🔒 Privacy Notice for Parents

For grown-ups: This app is designed for children. We collect the absolute minimum data needed. No ads, no tracking, no data sharing.

What We Collect

Email address (parent) — used solely for authentication and COPPA parental consent verification
Session token (functional) — a secure cookie used to keep you signed in
First name — chosen by the child for their profile display
Avatar emoji — selected from a preset list
Activity progress — which calendar activities have been completed
Parental consent flag — records that a parent approved the profile
Family & permission settings — family groupings and per-child permission preferences

That's it. No phone number, no location, no photos, no device identifiers.

Email Collection

We collect your email address solely for authentication and COPPA verification. It is stored in our database and never shared.

Sessions

We use a secure session cookie (ksc-session) to keep you signed in. It contains no personal information and is httpOnly (not accessible to JavaScript).

Family Data

Families, child profiles, and permissions are stored in Cloudflare D1 (US region).

How We Store It

Structured data (accounts, families, permissions) is stored in Cloudflare D1 (US region)
Activity and progress data is stored in Cloudflare R2 (US region)
Transmitted over HTTPS only
No data is shared with third parties — ever
No advertising or analytics services are used

Cookies

We use two functional cookies:

ksc-ab — maintains a consistent app experience (A/B split). Contains no personal information and expires after 30 days.
ksc-session — keeps you signed in after email verification. It is httpOnly (not accessible to JavaScript), Secure, and SameSite=Strict. Contains only a hashed token reference.

No tracking cookies are used.

Your Rights

Delete: Any profile can be deleted from the home page. This permanently removes the profile and all associated progress data from our servers.
Access: All data is visible within the app — there is no hidden data collection.

Parental Consent (COPPA Verification)

We use email verification as our COPPA Verifiable Parental Consent method. Parents must verify their email before child profiles become active. A one-time passcode is sent to the parent's email address, and successful verification is logged as consent.

Children's Privacy (COPPA Notice)

This app is directed at children. We require verified parental consent before a child profile becomes active. We do not:

Collect more information than needed
Share or sell any data
Allow children to make data public beyond the in-app leaderboard
Use data for advertising or profiling

Region Restrictions

This app is only available in the United States (excluding California and Maryland) due to specific children's data privacy regulations in those jurisdictions that require compliance measures beyond our current implementation.

Contact

Questions about this privacy notice? Reach the app administrator at the email associated with this deployment.

Last updated: June 13, 2026

← back to app