1. Introduction

Welcome to JoyKidos ("we," "our," or "us"). We operate the 144 Math Challenge application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting the privacy of all users, especially children. This policy complies with the Children's Online Privacy Protection Act (COPPA), the UK General Data Protection Regulation (UK GDPR), and other applicable privacy laws.

2. Mixed Audience Declaration (COPPA 2025 Compliance)

In accordance with COPPA requirements for mixed audience services:

• We do not knowingly collect personal information from children under 13 without verifiable parental consent
• Parents/guardians purchase access codes on behalf of their children
• Children interact with the Service using only the access code - no personal information is required from the child
• All account-related communications are directed to the parent's email address

3. Information We Collect

3.1 Information from Parents/Guardians

When a parent purchases an access code, we collect:

• Email Address: Used to deliver the access code and important account communications
• Payment Information: Processed securely by Stripe; we do not store credit card details
• Transaction Records: Purchase date, amount, and order ID for customer support

3.2 Information from Children

We do NOT collect personal information directly from children. When a child uses the Service:

• They enter only an access code (e.g., "HAPPY-LION-123")
• They may optionally create a display name (not required to be their real name)
• Math challenge scores and progress are stored locally on the device
• No photos, location data, or other personal information is collected

3.3 Automatically Collected Information

We may collect certain technical information automatically:

• Device type and operating system
• Browser type and version
• General usage statistics (challenges completed, time spent)
• Error logs for troubleshooting

This information is collected in aggregate form and cannot be used to identify individual children.

4. How We Use Information

We use the information we collect to:

• Deliver access codes to parents via email
• Process payments and refunds
• Provide customer support
• Improve our Service and develop new features
• Send important service-related notifications (not marketing)
• Comply with legal obligations

We do NOT:

• Sell personal information to third parties
• Use children's data for advertising or marketing
• Create profiles of children for commercial purposes
• Share data with social networks or advertising platforms

5. Cookies and Tracking

We use cookies for:

• Essential cookies: Required for the Service to function (access code validation)
• Analytics cookies: Only with explicit consent, to understand how the Service is used

We do not use cookies to track children or serve targeted advertising. Analytics are collected only after obtaining cookie consent from parents.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting our website, or by using your browser settings to block cookies.

6. Data Sharing and Disclosure

We may share information with:

• Stripe: Our payment processor, to handle transactions securely. See Stripe's Privacy Policy
• Resend: Our email service provider, to deliver access codes. See Resend's Privacy Policy
• Vercel: Our hosting provider. See Vercel's Privacy Policy
• Google Analytics: For website analytics (with consent). See Google's Privacy Policy

We may also disclose information if required by law, court order, or to protect our rights and safety.

7. Data Retention

We retain information as follows:

• Parent email addresses: Retained while the access code is active, plus 30 days after any refund
• Transaction records: Retained for 7 years for tax and legal compliance
• Usage data: Aggregated data retained indefinitely; identifiable data deleted after 90 days

8. Parental Rights Under COPPA

Parents and guardians have the right to:

• Review any personal information we have collected
• Request deletion of personal information
• Refuse further collection or use of their child's information
• Agree to the collection and use of information without agreeing to disclosure to third parties

To exercise these rights, contact us at privacy@joykidos.com

9. Data Security

We implement appropriate security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Secure payment processing through PCI-compliant Stripe
• Access controls and authentication
• Regular security assessments

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify affected users of any data breach as required by law.

10. International Data Transfers

Our Service is operated from the United Kingdom. If you are accessing from outside the UK, please be aware that your information may be transferred to, stored, and processed in the UK and other countries. We ensure appropriate safeguards are in place for international transfers.

11. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Lodge a complaint with the ICO (Information Commissioner's Office)

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes affecting children's data, we will seek fresh parental consent where required.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: