Children's Privacy Policy

Chickitik (ITcoti Oy) takes children's privacy seriously. This Children's Privacy Policy describes how we collect, use, and protect information about children in our educational application.

We created Chickitik as a safe educational platform for children of all ages, from toddlers to teenagers. Protecting children's privacy is our highest priority.

This policy is designed in accordance with:

• COPPA (Children's Online Privacy Protection Act) - USA

• GDPR Article 8 (children's data protection) - European Union

• Finnish data protection legislation

This policy is a supplement to our main Privacy Policy and describes the special protection measures applied to children's data.

Chickitik is designed for children of all ages - from toddlers (who listen to fairy tales with parents) to teenagers. We apply different data protection rules depending on the child's age and applicable legislation.

👶 Target audience:

• Toddlers (0-3 years): listening to fairy tales with parents

• Preschoolers (4-6 years): interactive stories and simple tasks

• Elementary school (7-10 years): reading and educational content

• Teenagers (11-15 years): expanded library and advanced materials

📌 Age thresholds by legislation:

🇺🇸 USA (COPPA):

• Children under 13: verifiable parental consent required

• 13 years and older: can consent to the policy independently

🇪🇺 European Union (GDPR Article 8):

• Children under 16: parental consent required (default)

• EU member states may set a lower age (not below 13 years)

🇫🇮 Finland:

• Children under 13: parental consent required

• 13-15 years: parental consent required for personal data processing

• 16 years and older: can give consent independently

⚠️ Important: Using Chickitik requires registration of a parental account regardless of the child's age. Parents retain full control over the child profile's data and settings.

Using Chickitik requires verifiable consent from a parent or legal guardian. We have implemented a robust process for obtaining and verifying parental consent.

✅ Consent process:

1. Parent account registration

• Parent creates a personal account with email verification

• Parent's contact details are provided (not child's)

• Email verification is mandatory

2. Creating a child profile

• Parent provides child's name and date of birth

• Parent receives information about data collection

• Parent gives explicit consent for processing child's data

3. Consent confirmation

• Parent confirms reading this policy

• Parent agrees to terms of use

• Consent is recorded with date and time

📋 What consent includes:

• Collection of minimal child data (name, age, learning progress)

• Use of educational content

• Saving learning progress

• Personalization of educational experience

⚙️ Consent management:

Parents can at any time:

• View child's data

• Change privacy settings

• Withdraw consent and delete child's account

• Contact us about data processing

We adhere to the principle of data minimization and collect only information necessary for the educational application to function.

📊 Child profile data:

• Child's name (nickname or real name at parents' choice)

• Date of birth (month and year only to determine age group)

• Avatar (selected from preset images, photo upload not required)

📚 Usage data:

• Learning progress (completed lessons, exercises)

• Educational activity results

• Content type preferences (for personalization)

• App usage time (for statistics)

🚫 We DO NOT collect:

• Child's photographs

• Home address

• Child's phone number

• Child's email

• Location information

• Social media data

• Document numbers

• Biometric data

⚠️ Important: All personal data (email, payment information) is collected only from the parent account, not from the child.

We process children's data exclusively for educational purposes and with parental consent.

🎓 Main processing purposes:

1. Providing educational services

• Access to books and audio materials

• Interactive educational exercises

• Age-appropriate adaptive content

2. Tracking learning progress

• Saving completed lessons

• Displaying achievements

• Providing reports for parents

3. Personalizing educational experience

• Age-appropriate content recommendations

• Adapting material complexity

• Maintaining learning motivation

4. Technical support

• Data synchronization across devices

• Account security

• Troubleshooting technical issues

5. Communication with parents

• Learning progress notifications

• Information about new content

• Responses to parent inquiries

🚫 We DO NOT use children's data for:

• Targeted advertising

• Selling data to third parties

• Profiling for marketing purposes

• Tracking behavior outside the app

We apply enhanced security measures to protect children's data, exceeding standard requirements.

🔒 Technical security measures:

• Data encryption in transit (TLS/SSL)

• Data encryption at rest

• Isolated storage of children's data

• Regular security audits

• Unauthorized access monitoring

• Automatic anomaly detection

👥 Organizational measures:

• Limited access to children's data (authorized personnel only)

• Staff training on children's data protection

• Least privilege access policy

• Confidentiality agreements for all employees

• Incident response procedures

🛡️ Threat protection:

• DDoS attack protection

• Firewalls and intrusion detection systems

• Regular security system updates

• Data backup

⚠️ Breach notification:

In case of a data breach affecting children's information, we will immediately (within 72 hours) notify parents and relevant authorities as required by GDPR.

Parents have full rights to control their children's data in accordance with COPPA, GDPR and Finnish legislation.

✅ Right of access:

• View all child data at any time

• Obtain a copy of data in machine-readable format

• View child activity history

✏️ Right to rectification:

• Correct inaccurate data

• Update child profile

• Change privacy settings

🗑️ Right to erasure:

• Delete child account at any time

• Delete individual data

• Complete deletion of all history

⏸️ Right to restriction of processing:

• Suspend data processing

• Limit access to certain features

📤 Right to data portability:

• Export data in JSON format

• Transfer data to another service

⛔ Right to object:

• Object to any data processing

• Withdraw consent at any time

📞 How to exercise rights:

• Email: info@itcoti.fi

• Parent dashboard ("Privacy Settings" section)

• Response within 30 days (GDPR requirement)

🚫 Chickitik is COMPLETELY AD-FREE

We are categorically against any advertising in a children's educational app. Chickitik is a safe learning space without distractions.

✅ What this means:

• No advertising whatsoever - no banners, videos, or pop-ups

• No targeting children for marketing purposes

• No third-party advertising SDKs or trackers

• No advertising cookies

• No profiling for advertising purposes

🎯 Monetization:

Chickitik operates on a subscription model:

• Parents pay for subscription

• Children get full access to content without ads

• No hidden fees or in-app purchases for children

⚖️ Legal compliance:

This fully complies with COPPA requirements that prohibit targeted advertising for children under 13, and exceeds them - we have no advertising at all.

We DO NOT share, sell, or exchange children's data with third parties for commercial purposes.

🔒 General rule:

Children's data remains within Chickitik and is used exclusively for educational purposes.

✅ The only exception - mandatory reporting:

📧 Sending payment receipts:

• When subscribing, parents may receive a receipt via email

• This is a technical necessity for payment confirmation

• Receipts contain only parent data (not child data)

• Used only for financial reporting

💳 Payment processing:

• iOS app: Payments are processed exclusively through Apple In-App Purchases (Apple Inc.)

• Website: Payments are processed through certified payment systems

• We DO NOT store credit card data

• Payment systems process only parent data

• Children's data is NOT transferred to payment systems

🚫 What we DO NOT do:

• DO NOT sell data to data brokers

• DO NOT share data with ad networks (we have no ads)

• DO NOT share data with analytics services

• DO NOT transfer data to marketing companies

• DO NOT use data for profiling

⚖️ Legal requirements:

In rare cases, we may be required to disclose data by law (court order, law enforcement request). In such cases, we will notify parents unless prohibited by law.

We store children's data only as long as necessary for educational purposes and delete it permanently upon parental request.

⏱️ Data retention periods:

📚 Learning progress data:

• Stored while subscription is active

• After subscription cancellation: stored for 30 days (recovery option)

• After 30 days of inactivity: automatically deleted

👤 Child profile data:

• Stored until parent deletes account

• Can be deleted by parent at any time

💾 Backup copies:

• Backups are stored for up to 90 days

• After account deletion, backups are deleted within 90 days

🗑️ Data deletion:

✅ Immediate deletion:

• Parents can delete child account at any time through settings

• Deletion occurs immediately (within 24 hours)

• After deletion, data cannot be recovered

📋 What gets deleted:

• Child's name and date of birth

• All learning progress

• Activity history

• Preferences and settings

⚠️ What is retained (for legal purposes):

• Parent transaction data (for tax reporting)

• Security logs (for incident investigation)

• This data does not contain child information

Chickitik fully complies with COPPA (Children's Online Privacy Protection Act) requirements - a US federal law on children's online privacy protection.

✅ Main COPPA requirements we fulfill:

• Verifiable parental consent before collecting data from children under 13

• Clear description of data collected

• Data collection minimization

• Ban on targeted advertising for children

• Parents' right to access and delete data

• Secure storage of children's data

📞 COPPA inquiries contact: info@itcoti.fi

As an EU-based company (Finland), we strictly comply with GDPR Article 8, which provides additional protection for children's data.

✅ GDPR Article 8 compliance:

• Parental consent for children under 16 (in Finland - under 13)

• Reasonable efforts to verify parental authority

• Clear and understandable information about data processing

• All data subject rights apply to children through parents

⚖️ Legal basis for processing: Parental consent + Contract performance (subscription)

📞 DPO contact: info@itcoti.fi

We use a multi-layered approach to age verification to ensure children's safety.

✅ Verification methods:

• Email verification of parent account

• Payment verification (card registered to adult)

• Child's date of birth specification when creating profile

🔒 Protection against unauthorized use:

If we detect that a child is using the app without parental control, we suspend the account until parent confirmation.

Parents have full control over their child's account through the parent dashboard.

🎛️ Parental control features:

• View child's learning progress

• Manage child profile

• Control usage time

• Select age-appropriate content

• Delete child account

📊 Parent analytics:

• Which fairy tales the child listened to

• How much time spent in the app

• Learning progress

For questions regarding children's privacy, you can contact us:

📧 Email: info@itcoti.fi

🏢 Company: ITcoti Oy

📍 Address: Finland

⏱️ Response time: Within 48 hours

💡 Topics to contact us about:

• Questions about your child's data

• Data deletion requests

• Privacy questions

• Policy violation complaints

We may update this Children's Privacy Policy from time to time.

📢 Change notifications:

• Material changes: notify parents by email 30 days in advance

• Minor changes: in-app notification

• Last update date is shown at the beginning of the document

✅ Consent to changes:

If changes are material and require new consent, we will request it from parents.

📜 Version history available upon request: info@itcoti.fi