Legal
This Privacy Policy describes how CyberKinder ("CyberKinder", "we", "our", or "us") processes information when a user accesses the website located at www.cyberkinder.com (the "Service"). The Service is an educational product developed for children. This Policy is written for the parent or other adult who supervises a child's use of the Service. By using the Service, the user accepts the practices described below. If the user does not accept this Policy, the user must not use the Service.
For the purposes of the European Union General Data Protection Regulation ("GDPR") and the United Kingdom General Data Protection Regulation, the data controller for the limited information described in this Policy is the operator of CyberKinder. Contact details for the controller are published on the Contact section of the About page. The controller may be reached for any matter relating to this Policy or to the rights described in Section 11.
The Service is designed to operate without collecting personal information from a child. In particular, CyberKinder does not request, store, or process the following categories of information:
The Service does not require registration. A child may access the full Service anonymously.
To remember progress across visits, the Service writes a small amount of non personal data into the local storage facility of the browser running on the user's device. This data is limited to: which quests have been started or completed, current quest map state, and per session score for the active run. This information is stored on the user's device only. It is not transmitted to CyberKinder. It is not associated with the child by any identifier. The user can delete this information at any time by clearing the site data through standard browser controls.
Certain pages of the Service include an optional educational chatbot called SafetyChat. When the user sends a message to SafetyChat, the message is transmitted by the Service to a third party model provider, OpenRouter, Inc., for the sole purpose of generating a kid friendly reply. The reply is returned to the user's browser.
CyberKinder does not retain SafetyChat conversations on its own servers, does not link conversations to any user identifier, and does not use conversation content for marketing or model training. The processing performed by OpenRouter, Inc. is governed by its own privacy terms, which are available on its website. The user is advised not to enter personal information of any kind into SafetyChat. The Service applies content safety filters before passing messages to the model provider, but no automated filter is perfect.
The Service does not set advertising cookies, analytics cookies, or cross site tracking cookies. The Service may use technically necessary browser storage as described in Section 4 to keep the Service functioning during a visit. No consent banner is required because no non essential tracking is performed.
The Service is directed to children. The architecture of the Service has been chosen so that personal information is not collected from a child as a condition of participation in any activity.
In the United States, the Service is operated in line with the Children's Online Privacy Protection Act of 1998 (15 U.S.C. §§ 6501 et seq.) and the rule promulgated thereunder by the Federal Trade Commission (16 C.F.R. Part 312) ("COPPA"). Because the Service does not collect personal information from a child, verifiable parental consent is not required as a condition of access. If we become aware that personal information of a child under thirteen has been collected through any error, we will delete that information promptly.
In the European Union, the United Kingdom, and the European Economic Area, the Service is operated in line with Article 8 of the GDPR concerning the conditions applicable to a child's consent in relation to information society services. Because no consent based processing of a child's personal data is required for the Service to function, no parental authorization is required as a condition of access.
The Service relies on the following third party processors strictly for its operation:
CyberKinder does not sell, lease, or share information processed by these providers for advertising or marketing purposes.
Where information is transmitted to a third party processor located outside the country in which the user is located, the transfer occurs strictly to provide the requested service. The user's use of the Service constitutes an instruction for any such necessary transfer to occur. Where required by applicable law, transfers rely on the standard contractual safeguards published by the relevant supervisory authority.
Because CyberKinder does not store personal information server side, no retention period applies to such information at the level of the Service. Browser storage on the user's device persists until cleared by the user. Logs created by the hosting provider are retained for the period defined by that provider's policy.
A user located in a jurisdiction that grants statutory data protection rights, including the GDPR, the UK GDPR, the California Consumer Privacy Act, and similar laws, may have the following rights with respect to any personal data processed in connection with the Service:
To exercise any of these rights, the parent of the child user may contact CyberKinder at the address listed on the Contact section of the About page. Because the Service does not retain personal data about its users, in most cases the response will confirm that no such data is held.
The Service is delivered over HTTPS so that the connection between the user's browser and the Service is encrypted in transit. CyberKinder applies reasonable technical and organizational measures designed to protect the limited information processed in connection with the Service. No method of transmission over the internet is fully secure, and no level of security can be guaranteed in absolute terms.
CyberKinder may amend this Policy from time to time. Any amendment becomes effective when posted on this page. The effective date and last updated date displayed at the top of this page indicate the date of the most recent material change. Continued use of the Service after a material change constitutes acceptance of the amended Policy.
Inquiries concerning this Policy, requests to exercise data protection rights, and any notification of suspected unintended collection of personal information from a child should be directed to the address listed on the Contact section of the About page.