Legal
This Privacy Policy describes how CyberKinder ("CyberKinder", "we", "our", or "us") processes information when a user accesses the website located at www.cyberkinder.com (the "Service"). The Service is an educational product developed for children. This Policy is written for the parent or other adult who supervises a child's use of the Service. By using the Service, the user accepts the practices described below. If the user does not accept this Policy, the user must not use the Service.
For the purposes of the European Union General Data Protection Regulation ("GDPR") and the United Kingdom General Data Protection Regulation, the data controller for the limited information described in this Policy is the operator of CyberKinder. Contact details for the controller are published on the Contact section of the About page. The controller may be reached for any matter relating to this Policy or to the rights described in Section 11.
The Service can be used without an account, and a child may play the free portion of the Service anonymously, with no personal information collected. To save progress across visits and devices and to unlock the full Service, a parent or guardian may choose to create an optional account. When an account is used, CyberKinder collects only the limited information described below:
CyberKinder does not collect a child's real name, postal address, telephone number, photographs, audio or video recordings, precise or device based location, or advertising and cross site tracking identifiers, and it does not sell or share personal information for advertising or marketing. Creating an account is optional, and a child may use the free portion of the Service with no account at all.
To remember progress across visits, the Service writes a small amount of non personal data into the local storage facility of the browser running on the user's device. This data is limited to: which quests have been started or completed, current quest map state, and per session score for the active run. This information is stored on the user's device only. It is not transmitted to CyberKinder. It is not associated with the child by any identifier. The user can delete this information at any time by clearing the site data through standard browser controls.
Certain pages of the Service include an optional educational chatbot called SafetyChat. When the user sends a message to SafetyChat, the message is transmitted by the Service to a third party model provider, OpenRouter, Inc., for the sole purpose of generating a kid friendly reply. The reply is returned to the user's browser.
CyberKinder does not retain SafetyChat conversations on its own servers, does not link conversations to any user identifier, and does not use conversation content for marketing or model training. The processing performed by OpenRouter, Inc. is governed by its own privacy terms, which are available on its website. The user is advised not to enter personal information of any kind into SafetyChat. The Service applies content safety filters before passing messages to the model provider, but no automated filter is perfect.
The Service does not set advertising cookies or cross site advertising trackers. With the visitor's consent, given through the cookie banner, the Service uses Google Analytics, a measurement service provided by Google LLC. Google Analytics sets analytics cookies so that we can understand how the Service is used and improve it. A visitor who declines analytics in the cookie banner is not given those cookies, and the Service still works. Advertising features, Google Signals, and ad personalization are disabled in our Google Analytics configuration, so the analytics data is not used to build an advertising profile. The Service also uses technically necessary browser storage as described in Section 4 to keep the Service functioning during a visit.
CyberKinder never shows personalized or behavioral advertising to a child, and no advertising profile of a child is ever created. No information about a child is used to select, target, or measure any promotional content. The Service currently displays no third party advertising of any kind. If sponsored or promotional content is ever introduced, it will be contextual only. It will be selected from the subject of the page being viewed, never from any information about the individual child, and this Policy will be updated before any such content appears.
The Service is directed to children and is designed to minimize the personal information collected from a child. A child may use the free portion of the Service anonymously, with no account and no personal information collected. The full Service may be unlocked through an optional account created with the involvement of a parent or guardian.
In the United States, the Service is operated in line with the Children's Online Privacy Protection Act of 1998 (15 U.S.C. §§ 6501 et seq.) and the rule promulgated thereunder by the Federal Trade Commission (16 C.F.R. Part 312) ("COPPA"). Where an account is created for a child, CyberKinder obtains verifiable parental consent before that account becomes active. The account is created only after a parent or guardian approves it through a link sent to the parent or guardian email address, and the parent or guardian sets the child's password at that time. A parent or guardian may review the information held about a child, decline its further use, and request its deletion at any time from the account dashboard or by contacting CyberKinder. If we become aware that personal information of a child under thirteen has been collected without the required parental consent, we will delete that information promptly.
In the European Union, the United Kingdom, and the European Economic Area, the Service is operated in line with Article 8 of the GDPR concerning the conditions applicable to a child's consent in relation to information society services. A child may use the free portion of the Service without any consent based processing of personal data. Where an account is created for a child, the limited account information described in Section 3 is processed on the basis of consent given and verified through the parent or guardian, who may withdraw that consent and request deletion at any time.
The Service relies on the following third party processors strictly for its operation:
Where an optional account is used, account information is stored with our authentication and database provider, Supabase, Inc., and the parental approval and password reset emails are delivered through our email provider, Resend. Where a family purchases the paid plan, the purchase is handled by Paddle as merchant of record, which processes the payment information under its own terms and provides CyberKinder only the subscription status and reference identifiers described in Section 3. Each provider acts strictly for the operation of the Service. CyberKinder does not sell, lease, or share information processed by these providers for advertising or marketing purposes.
Where information is transmitted to a third party processor located outside the country in which the user is located, the transfer occurs strictly to provide the requested service. The user's use of the Service constitutes an instruction for any such necessary transfer to occur. Where required by applicable law, transfers rely on the standard contractual safeguards published by the relevant supervisory authority.
For a child using the free Service without an account, CyberKinder does not store personal information server side, and progress kept in browser storage on the user's device persists until cleared by the user. Where an optional account is used, the limited account information described in Section 3 is retained for as long as the account remains active, so that progress is available across visits and devices. A parent or guardian may delete a child profile, or the entire account, at any time. On deletion, the associated account information is erased, including the child profile, learning progress, the parent or guardian email address, and the related email and consent records. Routine server logs created by the hosting provider are retained for the period defined by that provider's policy.
A user located in a jurisdiction that grants statutory data protection rights, including the GDPR, the UK GDPR, the California Consumer Privacy Act, and similar laws, may have the following rights with respect to any personal data processed in connection with the Service:
To exercise any of these rights, the parent or guardian of the child user may use the account dashboard, where a child profile or the entire account can be deleted, or may contact CyberKinder at the address listed on the Contact section of the About page. Where no account has been created, CyberKinder holds no personal data about the user, and the response will confirm that no such data is held.
The Service is delivered over HTTPS so that the connection between the user's browser and the Service is encrypted in transit. CyberKinder applies reasonable technical and organizational measures designed to protect the limited information processed in connection with the Service. No method of transmission over the internet is fully secure, and no level of security can be guaranteed in absolute terms.
CyberKinder may amend this Policy from time to time. Any amendment becomes effective when posted on this page. The effective date and last updated date displayed at the top of this page indicate the date of the most recent material change. Continued use of the Service after a material change constitutes acceptance of the amended Policy.
Inquiries concerning this Policy, requests to exercise data protection rights, and any notification of suspected unintended collection of personal information from a child should be directed to the address listed on the Contact section of the About page.