Privacy Policy

(Updated: September 2025)

Company: Kids Planet

Data Owner’s Contact Information:
Email: [email protected]
Phone: +996 (503) 475-700
Address: 186-51 Chui Avenue, Bishkek 720010, Kyrgyzstan

1. Introduction

This Privacy Policy (the “Policy”) explains in detail how Kids Planet (“we”, “us”, “our”, “Company”) collects, uses, stores, discloses and protects personal data and technical data (collectively “Data”) in connection with our mobile and desktop applications, associated services, and websites (collectively, the “Apps”). This Policy also explains the rights available to data subjects (including parents and legal guardians), how to exercise those rights, and how to contact us about privacy-related matters.

We have prepared this document to be comprehensive and explicit. It describes what categories of information are collected, the legal bases and purposes for processing, retention periods, data security measures, third-party partners, cross-border data transfers, children-specific safeguards (COPPA), and the procedures for data access, correction, deletion and other rights.

By downloading, installing, accessing or using our Apps, or otherwise interacting with our services, you acknowledge that you have read this Policy and consent to the collection and processing described herein. If you do not agree with this Policy, please do not use our Apps or services.

2. Scope and Applicability

This Policy applies to all visitors, users, customers and other persons who access or use our Apps or website where this Policy is posted. The Policy applies regardless of the device or operating system used.

3. Definitions

• Personal Data / Personal Information: any information relating to an identified or identifiable natural person.
• Children: individuals under 13 years of age, unless local laws set a higher age threshold (e.g., 16).
• Processing: any operation performed on personal data (collection, use, disclosure, storage, deletion, etc.).
• PII / PDI: personally identifiable information (name, e-mail, phone, address, etc.).

4. Legal Bases for Processing

Where applicable (for EU/EEA/UK users), our legal bases for processing personal data include:

• Consent: For children’s data where parental consent is required and for optional services such as newsletters.
• Contractual necessity: Processing necessary for performing a contract (e.g., granting access to purchased content).
• Legal obligation: Processing necessary to comply with laws and regulations.
• Legitimate interests: For internal analytics, fraud prevention, security and improving our services — balanced against privacy interests; however, for children’s data, legitimate interests are not used where consent is required under COPPA/GDPR.

5. Consent for Children / Parental Consent Procedure

Our Apps are directed to young children and often used by families. In accordance with COPPA (U.S.) and relevant laws in other jurisdictions, we require verifiable parental consent prior to collection, use, or disclosure of personal information from children under the applicable age threshold.

How we obtain verifiable parental consent:

• When parental consent is required (for example, to enable optional features that would collect personal information), we require the parent to provide a verifiable method of consent through the parent’s email plus additional verification steps (e.g., confirmation link, transaction for a nominal amount via Apple/Google where applicable, or other reasonable verification methods).
• We retain records of parental consent where required by law.
• Parents who provide consent may withdraw it at any time by contacting us (see Contact Information). Withdrawal of consent will be processed, and subsequent collection/processing of the child’s personal data will stop, subject to legal or operational limits.

6. What Data We Collect (Detailed)

We differentiate between data that is automatically collected, voluntarily provided, and derived / aggregated. All collection is minimized and limited to what is necessary.

6.1 Automatically Collected Technical & Usage Data

These data are collected to ensure correct operation of the Apps, to monitor quality, fix crashes and errors, and to improve the product. Data elements include (examples and not exhaustive):

• Device type and model (e.g., iPhone 12, Samsung Galaxy S20);
• Operating system and version (iOS, Android and version number);
• App version;
• Language settings and locale (country/region as reported by device settings);
• Screen resolution and device capabilities;
• Basic network information (carrier, connection type — Wi-Fi or cellular);
• Anonymous crash reports and performance telemetry (stack traces, memory usage where permitted);
• In-app events and usage metrics (screens viewed, session duration, buttons pressed, features used, levels completed) logged as events without identifiers;
• Timestamped, aggregated session data (session start/stop times).

Important: in our configuration we explicitly do not collect the following via analytics or our Apps (for child-safety and COPPA compliance): personal names, email addresses from inside the App (except when volunteered through contact/support), telephone numbers, photos, voice recordings, exact GPS coordinates, or advertising identifiers (IDFA/GAID). IP addresses are not stored as stable identifiers; if used transiently for routing or security, they are anonymized / truncated per provider capabilities and local legal needs.

6.2 Voluntarily Provided Personal Data

The App itself does not provide forms for children to enter personal data. The only typical voluntary personal data we may receive are:

• Parent’s or user’s email and message content when contacting Support via the website contact form or help email;
• Information necessary to process a support request or refund;
• Information provided in connection with legal requests or disputes.

6.3 Derived, Aggregated and Anonymized Data

We may process aggregated statistics derived from raw usage data. Aggregated data does not identify an individual and is used to produce analytics and reports (e.g., percent of sessions that reach level 3, average session duration by region).

7. Purposes of Processing — Full Detail

We process Data only for the purposes described and limited to what is necessary for each purpose. Purposes include:

• Operation and functionality: to run the App, grant access to purchased content, and maintain availability and stability;
• Analytics and product improvement: analyze usage patterns, performance metrics, crash logs, and engagement to prioritize fixes and new features;
• Customer support: respond to support requests and troubleshoot issues reported via email or support forms;
• Fraud prevention and security: detect and prevent misuse or fraudulent purchases;
• Payments and receipts: to process in-app purchases via Apple/Google and to comply with tax and accounting obligations;
• Legal compliance: respond to lawful requests from authorities, exercise or defend legal claims, and comply with applicable law.

We do not use collected data for targeted advertising, marketing to children, or behavioral profiling of children.

8. In-App Purchases and Payment Data

All purchases are processed by the platform providers (Apple App Store and/or Google Play). We do not receive or store your credit card or bank details. We may receive summary purchase information required to validate entitlements (transaction IDs, product IDs, purchase timestamps) from the platform. We retain purchase confirmation records only as necessary for accounting and legal compliance (see Data Retention).

9. Third-Party Analytics, Hosting and Other Service Providers — Full Disclosure

We use a small set of third-party service providers for analytics, performance monitoring, subscription management and support. Each provider is selected for reliability, data protection controls and ability to operate in compliance with COPPA/GDPR. We only integrate these services in configurations that limit collection of personally identifiable information for children and operate in “child-directed” or equivalent restrictive modes where available.

Current third-party service providers (examples and descriptions):

• Google Firebase / Google Analytics for Firebase
  Purpose: aggregated/anonymous usage analytics, crash reporting and performance traces.
  Typical data collected: anonymized events (screen open, button taps), device model, OS version, app version, aggregated session lengths, crash stack traces.
  Child settings: Firebase project configured to limit data collection for child-directed app use; Advertising identifiers disabled; user-level identifiers disabled for children.
  Privacy link: https://firebase.google.com/support/privacy.
• Unity Analytics
  Purpose: event analytics for gameplay balancing, session and retention metrics.
  Typical data collected: event names, counts, device OS and version, aggregated user engagement metrics.
  Child settings: Child-directed mode configured in Unity projects; personalized advertising features disabled; no collection of advertising identifiers for child accounts.
  Privacy link: https://unity.com/legal/privacy-policy.
• AppMetrica (Yandex)
  Purpose: install tracking and app performance analytics where used.
  Typical data: anonymized usage statistics, platform/version, aggregated metrics.
  Child settings: configured to operate without collecting personal identifiers for children; retention and anonymization configured per app settings.
  Privacy link: https://appmetrica.yandex.com/docs/en/data-security/gdpr.
• Adapty
  Purpose: measuring subscription and purchase analytics (no advertising).
  Typical data: purchase event metadata (product id, purchase timestamp), platform purchase token, and aggregated subscription metrics; no child-identifiable data collected per configuration.
  Privacy link: https://adapty.io/end-users-privacy/.

Data sharing and restrictions: We share only the minimum anonymous or pseudonymized data necessary with these providers, under data processing agreements that limit their use to performance of services, and prohibit use for advertising to children. None of these services are used to serve third-party ads inside the App.

10. Advertising

This application does not include any third-party advertising. We do not integrate advertising SDKs or ad networks (no banner, interstitial, rewarded or native ads). The app does not send advertising data to ad networks. The only external link presented in the App is the link to this Privacy Policy (and no third-party promotional links are included in child-directed sections).

11. Data Retention — Detailed per Service and Category

We minimize retention and retain data only as long as needed to fulfil the purposes described above, to satisfy legal, accounting, or security obligations, or as otherwise stated below. When retention periods expire, we either delete, aggregate or irreversibly anonymize the data so it can no longer be linked to an identifiable person.

11.1 Retention for Analytics Providers

• Firebase Analytics / Google
  Default retention settings vary by configuration. In our project we set event-level retention to the minimum allowed where feasible; typical retention: up to 14 months for aggregated event data. For crash logs we retain data only as long as necessary to diagnose the issue, typically up to 12–24 months depending on the issue severity and resolution timeframe. Advertising identifiers are disabled in child-mode configuration.
• Unity Analytics
  Aggregated anonymized usage metrics are retained typically for up to 24 months. Unity’s retention and purge processes are applied; we configure the account to avoid storing identifiers for child users.
• AppMetrica
  Configured to retain anonymized statistics for up to 24–25 months; then data is purged or anonymized per provider policies.
• Adapty
  Purchase and subscription event logs are retained for subscription management and possible billing dispute resolution. Typical retention: while subscription active and up to 24 months after cancellation, after which identifiers are removed or anonymized.

11.2 Other Categories

• Support emails and voluntary messages: Stored in our email system (Google Workspace/Gmail) until the issue is resolved and then archived for up to 12 months, unless a parent requests earlier deletion. Logs used for long-term training/quality analysis are anonymized.
• Purchase confirmations / accounting records: Retained for statutory financial compliance (typically up to 5 years depending on jurisdiction) and then archived/anonymized.
• Security logs and fraud detection: Retained for the period necessary for investigations and legal compliance (commonly 6–24 months), then purged consistent with security policies.

11.3 Requests for Deletion / Anonymization

Parents or data subjects may request deletion or anonymization of data associated with them or their children. Verified deletion requests are processed within 30 calendar days of verification unless legal retention obligations exist. For analytics data stored by third-party providers, we will request deletion or anonymization from the provider and document the request. Some aggregated statistics that are irreversibly anonymized may not be reversible.

12. International Data Transfers

Our service providers may process and store data in various jurisdictions (e.g. EU, US). Where personal data is transferred outside the EEA/UK, we ensure appropriate safeguards (standard contractual clauses, provider certifications, or other lawful mechanisms) are in place to ensure an adequate level of protection in accordance with applicable law. For analytics data which is anonymized, transfers of aggregated data present fewer legal constraints; nevertheless, we enforce contractual and technical safeguards.

13. Data Security — Detailed Measures

We implement reasonable technical and organizational measures to protect Data from unauthorized access, alteration, disclosure or destruction. Measures include (but are not limited to):

• Encryption of data in transit (TLS/HTTPS) and where applicable at rest;
• Access controls and role-based privileges limiting data access to authorized personnel;
• Periodic security reviews and patching of software dependencies;
• Use of secure, reputable third-party providers with SOC/ISO attestations where possible;
• Logging and monitoring of access and security events;
• Secure deletion and retention policies to ensure data is purged when no longer needed.

Note: while we strive to protect data, no system is absolutely secure; we cannot guarantee absolute security of information transmitted to us or stored on devices outside our control.

14. Legal Disclosures and Law Enforcement

We may disclose Data if required by law, subpoena, or governmental request, or to protect the rights, property and safety of our users or third parties. We evaluate legal requests carefully and will limit disclosure to the extent possible. Where allowed, we will notify parents or users of requests to disclose their data unless prohibited by law or a valid legal order.

15. User Rights and How to Exercise Them (Detailed)

Depending on your jurisdiction, you may have the following rights regarding the personal data we process about you or your child. To exercise rights, contact us at [email protected]. We will take reasonable steps to verify your identity before responding.

• Right of Access: Request a copy of personal data we hold about you or your child.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of personal data (parents can request deletion of a child’s data). Deletion requests are honored within 30 days after verification unless legal obligations require retention.
• Right to Restrict Processing: Ask us to stop processing personal data while a dispute or correction is pending where applicable.
• Right to Data Portability: Request a machine-readable copy of your or your child’s data where applicable.
• Right to Withdraw Consent: Withdraw consent at any time for processing activities based on consent.
• Right to Lodge a Complaint: With your local supervisory authority (e.g., data protection authority) if you believe your rights are violated.

We will respond to verified requests within periods required by applicable law (typically within 30-45 days depending on jurisdiction and complexity).

16. Cookies and Similar Technologies (Expanded)

On the website we may use small text files (cookies) to remember user preferences (language) and basic analytics about visits. We do not use behavioral advertising cookies targeted at children. Cookies used:

• Session cookies: necessary for navigation;
• Preference cookies: remember language choices;
• Strictly necessary analytics cookies: aggregated counts of visits for site improvement purposes.

Users can disable or block cookies in the browser settings, but some site features may not function correctly.

17. Accessibility & Presentation of the Policy

This Policy is written in English and accessible within the App (Parents / Settings) and on our website at https://kids-planet-toddlers-learning.games/privacy-policy.html. Translated or printed versions are available on request by contacting us.

18. Advertising, Promotions, Links & External Resources

As stated above, the App does not contain third-party advertising or ad networks. The App may include a link to this Privacy Policy and other support resources. We do not link to third-party commercial websites in child-directed sections. If any external link is present, it is behind a parental gate and is clearly disclosed.

19. Quick Answers for App Review (Apple)

20. Changes to This Policy

We may update this Policy to reflect changes in our practices or applicable law. Material changes will be highlighted and an updated date will appear at the top of this Policy. For material changes, we will endeavour to notify active users via in-app notices where feasible.

21. Contact & Exercising Rights

If you have questions, complaints or want to exercise any of your rights, please contact our Data Protection Officer / Support at:

Email: [email protected]

We will reply and help you with verification and next steps. For deletion requests relating to children, we will ask the parent to provide reasonable verification (e.g., confirmation from the platform account or transaction details) to prevent unauthorized removal of data.