ColorKids — Children's Privacy Policy
Operated by Future Bloom Studio
1. Introduction
Future Bloom Studio (“we,” “us,” or “our”) operates the ColorKids mobile application (the “App”), a learning app directed to children aged 2–6. We care about children’s privacy and comply with the U.S. Children’s Online Privacy Protection Act (“COPPA”), and we take account of the EU/UK GDPR and the Australian Privacy Act where they apply.
This version of the App offers a free tier and an optional paid (“Premium”) tier. Your child’s profiles, learning progress, stickers, streaks, and parent settings are stored only on the device. The App uses Firebase Analytics and Firebase Crashlytics, which collect limited identifiers and usage/device data solely for the internal operations of the App (analytics for our own product improvement, crash diagnosis, and reliability), as explained in section 5.
2. Summary
- Profiles (up to three on Premium), progress, stickers, streaks, and settings are stored only on the device — not on our servers (we do not operate any).
- We use Firebase Analytics and Firebase Crashlytics. They collect persistent identifiers and usage/device data only for the App’s internal operations (product analytics, crash diagnosis, debugging, and security).
- We do not show third-party behavioural advertising to children, do not build marketing or behavioural profiles of children, and do not sell children’s data or share it with third parties for those third parties’ own purposes.
- Payments for Premium are handled entirely by the Apple App Store or Google Play; we do not receive your payment-card details.
- Because the identifiers we collect are used only for support for the internal operations of the App, COPPA permits this collection without verifiable parental consent under 16 C.F.R. § 312.5(c)(7). If we ever move outside that exception, we will obtain VPC before the change ships.
3. Who We Are and How to Contact Us
Future Bloom Studio is the operator responsible for information practices in the App.
|
Operator |
Future Bloom Studio |
|
|
colorkidzapp@gmail.com |
|
Mailing address |
18 Fortuna Street, Clayton VIC 3168, Australia |
4. Information We Collect
We practise data minimisation. The App collects only the following from or about a child:
|
Category |
Why and how |
|
Persistent identifiers (Firebase installation ID / app-instance ID, device-generated identifier) |
Generated by Firebase to support internal-operations analytics and crash reporting. Collected automatically when the App runs. |
|
Device and usage / analytics data (app version, device model, OS version, language, country derived from IP at the time of the analytics ping, in-app event counts such as “lesson_started”, crash logs, stack traces, non-fatal error logs) |
To understand how the App is used in aggregate, diagnose crashes, fix bugs, and improve the App’s internal operations. Collected via Firebase Analytics and Firebase Crashlytics, configured for child-directed treatment. |
Stored only on the device, and never transmitted to us: each child’s profile name and avatar emoji (up to three profiles on Premium), learning progress, unlocked stickers and rewards, the daily streak, parent settings, and a one-way SHA-256-hashed Parent PIN. We do not have access to this on-device information.
The App does not collect names, email addresses, photos, video, microphone recordings, precise or coarse location, contacts, advertising IDs (IDFA/AAID), or behavioural-advertising signals, and does not request those device permissions. The only Android permission requested is VIBRATE (used by the Shapes module’s haptic feedback). The App does not request camera, microphone, or location permissions on either platform.
5. How We Use Information, and Firebase Configuration
We use the identifiers and analytics/crash data only for the internal operations of the App within the meaning of COPPA § 312.5(c)(7):
- Maintaining and analysing App function (which screens are reached, which activities are completed, where users drop off, in aggregate)
- Diagnosing crashes, non-fatal errors, and performance regressions
- Protecting the security and integrity of the App
- Complying with legal obligations
We do not use children’s information for behavioural advertising or targeted advertising, do not build marketing or behavioural profiles of children, do not amass children’s information for resale, and do not share it with third parties for those third parties’ own purposes.
We have configured Firebase for child-directed treatment:
- Google Analytics for Firebase ad personalisation signals (ad_storage, ad_user_data, ad_personalization) are set to denied by default on first launch and remain denied.
- Google Signals is disabled in the Firebase console for this app.
- No AdMob, no Google Mobile Ads, no Firebase Audiences, no Remarketing, no advertising or attribution SDK is installed in the App.
- The app instance ID is not linked to advertising identifiers (IDFA / AAID are not collected).
- Analytics data retention is set to 2 months and crash-log retention follows Firebase Crashlytics defaults.
As configured, Google acts as our service provider and processes this data on our behalf, under the Firebase Data Processing and Security Terms, for the internal-operations purposes above and not for its own purposes.
6. Legal Basis Under COPPA — Why We Do Not Obtain Verifiable Parental Consent
COPPA’s general rule is that an operator of a child-directed service must obtain verifiable parental consent (“VPC”) before collecting personal information from a child. COPPA recognises a narrow exception in 16 C.F.R. § 312.5(c)(7) where the only information collected is a persistent identifier (or other limited information) used solely to support the internal operations of the service, and not for any other purpose — including not for any behavioural advertising, not to contact a specific individual, and not to amass a profile.
The information collected by the App via Firebase Analytics and Firebase Crashlytics consists of persistent identifiers and related usage/device data, and is used only for the internal-operations purposes listed in section 5. We do not contact a specific individual, do not behaviourally advertise, do not amass profiles, and do not share data with third parties for their own purposes. Accordingly, the App relies on the § 312.5(c)(7) exception and does not obtain VPC.
If we ever introduce a feature that takes us outside this exception — for example behavioural ads, cross-app or cross-site tracking, user accounts identified by name or email, user-generated content, social features, chat, photo upload, voice recording, geolocation, or any sharing of children’s information with third parties for those third parties’ purposes — we will implement VPC, post an updated privacy policy, and notify parents before the change is released.
7. Premium, Subscriptions, and Payment Data
Premium features are offered through (a) an auto-renewing monthly subscription, (b) an auto-renewing yearly subscription, and (c) a lifetime one-time purchase. All payments are processed by the app store (Apple App Store or Google Play). We do not collect or receive your payment-card number or billing details; the app store handles billing under its own privacy policy. We receive only non-identifying signals from the app store confirming that a purchase or active subscription exists, which the App uses locally to unlock Premium features. Premium entitlement is stored on the device.
Subscriptions auto-renew at the end of each billing period at the price stated in the app store unless cancelled at least 24 hours before the end of the current period. You can manage or cancel subscriptions in your app store account settings (Apple ID Subscriptions, or Google Play Subscriptions). Cancelling a subscription stops future renewals but does not refund the current period.
The “Restore Purchases” button in the App asks the app store to confirm whether your Apple ID or Google account has previously purchased Premium and, if so, re-enables Premium on this device. This does not transmit information about your child to us.
8. Premium Features Offered
Premium currently unlocks the following:
- All 20 colours in the Colors module (the free tier includes the first 8 colours)
- All Numbers 21–50 (the free tier includes counting to 20)
- All Shapes categories beyond the free Basics category
- All Animals habitats and Letters lessons beyond the free first habitat / first letter
- Detailed progress reports in the Parent Area
- Multiple child profiles (each child’s progress, stickers, and streak tracked separately on this device, up to ten profiles)
9. Disclosure of Information
We do not sell children’s personal information and do not share it with third parties for their own purposes. We disclose information only:
- to our service provider Google (Firebase), as described in section 5, acting on our behalf for internal-operations purposes;
- to the Apple App Store and Google Play, which handle billing for Premium under their own privacy policies (we do not transmit children’s data to them; they handle the parent’s payment relationship);
- where required by law, valid legal process, or to protect the safety of a child or others;
- in connection with a business transfer (in which case we will require the recipient to honour this policy or provide notice and choice as required by law).
10. Parental Rights
As a parent or guardian, you have the right to review the information we have collected from your child, refuse to permit further collection or use, and direct us to delete it.
- On-device data (profiles, progress, stickers, settings, hashed PIN): you can review it in the PIN-gated Parent Area, delete an individual profile and its data from the Manage Profiles screen, reset per-module progress from the per-module “Reset” buttons, or uninstall the App, which deletes all on-device data.
- Identifiers and analytics/crash data collected via Firebase: to review, delete, or stop further collection associated with your device’s app instance, contact us at colorkidzapp@gmail.com. Please include your device model and approximate first-install date so we can locate the right records. We may ask you to verify that you are the parent before acting. Note that analytics and crash records are also automatically deleted within 90 days regardless of any request (see §11 Data Retention). You can also stop further collection at any time by uninstalling the App.
Refusing collection or deleting data may end your child’s ability to use some Premium features that depend on the App functioning correctly.
11. Data Retention and Security
- On-device data remains until you delete it from the Parent Area (per-profile or per-module reset) or uninstall the App.
- Firebase Analytics user and event data is retained for 2 months and then deleted or de-identified by Firebase.
- Firebase Crashlytics crash records are retained for 90 days and then deleted.
We use reasonable administrative, technical, and physical safeguards to protect information, including TLS in transit (provided by Firebase) and access controls on the Firebase console. The Parent PIN is stored on the device as a SHA-256 hash, never as plaintext. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. International Users and Cross-Border Transfers
The App is available worldwide. Firebase processes data in Google’s global infrastructure, which may include the United States and other countries. By using the App, you understand that identifiers and usage data collected through Firebase may be processed outside your country of residence under the safeguards described in the Firebase Data Processing and Security Terms (including, where applicable, Standard Contractual Clauses for transfers from the EEA/UK).
EEA/UK users have rights under the GDPR (access, rectification, erasure, restriction, objection, portability, and to lodge a complaint with a supervisory authority). Australian users have rights under the Australian Privacy Principles. To exercise these rights, contact us at colorkidzapp@gmail.com.
13. Changes to This Policy
If we make material changes to how we collect, use, or disclose children’s personal information — for example, by adding advertising, cloud sync, accounts, photo or voice upload, social features, or new categories of data — we will notify parents and, where required, obtain verifiable parental consent before applying the changes. We will post the updated policy here with a new “Last updated” date.
14. How to Contact Us
Questions about this policy or your child’s information can be sent to Future Bloom Studio at colorkidzapp@gmail.com or by mail at 18 Fortuna Street, Clayton VIC 3168, Australia.
U.S. parents may also contact the Federal Trade Commission, which enforces COPPA, at www.ftc.gov.