COPPA Compliance
How Kidderboard protects children's privacy under the Children's Online Privacy Protection Act.
Last updated: 22 March 2026What is COPPA?
The Children's Online Privacy Protection Act (COPPA) is a US federal law designed to protect the privacy of children under 13. Even though Kidderboard is a UK-based app, we comply with COPPA because we believe every child deserves the highest standard of data protection, regardless of where they live.
1. Parental Consent
Kidderboard requires parental consent before any child's information is collected. • Only parents (or legal guardians) can create a Kidderboard account • Parents add children to their family — children cannot create their own profiles • By creating a child's profile, the parent provides verifiable consent for the limited data we collect • Parents can review, modify, or delete their child's information at any time through the app • Parents can revoke consent by removing a child's profile or deleting their account entirely
2. Limited Data Collection
We collect the absolute minimum data necessary to provide Kidderboard's features. For children, we collect only: • First name (for display within the family account) • Age (to provide age-appropriate features) • Activity completion data and Kidderbux balances (core app functionality) We do NOT collect from children: • Email addresses or phone numbers • Physical addresses or location data • Photos, videos, or audio recordings • Persistent identifiers for behavioural advertising • Any information beyond what is reasonably necessary
3. No Third-Party Sharing
We do not share children's personal information with third parties. • We do not sell children's data — to anyone, ever • We do not use children's data for advertising or marketing • We do not allow third-party ad networks or analytics trackers in the app • The only third parties that process data are our essential service providers (Railway for hosting, RevenueCat for subscriptions) under strict data processing agreements
4. Security Measures
We implement robust security measures to protect children's data: • All data is encrypted in transit (TLS/SSL) and at rest • Access to children's data is restricted to the parent's authenticated account • We conduct regular security reviews • Our infrastructure is hosted on Railway, with data stored in PostgreSQL with encryption at rest • We have incident response procedures in place for any potential data breaches
5. Data Retention & Deletion
We retain children's data only for as long as the parent maintains an active account. • Parents can delete individual children's profiles at any time • When a child's profile is deleted, all associated data is permanently removed within 30 days • When a parent deletes their entire account, all family data (including all children's data) is permanently removed • We do not retain children's data for any purpose after deletion
6. Contact Our Privacy Team
If you have any questions about our COPPA compliance, our data practices, or wish to exercise your parental rights regarding your child's data, please contact us: Email: privacy@kidderboard.com We aim to respond to all privacy-related enquiries within 48 hours.