The short version:
All recording data is stored locally on your device.
We only collect data you explicitly choose to share.
We never collect surnames, full dates of birth, photos, or location data on our servers.
We never sell your data. We never show ads.
Children under 13 do not create accounts or interact with our servers directly.
1. Information We Collect
1.1 Information stored only on your device
The following data is stored locally in your device's app sandbox and never transmitted to our servers unless you explicitly enable sharing features:
- Child profiles (name, date of birth, avatar photo)
- Activity definitions and attempt records
- Personal best history and progression data
- Voice transcripts from speech-to-text capture
- App preferences (theme mode, active child)
This data remains on your device. If you uninstall the app, this data is deleted.
1.2 Information transmitted to our servers (only when you opt in)
If you enable Share with Friends & Family or Participate in Leaderboard in Settings, the following data is transmitted to our servers:
- Device identifier: A randomly generated anonymous ID. Not linked to your Apple ID, Google account, or any personally identifiable information.
- Display name: A name you choose (e.g. "Dave's Family"). Optional.
- Child's first name: First name only. We never collect surnames.
- Child's age: In whole years only. We never collect the full date of birth.
- Personal best values: The numeric PB value, activity name, unit, and date for activities you choose to share.
- Region: Derived from your device locale (e.g. "US", "GB"). Used for leaderboard display only.
- Push notification token: If you enable push notifications, your device's push token is stored on our servers to deliver PB notifications.
1.3 Information we never collect
- Surnames or full names of children
- Full dates of birth
- Photos or videos
- Precise location or GPS data
- Email addresses, phone numbers, or social media accounts
- School names, team names, or coach information
- Browsing history or usage analytics beyond basic server logs
2. How We Use Your Information
We use the information described above solely to:
- Provide the app's core features: recording PBs, displaying charts, and calculating progress.
- Enable sharing: Allowing family members to follow children's PBs via share codes.
- Operate the leaderboard: Ranking participants by PB value for standard activities.
- Deliver push notifications: Sending PB update notifications to followers you have approved.
- Maintain and improve the service: Basic server logs (IP address, request timestamps) for error monitoring and uptime. These logs are retained for 30 days and then deleted.
We do not use your data for advertising, profiling, or any purpose unrelated to the app's functionality.
3. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party.
Your data may be shared in these limited circumstances:
- With followers you approve: When you generate a share code and someone uses it to follow your children's PBs, they can see your children's first names, ages, and shared PB values.
- On the leaderboard: If you opt in to the leaderboard, your child's first name, age, region, and PB value are visible to other leaderboard participants within the app.
- Service providers: Our servers are hosted on DigitalOcean infrastructure. DigitalOcean processes data as a sub-processor under their data processing agreement.
- Legal requirements: We may disclose information if required by law, subpoena, or legal process.
4. Children's Privacy (COPPA Compliance)
Kid PB is designed for parents to track their children's activities. Children under 13 do not create accounts, do not interact with our servers directly, and do not provide personal information to us.
All data sharing decisions are made by the parent through the app's Settings. A child cannot enable sharing, join the leaderboard, or create follow connections.
The only child data transmitted to our servers (when a parent enables sharing) is: first name, age in whole years, and PB values. This data is provided and controlled entirely by the parent.
If you believe we have inadvertently collected personal information from a child under 13 without parental consent, please contact us and we will promptly delete it.
5. Data Storage and Security
- Local data: Stored in your device's encrypted app sandbox using SQLite. Protected by your device's passcode and biometric security.
- Server data: Stored in a PostgreSQL database hosted on DigitalOcean infrastructure in the United States. Encrypted in transit (TLS 1.3) and at rest.
- Authentication: We use anonymous device identifiers. There are no passwords to breach.
- Data minimisation: We only store the minimum data necessary to provide sharing and leaderboard features.
6. Data Retention and Deletion
- Local data: Retained on your device until you delete it within the app or uninstall the app.
- Server data: Retained as long as your account (device identifier) is active. If you disable sharing, your server-side data is deleted within 30 days.
- Account deletion: You can request complete deletion of all server-side data by contacting us at the email below. We will process deletion requests within 14 days.
- Leaderboard withdrawal: You can withdraw from the leaderboard at any time in Settings. Your leaderboard entry is deleted immediately.
- Connection removal: You can revoke any follower or unfollow any recorder at any time. Connection data is deleted immediately.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data from our servers.
- Object to processing of your data.
- Data portability: Export your data in CSV format via Settings → Export.
To exercise any of these rights, contact us at the email below.
8. Third-Party Services
- Apple App Store / Google Play Store: In-app purchases are processed by Apple and Google respectively. Their privacy policies apply to payment processing.
- Apple Push Notification Service (APNs) / Firebase Cloud Messaging (FCM): Used to deliver push notifications. Push tokens are stored on our servers; message content is transmitted via Apple and Google's push infrastructure.
- DigitalOcean: Server and database hosting. Data processing agreement in place.
We do not use any analytics SDKs, advertising networks, crash reporting services, or social media SDKs.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the "Last updated" date. Continued use of the app after changes constitutes acceptance.
10. Contact Us
If you have questions about this privacy policy or wish to exercise your data rights, contact us at:
Email: privacy@kidpb.com
Website: https://kidpb.com/privacy