ColorKids — Children's Privacy Policy

Operated by Future Bloom Studio

Effective date: 01/06/2026 | Last updated: 01/06/2026

1. Introduction

Future Bloom Studio (“we,” “us,” or “our”) operates the ColorKids mobile application (the “App”), a learning app directed to children aged 2–6. We care about children’s privacy and comply with the U.S. Children’s Online Privacy Protection Act (“COPPA”), and we take account of the EU/UK GDPR and the Australian Privacy Act where they apply.

This version of the App offers a free tier and an optional paid (“Premium”) tier. Your child’s profiles, learning progress, stickers, streaks, and parent settings are stored only on the device. The App uses Firebase Analytics and Firebase Crashlytics, which collect limited identifiers and usage/device data solely for the internal operations of the App (analytics for our own product improvement, crash diagnosis, and reliability), as explained in section 5.

2. Summary

3. Who We Are and How to Contact Us

Future Bloom Studio is the operator responsible for information practices in the App.

Operator

Future Bloom Studio

Email

colorkidzapp@gmail.com

Mailing address

18 Fortuna Street, Clayton VIC 3168, Australia

4. Information We Collect

We practise data minimisation. The App collects only the following from or about a child:

Category

Why and how

Persistent identifiers (Firebase installation ID / app-instance ID, device-generated identifier)

Generated by Firebase to support internal-operations analytics and crash reporting. Collected automatically when the App runs.

Device and usage / analytics data (app version, device model, OS version, language, country derived from IP at the time of the analytics ping, in-app event counts such as “lesson_started”, crash logs, stack traces, non-fatal error logs)

To understand how the App is used in aggregate, diagnose crashes, fix bugs, and improve the App’s internal operations. Collected via Firebase Analytics and Firebase Crashlytics, configured for child-directed treatment.

Stored only on the device, and never transmitted to us: each child’s profile name and avatar emoji (up to three profiles on Premium), learning progress, unlocked stickers and rewards, the daily streak, parent settings, and a one-way SHA-256-hashed Parent PIN. We do not have access to this on-device information.

The App does not collect names, email addresses, photos, video, microphone recordings, precise or coarse location, contacts, advertising IDs (IDFA/AAID), or behavioural-advertising signals, and does not request those device permissions. The only Android permission requested is VIBRATE (used by the Shapes module’s haptic feedback). The App does not request camera, microphone, or location permissions on either platform.

5. How We Use Information, and Firebase Configuration

We use the identifiers and analytics/crash data only for the internal operations of the App within the meaning of COPPA § 312.5(c)(7):

We do not use children’s information for behavioural advertising or targeted advertising, do not build marketing or behavioural profiles of children, do not amass children’s information for resale, and do not share it with third parties for those third parties’ own purposes.

We have configured Firebase for child-directed treatment:

As configured, Google acts as our service provider and processes this data on our behalf, under the Firebase Data Processing and Security Terms, for the internal-operations purposes above and not for its own purposes.

6. Legal Basis Under COPPA — Why We Do Not Obtain Verifiable Parental Consent

COPPA’s general rule is that an operator of a child-directed service must obtain verifiable parental consent (“VPC”) before collecting personal information from a child. COPPA recognises a narrow exception in 16 C.F.R. § 312.5(c)(7) where the only information collected is a persistent identifier (or other limited information) used solely to support the internal operations of the service, and not for any other purpose — including not for any behavioural advertising, not to contact a specific individual, and not to amass a profile.

The information collected by the App via Firebase Analytics and Firebase Crashlytics consists of persistent identifiers and related usage/device data, and is used only for the internal-operations purposes listed in section 5. We do not contact a specific individual, do not behaviourally advertise, do not amass profiles, and do not share data with third parties for their own purposes. Accordingly, the App relies on the § 312.5(c)(7) exception and does not obtain VPC.

If we ever introduce a feature that takes us outside this exception — for example behavioural ads, cross-app or cross-site tracking, user accounts identified by name or email, user-generated content, social features, chat, photo upload, voice recording, geolocation, or any sharing of children’s information with third parties for those third parties’ purposes — we will implement VPC, post an updated privacy policy, and notify parents before the change is released.

7. Premium, Subscriptions, and Payment Data

Premium features are offered through (a) an auto-renewing monthly subscription, (b) an auto-renewing yearly subscription, and (c) a lifetime one-time purchase. All payments are processed by the app store (Apple App Store or Google Play). We do not collect or receive your payment-card number or billing details; the app store handles billing under its own privacy policy. We receive only non-identifying signals from the app store confirming that a purchase or active subscription exists, which the App uses locally to unlock Premium features. Premium entitlement is stored on the device.

Subscriptions auto-renew at the end of each billing period at the price stated in the app store unless cancelled at least 24 hours before the end of the current period. You can manage or cancel subscriptions in your app store account settings (Apple ID Subscriptions, or Google Play Subscriptions). Cancelling a subscription stops future renewals but does not refund the current period.

The “Restore Purchases” button in the App asks the app store to confirm whether your Apple ID or Google account has previously purchased Premium and, if so, re-enables Premium on this device. This does not transmit information about your child to us.

8. Premium Features Offered

Premium currently unlocks the following:

9. Disclosure of Information

We do not sell children’s personal information and do not share it with third parties for their own purposes. We disclose information only:

10. Parental Rights

As a parent or guardian, you have the right to review the information we have collected from your child, refuse to permit further collection or use, and direct us to delete it.

Refusing collection or deleting data may end your child’s ability to use some Premium features that depend on the App functioning correctly.

11. Data Retention and Security

We use reasonable administrative, technical, and physical safeguards to protect information, including TLS in transit (provided by Firebase) and access controls on the Firebase console. The Parent PIN is stored on the device as a SHA-256 hash, never as plaintext. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. International Users and Cross-Border Transfers

The App is available worldwide. Firebase processes data in Google’s global infrastructure, which may include the United States and other countries. By using the App, you understand that identifiers and usage data collected through Firebase may be processed outside your country of residence under the safeguards described in the Firebase Data Processing and Security Terms (including, where applicable, Standard Contractual Clauses for transfers from the EEA/UK).

EEA/UK users have rights under the GDPR (access, rectification, erasure, restriction, objection, portability, and to lodge a complaint with a supervisory authority). Australian users have rights under the Australian Privacy Principles. To exercise these rights, contact us at colorkidzapp@gmail.com.

13. Changes to This Policy

If we make material changes to how we collect, use, or disclose children’s personal information — for example, by adding advertising, cloud sync, accounts, photo or voice upload, social features, or new categories of data — we will notify parents and, where required, obtain verifiable parental consent before applying the changes. We will post the updated policy here with a new “Last updated” date.

14. How to Contact Us

Questions about this policy or your child’s information can be sent to Future Bloom Studio at colorkidzapp@gmail.com or by mail at 18 Fortuna Street, Clayton VIC 3168, Australia.

U.S. parents may also contact the Federal Trade Commission, which enforces COPPA, at www.ftc.gov.