Koaaly Privacy Policy

Last Updated: April 16, 2025

1. Introduction

We respect your privacy and are committed to protecting it through our compliance with this policy. This policy describes:

• The types of information we may collect or that you may provide when you purchase, download, install, register with, access, or use the Koaaly Service.
• Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• Through the Koaaly App.
• Through the Koaaly Device when connected to the App.
• On our website [Your Website URL].
• In email, text, and other electronic communications between you and us.

It does not apply to information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Service (e.g., payment processors, App Stores).

2. Information We Collect

We collect several types of information from and about users of our Service, specifically:

• Parent/Guardian Information:
  • Account Information: When a Parent creates an account, we collect information such as name, email address, password, and payment information (processed by third-party payment processors, see Section 5).
  • Communication Information: If you contact us for support or other inquiries, we may collect your name, email address, and the content of your communication.
• Child Information (Collected with Verifiable Parental Consent):
  • Profile Information: Parents create profiles for child users within the App, which may include a first name or nickname, age or age range, and avatar selection. We use age information to tailor content appropriateness and AI interactions.
  • Voice Data: When a child interacts with the Koaaly Device's voice features (e.g., chat, interactive stories), audio recordings are processed to enable the Service's functionality. These recordings are typically processed transiently to convert speech to text and generate a response. [**CRITICAL LEGAL REVIEW NEEDED:** Specify exactly how voice data is processed, stored (if at all, even temporarily), used for AI training (if applicable, requires explicit opt-in usually), and secured. Be very clear about retention periods. COPPA and GDPR have strict rules here.]
  • Usage Information: We collect information about how the child uses the Service through the Device and App under the Parent's account, such as selected bots, content modules accessed, duration of sessions, and interactions with features (e.g., responses in interactive stories). This is used to provide reports to the Parent and personalize the experience.
• Technical and Device Information:
  • App Usage Data: Information about your interaction with the App, such as crash logs, performance data, features used, and session times.
  • Device Information: Information about the mobile device used to access the App (e.g., hardware model, operating system version, unique device identifiers) and the Koaaly Device itself (e.g., connection status, firmware version).
  • Cookies and Similar Technologies: We may use cookies and similar tracking technologies on our website to collect usage data and improve user experience. [Link to a separate Cookie Policy if applicable].

3. How We Use Your Information

We use the information we collect for various purposes, including:

• To provide, operate, maintain, and improve the Service.
• To set up and manage Parent accounts and child profiles.
• To process voice commands and generate AI responses for interactive features.
• To personalize content and experiences based on child profile information (e.g., age) and usage patterns.
• To provide Parents with reports and insights into their child's usage and engagement with the Service.
• To process transactions for Subscriptions and Credit packs (via third-party processors).
• To communicate with Parents, including responding to inquiries, sending service announcements, and providing support.
• To enforce our Terms of Service and other policies.
• To comply with legal obligations and protect our rights and the rights of others.
• For internal analytics and research to understand how the Service is used and to improve it. [Specify if data is anonymized/aggregated for this purpose].
• [**CRITICAL LEGAL REVIEW NEEDED:** Explicitly state if voice data or other child data is used for AI model training. If so, this requires clear disclosure and likely an opt-in consent mechanism under laws like GDPR and careful consideration under COPPA.]

4. Disclosure of Your Information

We do not sell your personal information or your child's personal information.

We may disclose information that we collect, or you provide:

• To Service Providers: We may share information with third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf (e.g., cloud hosting providers [Specify Provider(s)], AI processing services [Specify Provider(s) if applicable], analytics providers, customer support tools). These providers are contractually obligated to safeguard the information and use it only for the purposes for which we disclose it to them.
• For Legal Reasons: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) prevent or investigate possible wrongdoing in connection with the Service, (d) protect the personal safety of users of the Service or the public, or (e) protect against legal liability.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, information may be transferred as part of that transaction. We will provide notice before information is transferred and becomes subject to a different privacy policy.
• With Consent: We may disclose personal information for any other purpose with your (the Parent's) consent.
• Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you or your child, for research, marketing, analytics, or other purposes.

5. Children's Privacy (COPPA and International Equivalents)

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar international regulations (like GDPR-K).

• Verifiable Parental Consent: We obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13. This consent is obtained during the Parent account setup and child profile creation process within the App.
• Parental Rights: Parents have the right to review the personal information we have collected from their child, request its deletion, and refuse to permit further collection or use of their child's information. Parents can exercise these rights by contacting us using the information in Section 10 or through account settings within the App [Specify App functionality if available].
• Information Collected: As detailed in Section 2, the child information we collect (with consent) includes profile details (name/nickname, age), voice data (processed for interaction), and usage information. We do not condition a child's participation in an activity on the child disclosing more personal information than is reasonably necessary to participate in that activity.
• Direct Notice: We provide direct notice to Parents about our information practices before collecting personal information from their children. This Privacy Policy serves as part of that notice.
• [**CRITICAL LEGAL REVIEW NEEDED:** Ensure your consent mechanism is COPPA-compliant (e.g., email-plus, credit card verification, etc.) and that your practices align precisely with your disclosures.]

6. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect the security of information submitted via the Service. However, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or other types of misuse. We cannot guarantee the security of information transmitted to our Service; any transmission is at your own risk.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account information is typically retained as long as the account is active. [**CRITICAL LEGAL REVIEW NEEDED:** Define specific retention periods for different data types, especially voice data and child information, ensuring compliance with COPPA and GDPR minimization principles.] Parents can request deletion of their account and associated child data as described in Section 5.

8. Your Data Protection Rights (GDPR/CCPA/Other)

Depending on your location, you may have certain rights regarding your personal information, including:

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Parents also have these rights concerning their child's personal information. To exercise these rights, please contact us using the details in Section 10.

[Include specific sections/language required by CCPA (e.g., categories of data collected, "Do Not Sell" rights if applicable, designated contact methods) or other relevant regional laws if applicable - CONSULT ATTORNEY].

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside [Your Company's Country] and choose to provide information to us, please note that we transfer the data, including personal data, to [Your Company's Country/Server Location] and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. [**CRITICAL LEGAL REVIEW NEEDED:** Ensure compliance with cross-border data transfer mechanisms like Standard Contractual Clauses (SCCs) if transferring data outside the EEA/UK, etc.]

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We may also provide notice through the App or via email for material changes. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

[Your Company Legal Name]
[Your Company Address]
[Your Designated Privacy Contact Email, e.g., privacy@koaaly.com]