", "we", or "our") collects, uses,
discloses, and safeguards information when you use the Koaaly device,
mobile application, website, and related services (collectively, the
"Service"). Please read this Privacy Policy carefully. If you do not
agree with the terms of this privacy policy, please do not access or use
the Service.
THIS DOCUMENT IS A TEMPLATE AND NOT A SUBSTITUTE FOR PROFESSIONAL
LEGAL ADVICE. CONSULT WITH A QUALIFIED PRIVACY ATTORNEY TO ENSURE
COMPLIANCE WITH ALL APPLICABLE LAWS (E.G., COPPA, GDPR, CCPA) AND
REGULATIONS BASED ON YOUR SPECIFIC DATA PRACTICES AND
JURISDICTIONS.
1. Introduction
We respect your privacy and are committed to protecting it through our
compliance with this policy. This policy describes:
-
The types of information we may collect or that you may provide when
you purchase, download, install, register with, access, or use the
Koaaly Service.
-
Our practices for collecting, using, maintaining, protecting, and
disclosing that information.
This policy applies to information we collect:
- Through the Koaaly App.
- Through the Koaaly Device when connected to the App.
- On our website [Your Website URL].
-
In email, text, and other electronic communications between you and
us.
It does not apply to information collected by any third party, including
through any application or content (including advertising) that may link
to or be accessible from or on the Service (e.g., payment processors,
App Stores).
2. Information We Collect
We collect several types of information from and about users of our
Service, specifically:
-
Parent/Guardian Information:
-
Account Information: When a Parent creates an
account, we collect information such as name, email address,
password, and payment information (processed by third-party
payment processors, see Section 5).
-
Communication Information: If you contact us for
support or other inquiries, we may collect your name, email
address, and the content of your communication.
-
Child Information (Collected with Verifiable Parental
Consent):
-
Profile Information: Parents create profiles for
child users within the App, which may include a first name or
nickname, age or age range, and avatar selection. We use age
information to tailor content appropriateness and AI interactions.
-
Voice Data: When a child interacts with the
Koaaly Device's voice features (e.g., chat, interactive stories),
audio recordings are processed to enable the Service's
functionality. These recordings are typically processed
transiently to convert speech to text and generate a response.
[**CRITICAL LEGAL REVIEW NEEDED:** Specify exactly how voice data
is processed, stored (if at all, even temporarily), used for AI
training (if applicable, requires explicit opt-in usually), and
secured. Be very clear about retention periods. COPPA and GDPR
have strict rules here.]
-
Usage Information: We collect information about
how the child uses the Service through the Device and App under
the Parent's account, such as selected bots, content modules
accessed, duration of sessions, and interactions with features
(e.g., responses in interactive stories). This is used to provide
reports to the Parent and personalize the experience.
-
Technical and Device Information:
-
App Usage Data: Information about your
interaction with the App, such as crash logs, performance data,
features used, and session times.
-
Device Information: Information about the mobile
device used to access the App (e.g., hardware model, operating
system version, unique device identifiers) and the Koaaly Device
itself (e.g., connection status, firmware version).
-
Cookies and Similar Technologies: We may use
cookies and similar tracking technologies on our website to
collect usage data and improve user experience. [Link to a
separate Cookie Policy if applicable].
3. How We Use Your Information
We use the information we collect for various purposes, including:
- To provide, operate, maintain, and improve the Service.
- To set up and manage Parent accounts and child profiles.
-
To process voice commands and generate AI responses for interactive
features.
-
To personalize content and experiences based on child profile
information (e.g., age) and usage patterns.
-
To provide Parents with reports and insights into their child's usage
and engagement with the Service.
-
To process transactions for Subscriptions and Credit packs (via
third-party processors).
-
To communicate with Parents, including responding to inquiries,
sending service announcements, and providing support.
- To enforce our Terms of Service and other policies.
-
To comply with legal obligations and protect our rights and the rights
of others.
-
For internal analytics and research to understand how the Service is
used and to improve it. [Specify if data is anonymized/aggregated for
this purpose].
-
[**CRITICAL LEGAL REVIEW NEEDED:** Explicitly state if voice data or
other child data is used for AI model training. If so, this requires
clear disclosure and likely an opt-in consent mechanism under laws
like GDPR and careful consideration under COPPA.]
4. Disclosure of Your Information
We do not sell your personal information or your child's personal
information.
We may disclose information that we collect, or you provide:
-
To Service Providers: We may share information with
third-party vendors, consultants, and other service providers who need
access to such information to carry out work on our behalf (e.g.,
cloud hosting providers [Specify Provider(s)], AI processing services
[Specify Provider(s) if applicable], analytics providers, customer
support tools). These providers are contractually obligated to
safeguard the information and use it only for the purposes for which
we disclose it to them.
-
For Legal Reasons: We may disclose information if
required to do so by law or in the good faith belief that such action
is necessary to (a) comply with a legal obligation, (b) protect and
defend our rights or property, (c) prevent or investigate possible
wrongdoing in connection with the Service, (d) protect the personal
safety of users of the Service or the public, or (e) protect against
legal liability.
-
Business Transfers: In connection with any merger,
sale of company assets, financing, or acquisition of all or a portion
of our business by another company, information may be transferred as
part of that transaction. We will provide notice before information is
transferred and becomes subject to a different privacy policy.
-
With Consent: We may disclose personal information
for any other purpose with your (the Parent's) consent.
-
Aggregated or De-identified Data: We may share
aggregated or de-identified information, which cannot reasonably be
used to identify you or your child, for research, marketing,
analytics, or other purposes.
5. Children's Privacy (COPPA and International Equivalents)
We are committed to complying with the Children's Online Privacy
Protection Act (COPPA) and similar international regulations (like
GDPR-K).
-
Verifiable Parental Consent: We obtain verifiable
parental consent before collecting, using, or disclosing personal
information from children under 13. This consent is obtained during
the Parent account setup and child profile creation process within the
App.
-
Parental Rights: Parents have the right to review the
personal information we have collected from their child, request its
deletion, and refuse to permit further collection or use of their
child's information. Parents can exercise these rights by contacting
us using the information in Section 10 or through account settings
within the App [Specify App functionality if available].
-
Information Collected: As detailed in Section 2, the
child information we collect (with consent) includes profile details
(name/nickname, age), voice data (processed for interaction), and
usage information. We do not condition a child's participation in an
activity on the child disclosing more personal information than is
reasonably necessary to participate in that activity.
-
Direct Notice: We provide direct notice to Parents
about our information practices before collecting personal information
from their children. This Privacy Policy serves as part of that
notice.
-
[**CRITICAL LEGAL REVIEW NEEDED:** Ensure your consent mechanism is
COPPA-compliant (e.g., email-plus, credit card verification, etc.) and
that your practices align precisely with your disclosures.]
6. Data Security
We implement reasonable administrative, technical, and physical security
measures designed to protect the security of information submitted via
the Service. However, please be aware that no security measures are
perfect or impenetrable, and no method of data transmission can be
guaranteed against interception or other types of misuse. We cannot
guarantee the security of information transmitted to our Service; any
transmission is at your own risk.
7. Data Retention
We retain personal information for as long as necessary to fulfill the
purposes outlined in this Privacy Policy, unless a longer retention
period is required or permitted by law. Account information is typically
retained as long as the account is active. [**CRITICAL LEGAL REVIEW
NEEDED:** Define specific retention periods for different data types,
especially voice data and child information, ensuring compliance with
COPPA and GDPR minimization principles.] Parents can request deletion of
their account and associated child data as described in Section 5.
8. Your Data Protection Rights (GDPR/CCPA/Other)
Depending on your location, you may have certain rights regarding your
personal information, including:
-
The right to access – You have the right to request copies of your
personal data.
-
The right to rectification – You have the right to request that we
correct any information you believe is inaccurate or complete
information you believe is incomplete.
-
The right to erasure – You have the right to request that we erase
your personal data, under certain conditions.
-
The right to restrict processing – You have the right to request that
we restrict the processing of your personal data, under certain
conditions.
-
The right to object to processing – You have the right to object to
our processing of your personal data, under certain conditions.
-
The right to data portability – You have the right to request that we
transfer the data that we have collected to another organization, or
directly to you, under certain conditions.
Parents also have these rights concerning their child's personal
information. To exercise these rights, please contact us using the
details in Section 10.
[Include specific sections/language required by CCPA (e.g., categories
of data collected, "Do Not Sell" rights if applicable, designated
contact methods) or other relevant regional laws if applicable - CONSULT
ATTORNEY].
9. International Data Transfers
Your information, including personal data, may be transferred to — and
maintained on — computers located outside of your state, province,
country, or other governmental jurisdiction where the data protection
laws may differ from those of your jurisdiction. If you are located
outside [Your Company's Country] and choose to provide information to
us, please note that we transfer the data, including personal data, to
[Your Company's Country/Server Location] and process it there. Your
consent to this Privacy Policy followed by your submission of such
information represents your agreement to that transfer. [**CRITICAL
LEGAL REVIEW NEEDED:** Ensure compliance with cross-border data transfer
mechanisms like Standard Contractual Clauses (SCCs) if transferring data
outside the EEA/UK, etc.]
10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you
of any changes by posting the new Privacy Policy on this page and
updating the "Last Updated" date. We may also provide notice through the
App or via email for material changes. You are advised to review this
Privacy Policy periodically for any changes.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise
your rights, please contact us:
[Your Company Legal Name]
[Your Company Address]
[Your Designated Privacy Contact Email, e.g., privacy@koaaly.com]
[Consider adding a designated phone number or web form if required by law,
e.g., CCPA].