Privacy Policy
Draft — Early Access. Last updated: February 2026.
Kidtual is an MVP under active development. This draft privacy policy describes our current practices. It is not a substitute for advice of counsel and we do not yet claim COPPA, GDPR, FERPA, or any other regulatory certification.
What we collect
- Account data. Student: username, password (hashed with bcrypt), age band, chosen language. Parent: name, email, password (hashed), and the Student IDs of linked children.
- Conversation data. The topics kids explore with Meko and the message history. This is required to provide the mentoring service.
- Safety flags. When a message triggers our 6-category moderation, we store the flag record so parents can review it.
- Usage metadata. Timestamps of sign-ins and activity, badges earned, streak length.
What we do NOT do
- We do not sell child or parent data to advertisers or third parties.
- We do not train foundation models on your child's conversations.
- We do not run behavioural ad tracking on Kidtual pages that a child sees.
Third parties we rely on
- Anthropic (Claude Sonnet 4.5) — the large language model that powers Meko's replies. Messages sent to the model are subject to Anthropic's API policies.
- MongoDB Atlas — encrypted database storage.
- PostHog (analytics) — anonymized product analytics.
Parent rights
Parents who link a child can request full deletion of that child's data at any time by emailing hello@kidtual.com. During Early Access we complete deletion requests manually within 7 business days.
Changes
As we move out of Early Access, this policy will be replaced with a full, counsel-reviewed policy. We will notify all registered parents by email before any material change.
Questions? Email hello@kidtual.com.