Privacy Policy | PocketPals

What We Collect

From parents and guardians: Email address, display name, and a PIN you choose to protect the parent dashboard. This information is required to create and manage your account.

From children (with parental consent): First name, age range (3–4, 5–7, or 8–12), conversation transcripts (text only), and lesson progress. We do not collect full names, addresses, phone numbers, or location data from children.

Voice and audio: Voice audio is processed in real time for speech recognition and is NOT stored. Only text transcripts of conversations are saved.

Usage data: Session length, features used, and streak data — used to improve the product. Not sold or shared with advertisers.

How We Use Your Data

Personalize Buddy's responses to your child's age and interests
Track learning progress and provide parent dashboard insights
Enforce session time limits you configure
Detect and flag potential safety concerns for parental review
Process subscription payments (Stripe — card data never touches our servers)
Send important account and safety notifications to parents

We do not use your data for behavioral advertising. We do not sell your data to any third party.

COPPA Compliance

PocketPals is built for children under 13 and is fully compliant with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information from children without verifiable parental consent. The parent creates the account and consents on behalf of the child during onboarding.

For full details on how we comply with COPPA, see our COPPA Compliance Notice.

Your Parental Rights

Review all data associated with your child's account
Correct inaccurate information
Request complete deletion of your child's data
Withdraw consent and close the account at any time
Export your child's data (data portability)

To exercise any of these rights, email privacy@pocketpals.app or use Parent Settings within the app. We respond within 30 days.

Third-Party Data Processors

We use the following third-party services to operate PocketPals. Each is contractually obligated to protect data and may not use it for their own purposes.

Processor	Purpose
Anthropic (Claude AI)	AI conversation processing
OpenAI (Whisper STT)	Speech-to-text transcription
ElevenLabs (TTS)	Text-to-speech voice synthesis
Supabase	Secure database hosting (PostgreSQL)
Vercel	Serverless API and web hosting
Stripe	Payment processing (card data never reaches our servers)

Data Retention

Conversation transcripts: retained for 90 days, then automatically deleted
Safety events: retained for 12 months
Learning progress and account data: retained until account deletion request
All data deleted within 30 days of a deletion request

Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Parent PINs are hashed using bcrypt. Our database uses row-level security — your child's data is only accessible to your account. We conduct periodic security reviews.

California Parents (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information. Contact us at privacy@pocketpals.app to exercise your rights.

EU and UK Parents (GDPR)

Parents in the EU and UK have rights to access, rectification, erasure, portability, restriction, and objection. We respond within 30 days. Contact: privacy@pocketpals.app.

Contact Us

Questions about this privacy policy or your data?

privacy@pocketpals.app

NuStack Digital Ventures LLC · We respond within 30 days.