COPPA Notice

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that protects the online privacy of children under 13. It requires us to get verifiable parental consent before collecting personal information from a child and to give parents meaningful control over that information afterward.

Koydo is designed for families. A meaningful portion of our learners are under 13, and we treat every child account accordingly. This notice explains in plain English how we apply COPPA across koydo.app, our native iOS and Android apps, and every satellite learning surface (app.koydo.app, homeschool.koydo.app, lingua.koydo.app, and so on).

When a parent or guardian creates a child profile on Koydo, we ask only for what we need to run the learning experience. Specifically:

• A first name or nickname -- never a last name -- to personalize the interface
• Age or grade level so adaptive lessons can be pitched correctly
• Progress and performance data -- answers, correct/incorrect flags, time on task
• Voice and text input during lessons when the child chooses to speak or type
• Device type and a short-lived session id for syncing progress across the family's devices

We do not ask a child for their home address, phone number, geolocation, photograph, or any other personal identifier that is not required to deliver the lesson. We do not allow children to post public profiles or chat with strangers.

• We do not show third-party advertising to children. Ever.
• We do not sell, rent, or trade child data to any third party.
• We do not use child data to build advertising profiles or retarget across the web.
• We do not track children across other apps or websites.
• We do not require a child to give more information than is reasonably necessary to participate in an activity.

A parent or guardian must create the family account before a child can use Koydo. During sign-up we use a verifiable parental consent (VPC) flow that matches Federal Trade Commission guidance:

• Parent identity check through a consent method appropriate to the feature being enabled
• An email-based confirmation loop that requires the parent to click a link sent to the email they registered
• A clear, separate disclosure describing exactly what data the child will share with Koydo before consent is granted

We keep a consent record so the parent can review what was approved and so Koydo can honor later changes, revocations, or deletion requests.

Parents of a Koydo child account always have the right to:

• Review the personal information we have collected from or about their child
• Request that we correct or delete any of that information
• Refuse further collection or use of the information
• Revoke consent and close the child's account
• Export the child's learning history in a portable, human-readable format (PDF and JSON)

A parent can exercise any of these rights from the family dashboard at app.koydo.app or by emailing privacy@koydo.app. We respond within 30 days and never charge a fee for a parental request.

We keep a child's learning data only for as long as the family account is active, plus a 12-month grace window so a learner who returns does not lose their progress. At the end of the grace window, or immediately upon a deletion request from the parent, we delete the child's personal information from our production systems and from any backup older than 30 days.

Fully anonymized, aggregate analytics -- for example, 'percent of learners who mastered multi-digit multiplication this month' -- may be kept indefinitely because they cannot be linked back to any individual child.

We use vetted service providers to run Koydo. Providers that process child data are limited to the data needed for their service, must handle it under Koydo's instructions, and are prohibited from using it for their own purposes:

• Secure hosting and authentication providers for account access, family profiles, and learning progress.
• Payment providers for parent purchases and consent-related billing flows.
• Optional learning-assistance providers when a parent enables features that require real-time tutoring, content support, or safety checks.
• Customer support and email providers for parent requests, account notices, and legal communications.

If this list changes, we will update this notice and, for material changes, ask the parent for renewed consent.

When Koydo is used in a U.S. classroom, the school may provide consent on behalf of parents under the school-authorized exception to COPPA, provided the data is used only for educational purposes. Schools must sign Koydo's school privacy agreement, and parents retain the same review, correction, and deletion rights listed in section 5.

Homeschool families using Koydo are treated exactly like retail families -- the parent or guardian is the consent holder.

Primary contact for any COPPA request, question, or complaint:

• Email: privacy@koydo.app
• Subject line: 'COPPA request -- [your child's first name or nickname]'
• Response time: within 30 days, usually within 5 business days

If you believe Koydo has not honored a COPPA obligation, you can also contact the U.S. Federal Trade Commission: https://reportfraud.ftc.gov or 1-877-FTC-HELP. We will cooperate fully with any FTC inquiry.

If we make a material change to how we collect, use, or disclose child data, we will email every parent on file and publish the updated notice here with a new 'Last updated' date. Where the change requires it, we will ask for fresh parental consent before the new practice begins.