Privacy Policy for Spell Parrot

Last Updated: October 19, 2025

Introduction

Parrot Technologies ("we," "us," or "our") operates the Spell Parrot mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect information when children and parents use our App.

Children's Privacy

Spell Parrot is designed for children aged 5-12. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable children's privacy laws worldwide.

Parental Consent

We require verifiable parental consent before collecting any personal information from children. Parents must create an account before children can use the App.

Information We Collect

From Parents

When parents create an account, we collect:

• Email address: For account authentication and important notifications
• First name and last name: Optional, for personalization
• Account information: Username, password (encrypted)
• Family/Organization name: For account management
• Payment information: Processed securely through Stripe (we do not store credit card numbers)
• Subscription details: Plan type, billing cycle, subscription status

From Children

For child profiles created by parents, we collect:

• Username: Chosen by the parent, used for child login
• Password: Encrypted, used for child login
• First name and last name: Optional, chosen by the parent for personalization
• Date of birth: Optional, chosen by the parent for age-appropriate content
• Practice session data: Spelling test results, progress, and performance analytics
• Audio recordings: NOT collected - we do not record children's voices (we only use text-to-speech to play words aloud)
• Photos: Only used temporarily for OCR (Optical Character Recognition) to extract words from images - photos are NOT stored or uploaded

Automatically Collected Information

• Device information: Device type, operating system version (for technical support)
• Usage data: App features used, session duration (for improving the App)
• Error logs: Technical logs to fix bugs and improve performance

How We Use Information

We use the collected information to:

• Provide spelling practice functionality
• Track children's progress and display analytics to parents
• Process subscription payments
• Send important account and service notifications to parents
• Improve app performance and fix technical issues
• Ensure compliance with our Terms of Service

Information We Do NOT Collect

We do not collect:

• Children's photos (photos taken for OCR are processed locally and not stored or uploaded)
• Children's voice recordings
• Precise geolocation data
• Social media information
• Biometric information
• Browsing history outside the App
• Children's contact information (email, phone number, address)

How We Share Information

We do NOT sell, rent, or share children's personal information with third parties for marketing purposes.

We only share information with:

• Stripe: For secure payment processing (payment information only)
• Amazon Web Services (AWS): For secure cloud hosting (encrypted data storage)
• Mailgun: For sending authentication emails to parents only
• Legal authorities: If required by law or to protect safety

All third-party service providers are contractually required to protect the privacy and security of personal information and use it only for the services they provide to us.

Data Security

We implement industry-standard security measures:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of passwords using bcrypt
• Secure authentication using JWT tokens
• Regular security audits and updates
• Access controls and authentication requirements

Data Retention

• Active accounts: We retain data while the account is active
• Inactive accounts: We may delete accounts inactive for 24 months after notification
• Deletion requests: We honor deletion requests within 30 days

Parental Rights

Parents have the right to:

1. Review the personal information collected from their children
2. Delete their children's accounts and associated data
3. Refuse further collection of their children's information
4. Update or correct information

To exercise these rights, contact us at [email protected].

Third-Party Links

Our App does not contain links to third-party websites or services.

International Users

Our servers are located in Singapore. If you access the App from outside this region, your information may be transferred to, stored, and processed in this location.

For users in the European Economic Area (EEA), we comply with GDPR requirements, including GDPR-K (children's privacy provisions).

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify parents of material changes via:

• Email notification
• In-app notification
• Updated "Last Updated" date

Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: [email protected]

COPPA Compliance

We comply with COPPA requirements:

• We obtain verifiable parental consent before collecting children's information
• Parents can review and delete their children's information
• We collect only information necessary for the App's functionality
• We do not condition children's participation on providing more information than necessary
• We maintain reasonable security procedures

Your Consent

By using Spell Parrot, parents consent to this Privacy Policy on behalf of themselves and their children.

---

Data Safety Form Answers (for Google Play Console)

Use these answers when completing Google Play's Data Safety section:

Does your app collect or share user data?

Yes

Data Collection - Personal Information

Email addresses

• Collected: Yes (from parents only)
• Shared: No
• Purpose: Account management, App functionality
• Collection is optional: No
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

Name (first name, last name)

• Collected: Yes (from both parents and children)
• Shared: No
• Purpose: App functionality, Personalization
• Collection is optional: Yes
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

User IDs

• Collected: Yes
• Shared: No
• Purpose: Account management, App functionality
• Collection is optional: No
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

User names (child usernames)

• Collected: Yes
• Shared: No
• Purpose: Account management, App functionality
• Collection is optional: No
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

Passwords

• Collected: Yes
• Shared: No
• Purpose: Account authentication
• Collection is optional: No
• Data is encrypted in transit: Yes
• Data is encrypted at rest: Yes
• Users can request deletion: Yes

Data Collection - App Activity

App interactions (practice session data)

• Collected: Yes
• Shared: No
• Purpose: Analytics, App functionality
• Collection is optional: No
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

Data Collection - Personal Info (Sensitive)

Date of birth (children only)

• Collected: Yes
• Shared: No
• Purpose: App functionality (age-appropriate content)
• Collection is optional: Yes
• Data is encrypted in transit: Yes
• Users can request deletion: Yes

Data Collection - Device or Other IDs

Device or other IDs

• Collected: Yes
• Shared: No
• Purpose: Analytics, Fraud prevention
• Collection is optional: No
• Data is encrypted in transit: Yes

Is data collected from children?

Yes - From children under 13

Data handling for children

All data types collected from children are handled with COPPA compliance:

• Parental consent required before any data collection
• Minimal data collection (only what's necessary for app functionality)
• Optional fields (name, date of birth) are clearly marked as such
• No advertising, marketing, or behavioral profiling
• Secure storage and transmission (encryption in transit and at rest)
• Parents can review, update, and delete all child data at any time