Privacy Policy
Last Updated: June 15, 2026 · Effective: June 15, 2026
MoodyKids ("the App", "we", "us") is a children's emotional-education app developed by GCDM, targeting children aged 5-7 and their parents. We take children's privacy seriously. This policy explains how we collect, use, share, and protect your and your child's information.
1. Information We Collect
Parent Account Information (via Apple Sign-In / Google Sign-In):
- Email address (Apple users may use Apple's Private Relay to hide their real email)
- Display name (optional)
- System-generated anonymous user ID
Child Profile Information (manually created by parents in-app):
- Nickname (real name is NOT requested)
- Age or age range
- Character avatar (Joy / Blue / Spark / Tremble)
Each parent may create up to 3 child profiles. We do NOT collect real names, emails, phone numbers, or physical locations of children.
Usage Data:
- Theater session play count and completion times
- Emotion selection records (happy / sad / angry / scared)
- Acceptance activity usage (breathing, hugs, sharing, etc.)
- In-app navigation and feature usage
Subscription & Payment Information: Processed through Apple App Store or Google Play. The App never accesses or stores your credit-card or bank information. We only receive subscription status (subscribed / unsubscribed / trial) via RevenueCat.
Technical Data:
- Device model and OS version
- App version and language settings
- Crash reports and error logs (via Sentry)
2. Information We Do NOT Collect
- ❌ Children's real names or contact information
- ❌ Precise geolocation (GPS)
- ❌ Contacts, photos, or calendar
- ❌ Microphone recordings (voice is processed locally on-device only, NEVER uploaded)
- ❌ Camera content
- ❌ Advertising identifiers (IDFA / GAID)
- ❌ Cross-app tracking data
3. How We Use This Information
- Provide core features (theater, emotion acceptance activities, parent dashboard)
- Maintain your login session and subscription entitlements
- Personalize the experience (remember emotion preferences, activity history)
- Generate parent-dashboard summaries and suggestions
- Fix bugs and improve app stability
- Comply with legal obligations
4. Whom We Share Information With
We do not sell your personal information. To provide our service, we share the minimum necessary data with these trusted providers:
- Supabase (data storage): stores parent accounts, child profiles, activity logs. Data center in Singapore (ap-southeast-1).
- RevenueCat (subscription management): cross-platform subscription state.
- Apple (Sign in with Apple): identity verification.
- Google (Google Sign-In): identity verification.
- Anthropic (Claude API, parent-side AI suggestions only): sends anonymized emotion summaries; never sends child or parent personally-identifiable information.
- Sentry (crash reporting): anonymized technical error logs.
- PostHog (behavioral analytics): anonymized app-usage statistics; all child-related events are de-identified.
5. Children's Special Protections (COPPA / GDPR-K)
The app is primarily operated by parents on the backend. Children access content through a "Parent Gate" (long-press 2-3 seconds):
- Child interactions use only nicknames or character names (no real names)
- No third-party advertising is shown to children
- Children are not directed to in-app purchase pages or external links
- We do not collect information sufficient to individually identify a child
- Parents must consent to "Children's Information Handling Consent" at registration (logged in
device_consents table)
If you are a parent of a child under 13 (COPPA, USA) or under 16 (GDPR-K, EU), you have the right to review, modify, or delete your child's records at any time.
6. Data Retention
- Parent account: retained for 24 months after last login
- Child activity logs: retained for 12 months, then aggregated and deleted
- Subscription records: retained for at least 7 years per tax law
- Crash logs: retained for 90 days
7. Your Rights
You may at any time:
- Access: view all stored data in-app under "Parent Settings → My Data"
- Modify: directly edit child profiles, subscriptions, and preferences in-app
- Export: email us to request a JSON-format copy of your full data
- Delete account: in-app under "Parent Settings → Delete Account" for one-click irreversible deletion, or email us
- Withdraw consent: email us to withdraw authorization
8. Data Security
- All transmissions use TLS 1.3 encryption
- Supabase Row-Level Security (RLS) strictly isolates each parent's data
- Passwords are stored using bcrypt hashing; engineers cannot view them
- Regular third-party security audits
9. Cross-Border Data Transfer
Our primary database is located in Singapore (ap-southeast-1). If you reside in a region with cross-border restrictions (e.g., EU GDPR, China PIPL), we handle data per local regulations.
10. Policy Changes
This policy may be updated as our service evolves. Significant changes will be prominently announced in-app, and the "Last Updated" date on this page will be revised.
11. Contact Us
For questions about this policy, your data, or deletion requests, contact:
We commit to responding within 7 business days.