Kids Village Inc.

Privacy policy

Privacy Policy for Kids Village Books

**Last Updated:** November 15, 2025

Kids Village Books ("we," "us," or "our") operates the Village mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

**IMPORTANT NOTICE FOR PARENTS:** Kids Village Books is designed for children. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information from children without parental consent.

---

1. Information We Collect

1.1 Parent Account Information
When you create an account, we collect:
- Email address
- Password (encrypted)
- Subscription status

1.2 Children's Profile Information  
With your permission, we collect:
- Child's first name (optional - for personalization)
- Child's age (for age-appropriate content recommendations)
  - **Note:** A child's age is stored only as a number (e.g., "7") and is not combined with any identifiers to create behavioral profiles or track individual children
- Reading preferences and preferred language
- Reading level

**We DO NOT collect:**
- Last names
- Birthdates (only age)
- Photos or videos
- Location data
- Social media information
- Contact information from children

1.3 Reading Data
We collect:
- Books read and reading progress (pages read, time spent)
- Book ratings and favorites
- Reading achievements and levels
- Offline download status

1.4 Device Information
For security and Digital Rights Management (DRM):
- Device identifier (to prevent unauthorized book sharing)
- Operating system version
- App version
- Network connectivity status (for offline mode)

1.5 Payment Information
Payment processing is handled by:
- **Google Play / Apple App Store** (for subscriptions)
- **RevenueCat** (subscription management)

We do NOT store credit card information. All payment data is processed securely by our payment providers.

---

2. How We Use Your Information

We use collected information to:

2.1 Provide Services:
- Authenticate your account
- Manage subscriptions and enforce weekly reading limits for free tier
- Deliver age-appropriate book content
- Track reading progress
- Provide personalized recommendations
- Enable offline reading with encrypted book storage
- Generate text-to-speech narration

2.2 Improve Services:
- Analyze reading patterns (anonymized)
- Improve content recommendations via AI-powered search
- Fix bugs and technical issues
- Develop new features

2.3 Communicate:
- Send subscription confirmations
- Notify about account issues
- Respond to support requests
- Send important updates (only with consent)

2.4 Legal Basis for Processing (GDPR):
For users in the European Economic Area (EEA), we process your data based on:
- **Performance of contract:** Account management, subscription delivery, book access
- **Consent:** Parental consent for children's profiles and reading data collection
- **Legal obligation:** Payment records retention (tax compliance), response to court orders
- **Legitimate interest:** Analytics (anonymized), service improvements, security measures

You may withdraw consent at any time by deleting your account.

---

3. How We Share Your Information

3.1 We DO Share (Anonymized Data):
**With Publishers:**
- Total pages read per book (no user identification)
- Aggregate reading statistics (e.g., "100 children ages 5-7 read this book")
- NO personal information is ever shared

**With Service Providers:**
- **Firebase (Google Cloud)** - hosting, authentication, and database
- **RevenueCat** - subscription management
- **Microsoft Azure** - text-to-speech narration
- **OpenAI** - AI-powered book search (search queries are NOT linked to individual children)
- **Google Cloud KMS** - book encryption key management

All service providers are contractually required to protect your data.

3.2 We DO NOT:
- Sell your personal information
- Share children's information with advertisers
- Use information for behavioral advertising
- Share data with social media platforms
- Allow third-party analytics on children's activities

3.3 Legal Requirements:
We may disclose information if required by law, court order, or government request.

---

4. Children's Privacy (COPPA Compliance)

**Parental Consent:**
- Parents create the master account
- Parents add and manage children's profiles
- Parents control all account settings
- Parents can delete children's data at any time

**No Direct Collection from Children:**
- Children cannot create accounts
- Children cannot share information externally
- No chat features or social elements
- No third-party advertising
- Limited to one child profile for free tier accounts (prevents abuse)

**Data Minimization:**
- We collect only what's necessary for functionality
- No location tracking
- No behavioral profiling of children
- Debug logging disabled in production builds

**Parental Rights:**
You have the right to:
- Review your child's information
- Request deletion of your child's data
- Refuse further collection
- Contact us with questions: [email protected]

---

5. Data Security

We implement industry-standard security measures:

**Encryption:**
- All data transmitted over HTTPS/TLS
- Books encrypted with AES-256-GCM
- Passwords hashed with Firebase Authentication
- Secure offline storage with SQLite encryption

**Access Controls:**
- Firebase Authentication with secure token management
- Role-based access for staff and publishers
- Regular security audits
- Firestore security rules restricting data access

**DRM Protection:**
- Device-bound book licenses (expires after 30 days)
- Encrypted book content stored locally
- Secure key management via Google Cloud KMS
- Screen recording protection enabled

---

6. Data Retention

**Active Accounts:**
- Retained as long as account is active
- Reading history: indefinitely (for progress tracking)
- Offline downloads: retained until manual deletion or expiration (30 days)

**Deleted Accounts:**
- Account data deleted within 30 days
- Anonymized reading statistics retained for publisher royalties
- Backup copies deleted within 90 days
- Local SQLite data cleared on device upon next app launch after account deletion

**App Uninstallation:**
- Uninstalling the app automatically deletes all locally cached data, including:
  - Encrypted offline books
  - Cached TTS (text-to-speech) audio files
  - SQLite reading progress database
  - Device-specific encryption keys
- Server-side account data remains until you explicitly delete your account

**Subscription Data:**
- Retained for 7 years (tax compliance)
- Personal identifiers removed after account deletion

---

7. Your Rights

You have the right to:

**Access:** Request a copy of your data  
**Correction:** Update inaccurate information  
**Deletion:** Delete your account and data  
**Portability:** Export your data  
**Opt-Out:** Unsubscribe from marketing emails  
**Restrict:** Limit how we use your data  

**To exercise your rights:**
Email: [email protected]
Response time: 30 days

---

8. Cookies and Tracking

**We DO NOT use:**
- Advertising cookies
- Behavioral tracking
- Third-party analytics for children
- Social media pixels

**We DO use:**
- Essential session cookies (login state)
- Firebase Analytics (aggregated, anonymized)
- Crash reporting (for bug fixes only)

You can disable analytics in Settings.

---

9. Third-Party Services

Our app uses:

**Firebase (Google Cloud)**
- Authentication, database, storage, and Cloud Functions
- Privacy Policy: https://firebase.google.com/support/privacy

**RevenueCat**
- Subscription management
- Privacy Policy: https://www.revenuecat.com/privacy

**Microsoft Azure Speech Services**
- Text-to-speech narration
- Privacy Policy: https://privacy.microsoft.com/

**OpenAI GPT-4**
- AI-powered book search
- Privacy Policy: https://openai.com/privacy
- **Note:** Search queries are sent to OpenAI but NOT linked to individual children or accounts
- OpenAI processes search queries only for the purpose of generating search results. We disable training-data usage whenever available and never include personal data in queries.
- Search queries are not logged with user identifiers and contain only book-related keywords (e.g., "dragons," "adventure"), not personal information

**Google Cloud KMS**
- Encryption key management for DRM
- Privacy Policy: https://cloud.google.com/security/privacy

---

10. International Data Transfers

Your data is stored in:
- **Primary:** United States (Google Cloud, Firebase)
- **Compliance:** GDPR, CCPA, COPPA

If you are outside the U.S., your data may be transferred to and processed in the United States. By using our App, you consent to this transfer.

**Safeguards for International Transfers:**
- For users in the European Economic Area (EEA), we rely on **Standard Contractual Clauses (SCCs)** approved by the EU Commission
- All service providers (Firebase, RevenueCat, Azure, OpenAI) are contractually bound to protect your data according to GDPR standards
- Data transfers are encrypted in transit using HTTPS/TLS

---

11. California Privacy Rights (CCPA)

California residents have additional rights:

**Right to Know:** What personal information we collect  
**Right to Delete:** Request deletion of your data  
**Right to Opt-Out:** Opt-out of sale (we don't sell data)  
**Non-Discrimination:** Equal service regardless of privacy choices  

Contact: [email protected]

---

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will:
- Notify you of material changes via email
- Post updated policy in the App
- Update "Last Updated" date

**Your continued use after changes constitutes acceptance.**

---

13. Contact Us

**Questions or concerns about privacy?**

Email: [email protected]  
Website: [https://kidsvillagebooks.com/]  
Mailing Address: 3410 Molino, CA USA 92618  


**For COPPA-related questions (parents only):**
Email: [email protected] 

---

## App Store Disclosures

### Google Play Data Safety

**Data Collected:**
- Personal Info: Email address, child's first name (optional)
- App Activity: Reading history, book favorites, progress tracking
- Device ID: For DRM protection and offline license validation

**Data Shared:**
- Anonymized reading metrics with publishers
- No data sold to third parties

**Security:**
- Data encrypted in transit (HTTPS/TLS)
- Data encrypted at rest (AES-256-GCM)
- Books protected with DRM

**Data Usage:**
- App functionality (reading progress, recommendations)
- Analytics (anonymized, aggregate only)

### Apple Privacy Nutrition Label

**Data Linked to You:**
- Contact Info (parent email address)
- User Content (reading progress, favorites)
- Identifiers (device ID for DRM)

**Data Not Linked to You:**
- Crash logs
- Aggregated reading statistics

**Data Not Collected:**
- Location
- Browsing history
- Contacts
- Photos or videos
- Search history (search queries processed but not stored with user ID)

**Tracking:**
- We do not track you across apps or websites
- No advertising or marketing tracking
- **Apple IDFA:** We do not use IDFA (Identifier for Advertisers) and do not participate in Apple's App Tracking Transparency (ATT) framework because we do not track users
- **Google Advertising ID:** We do not collect or use Google Advertising ID for advertising purposes

---