Privacy Policy

Our principles

We hold children's data to the strictest standards because they cannot meaningfully consent themselves. We collect the minimum required to provide our service. We never sell data. We never use it to train external models. We do not collect voice recordings, video, photos, biometrics, or precise location.

What we collect

From parents: Email, name, country, password (hashed), consent metadata (timestamp, IP, user agent, consent version), and your responses to the parent intake.

From children: First name (you provide), age, optional notes you provide, and — if your child chooses to participate — their choices and time-on-task within the activity modules. No voice, no video, no photos, no biometrics.

Operational: Standard server logs (IP, user agent, request timestamps) for security and debugging, retained 90 days.

Legal bases

India: DPDP Act 2023 — verifiable parental consent for processing of children's data. EEA/UK: GDPR-K Article 8 — parental consent for under-16s. US: COPPA — verifiable parental consent for under-13s.

Your rights

You may at any time: access all data we hold about you and your child, correct it, delete it, export it in a portable format, withdraw consent (your account will be closed), or contact our Data Protection Officer at privacy@thinkhumanly.co.

Retention

Active accounts: data retained while account is open. After closure: 30 days for backup recovery, then permanent deletion. Anonymized aggregate analytics may be retained for product research.

Third parties we use

Paddle: Payment processing (PCI-DSS Level 1). They handle card details; we never see them. Groq: AI inference for narrative generation. We send your child's scores and first name; Groq does not retain inputs for training. We do not use any third party for child voice, video, biometric, or face analysis.

Contact

Questions, concerns, or to exercise your rights: privacy@thinkhumanly.co