Privacy Policy

• Who owns the account: We collect email addresses and optional parent display names exclusively from parents or legal guardians to manage billing, authentication, and account access. Children do not register with their own email.
• What child profiles use: Child profiles do not require emails, last names, or personal communication tools. We store a preset learner character (profile identifier), an age group (5–7, 8–11, or 12–16) to deliver age-appropriate curriculum, a parent-set PIN, and learning progress metadata.
• No third-party tracking or selling: We do not sell data, track children across the web for advertising, or use student profiles for behavioral advertising.
• Upstream AI processing: Curriculum elements may be produced using secure API pathways with strict data-retention limits. Student progress metadata and quiz responses are not used to train external large language models.

• What we process: Information you provide as a parent (email, account credentials), subscription status via Stripe, and child profile data you configure (preset character, age group, PIN, learning progress). Details in Section 1.
• Sensitive data: We do not knowingly process sensitive personal information (e.g., racial origin, health, biometrics).
• Third-party collection: We do not buy personal information lists from data brokers. Payment details are handled by Stripe.
• Why we process: To run accounts, deliver lessons, bill subscriptions, secure the Service, and comply with law. See Section 2.
• Sharing: Service providers under contract only; we do not sell children's data. See Section 4.
• Your rights: Access, correction, deletion, and opt-out rights may apply depending on where you live. See Sections 9 and 11.

Personal information you disclose to us

We collect personal information that you voluntarily provide when you register, subscribe, manage family profiles, participate in the Services, or contact us.

Parent / guardian account

• Email address and authentication identifiers (password or approved sign-in provider);
• Parent display name you choose at signup (optional);
• Subscription and billing metadata (plan tier, status, Stripe customer/subscription IDs);
• Communications with support.

Child learner profiles (created only by the parent)

• Preset learner character (one of ten in-app avatars — not a photo upload and not your child's real name);
• Age group (5–7, 8–11, or 12–16) for curriculum matching;
• Parent-set 4-digit profile PIN used to switch profiles on a shared device (not your payment password);
• Learning progress: lessons completed, quiz results, XP, levels, badges, streaks, and related timestamps.

Payment data

If you purchase a subscription, payment card and billing details are collected and stored by Stripe, our payment processor — not on CROODI's application databases. We receive subscription status, amounts, and receipt links needed to show billing history. Stripe may collect billing address or tax information according to its checkout settings; we do not copy billing street addresses into our own database. See Stripe's Privacy Policy.

Automatically collected information

Like most websites, we may process limited technical data (e.g., IP address, browser type, device type, pages viewed, error logs) to operate and secure the Service. We do not use the web Service to collect precise GPS geolocation from children.

Sensitive information

We do not process sensitive personal information as defined by applicable privacy laws.

What we do not collect from children

• Child real names or free-form biographical profiles;
• Child email for independent signup;
• Date of birth (we use age group bands only);
• Photos, videos, or voice through the learner experience;
• Open-ended child-to-AI chat transcripts (not offered);
• Social contacts or messaging between learners.

Google sign-in

If you register or sign in with Google, we receive information from Google as described in Section 5. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.

Parents and legal guardians can:

• Create, edit, and delete child profiles from Manage profiles;
• Change preset character, age group, and profile PIN;
• Choose which profile is active on a shared family device;
• View progress, lesson history, and badges per child;
• Manage subscription and billing through Stripe;
• Request access, correction, or deletion of account or child data.

Children cannot change billing, contact support as account holders, or add profiles without the parent account.

After a parent signs in, the family chooses who is learning today:

• The child selects their profile and enters the parent-set PIN;
• The child completes structured lessons and guided quizzes with fixed answer choices;
• The child earns XP, levels, and badges inside the app.

There is no open AI playground for children. Learners do not receive a free-text chat box or prompt lab to send arbitrary messages to an AI system. Content is presented through our curriculum interface with controlled interactions (e.g., multiple-choice).

Parents choose one of three age groups: 5–7, 8–11, or 12–16. We use this only to match curriculum difficulty and themes, not for advertising profiles or cross-site tracking.

We collect information from children only after a parent or legal guardian creates the account and agrees to this Privacy Notice and our Terms of Service.

How we verify the adult: registration requires a parent/guardian email or approved sign-in (such as Google); the Account Holder must affirm guardian status and accept these policies at signup and checkout; paid subscriptions are completed by the adult through Stripe. A child's profile PIN alone is not proof of parental consent. Free access or trials still require the Account Holder to accept our policies before child profiles are used.

We process personal information to:

• Create and manage parent and child profiles and authentication;
• Deliver lessons, quizzes, progress tracking, and badges;
• Process subscriptions, invoices, and fraud prevention via Stripe;
• Send service-related messages (e.g., policy or billing updates);
• Improve reliability and fix bugs using aggregated or de-identified insights;
• Comply with legal obligations and enforce our Terms.

Upstream AI and data retention: Curriculum content may be authored or assisted using third-party AI infrastructure (for example, Google Gemini or similar providers) under our control and contractual terms. Learners do not submit free-text prompts to those systems through the child experience. We configure providers so that student progress metadata, profile identifiers, and quiz results are not used to train external large language models and are not sold to third parties.

We may send marketing communications only if permitted by law and your preferences; you may opt out as described in Section 9.

We process personal information when we have a valid legal reason under applicable law, such as your consent, performance of a contract (providing the Service you subscribed to), compliance with law, or legitimate interests (security, fraud prevention, improving the Service) where those interests are not overridden by your rights.

If you are in Canada or similar jurisdictions, you may withdraw consent where processing is consent-based; withdrawal does not affect processing already performed or processing on other lawful grounds.

We do not sell data, track children across the web, or use student profiles for behavioral advertising. We may share information only with service providers that help us run the Service (hosting, payments, email) under contract, or when required by law.

We may share information in these situations:

• Service providers under contract, limited to categories needed to operate the Service: cloud hosting and database (for example, Supabase), payment processing (Stripe), transactional email, authentication (for example, Google sign-in), and curriculum/AI infrastructure used to produce or maintain lesson content. They may use data only to perform services for us.
• Business transfers in connection with a merger, financing, acquisition, or sale of assets, subject to continued protection of personal information.
• Legal and safety when required by law or to protect users and the Service.

Parents may consent to core Service data collection without consenting to unrelated third-party marketing.

You may register or sign in using a third-party account (e.g., Google). We receive information the provider shares with us, typically including email address and basic profile information. We use it only as described in this notice. We do not control how the provider uses your data elsewhere — review their privacy policy and settings.

We keep personal information only as long as needed for the purposes in this notice, unless a longer period is required by law (e.g., tax or accounting).

Inactive accounts: if a family account has no sign-in activity for 12 consecutive months, we may delete or anonymize child profiles and progress after notice to the parent email where possible.

After account termination, we may retain limited information to prevent fraud, troubleshoot, enforce terms, or comply with law, then delete or isolate it when no longer needed.

We use organizational and technical measures appropriate for a children's educational platform, including HTTPS encryption, access controls, and authenticated parent sessions. No method of transmission or storage is 100% secure. Use the Services in a secure environment and keep parent credentials confidential.

If we learn of a breach affecting your information, we will notify affected parents as required by applicable law.

CROODI is directed to families and is designed for children ages 5–16 to use only through a parent-controlled account. Under the U.S. Children's Online Privacy Protection Act (COPPA), Croodi LLC is the operator collecting information from children through the Service.

Information we collect from children

We do not allow children to create their own accounts or provide a child email for signup. After you create a child profile, we may collect learning activity data such as preset character selection, age group, quiz answers, XP, badges, streaks, and timestamps — only to operate the Service you requested.

Parental notice and rights

The Account Holder may review, update, or delete child profile data from Manage profiles, or contact us at croodihelp@gmail.com. Parents may refuse further collection, revoke consent, and request deletion of a child's information at any time. If a child contacts us directly about their data, we will ask them to have their parent or guardian reach out to us instead.

Operator contact

Croodi LLC
Croodi LLC
Middlesex County, New Jersey, United States
croodihelp@gmail.com

CROODI is designed for children ages 5–16 to use only through a parent-controlled family account. The Account Holder (at least 18, or the age of majority in your jurisdiction) creates the account, agrees to this notice, and manages child profiles. Learners are not independent users or contracting parties.

We do not knowingly allow minors to register as Account Holders, market to children as independent customers, or knowingly collect personal information for account creation directly from children without parental involvement. Learning activity may be recorded only under profiles the parent created. If you believe we have collected information from a child without appropriate consent, contact croodihelp@gmail.com and we will take reasonable steps to delete it.

Depending on where you live, you may have rights to access, correct, delete, restrict, or port personal information, and to object to certain processing. Parents may exercise rights on behalf of child profiles they control.

To exercise rights, email croodihelp@gmail.com. We may verify that you are the account holder. You may opt out of marketing emails using the unsubscribe link in those messages; we may still send essential service messages.

Account holders can review and update some information in the app (profiles, billing via Stripe Customer Portal). To terminate an account, contact us; we will deactivate or delete active databases subject to retention described above.

Most browsers offer a Do-Not-Track (DNT) setting. There is no uniform standard for recognizing DNT signals. We do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will update this notice.

Residents of certain US states may have additional rights (access, correction, deletion, opt-out of sale/sharing, non-discrimination). Contact us to exercise them. We will not discriminate against you for exercising privacy rights.

Categories of personal information we collect (last 12 months)

We have not sold or shared personal information for cross-context behavioral advertising in the preceding twelve (12) months. We will not sell personal information in the future.

California residents may request information about disclosures for direct marketing under California Civil Code § 1798.83 by contacting croodihelp@gmail.com.

We may update this Privacy Notice from time to time. The updated version will show a revised date at the top. Material changes affecting children's data may be communicated by email or in-app notice. Please review this notice periodically.

Questions or comments: croodihelp@gmail.com

Croodi LLC
Middlesex County, New Jersey, United States

You may request access to, correction of, or deletion of personal information we hold. Parents may request review or deletion of child profile data. Email croodihelp@gmail.com with your request; we will verify identity before processing. You may also use in-app profile and billing tools where available.