Privacy Policy

Data Controller

The data controller responsible for processing personal data is:

What Data We Collect

We collect the following personal data:

• Account information: email address, parent/guardian name
• Family information: family name, children's first names and ages
• Usage data: completed tasks, earned coins, redeemed rewards
• Technical data: IP address, browser type, device information
• Communications: messages via the contact form and support tickets

Legal Basis

We process personal data based on the following legal grounds:

• Contract performance: to provide the KidKoins service you signed up for.
• Consent: for sending optional communications and processing children's data.
• Legitimate interest: for improving our service, security, and fraud prevention.
• Legal obligation: to comply with applicable laws and regulations.

Data Retention

We do not retain personal data longer than necessary:

• Account data: until the account is deleted, plus a maximum of 30 days thereafter.
• Family data: until the account is deleted.
• Support tickets: a maximum of 2 years after closure.
• Contact form submissions: a maximum of 1 year.
• Technical log files: a maximum of 90 days.

Third Parties

We only share personal data with the following parties, solely for delivering our service:

• Amazon Web Services (AWS): hosting and infrastructure, located in the EU (Ireland region).
• AWS Cognito: authentication and account management.
• DeepL: translation of support messages (text only, no personal identification data).
• Microsoft Family Safety / Apple Screen Time: only at the parent's request, for screen time integration.

We never sell personal data to third parties.

Children's Data

KidKoins is designed for use by families, including children. We take extra measures to protect children's data:

• Children do not have their own account — their data is managed by the parent/guardian.
• We collect minimal data from children: first name, age, and avatar color.
• Children log in with a PIN code, not an email address.
• Parents have full control over their children's data and can delete it at any time.
• We do not show advertisements to children.

Your Rights

Under the GDPR, you have the following rights:

• Right of access: you can request which data we hold about you.
• Right to rectification: you can have incorrect data corrected.
• Right to erasure: you can request deletion of your data.
• Right to data portability: you can request your data in a common format.
• Right to object: you can object to certain processing activities.
• Right to withdraw consent: where processing is based on consent.

To exercise your rights, contact us at privacy@kidkoins.app. We will respond within 30 days.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Cookies

KidKoins only uses strictly necessary cookies:

• Session cookie: required for website functionality and maintaining your login status.
• CSRF token: security cookie to protect against cross-site request forgery.
• Language preference: to remember your chosen language.

We do not use tracking cookies, advertising cookies, or third-party analytics.

Changes

We may update this privacy policy from time to time. For significant changes, we will notify you via email or a notice on the website. The date of the last change is shown at the top of this page.

Contact

Do you have questions about this privacy policy or how we handle your data? Please contact us: