Privacy Policy

Draft — Early Access. Last updated: February 2026.

Kidtual is an MVP under active development. This draft privacy policy describes our current practices. It is not a substitute for advice of counsel and we do not yet claim COPPA, GDPR, FERPA, or any other regulatory certification.

What we collect

  • Account data. Student: username, password (hashed with bcrypt), age band, chosen language. Parent: name, email, password (hashed), and the Student IDs of linked children.
  • Conversation data. The topics kids explore with Meko and the message history. This is required to provide the mentoring service.
  • Safety flags. When a message triggers our 6-category moderation, we store the flag record so parents can review it.
  • Usage metadata. Timestamps of sign-ins and activity, badges earned, streak length.

What we do NOT do

  • We do not sell child or parent data to advertisers or third parties.
  • We do not train foundation models on your child's conversations.
  • We do not run behavioural ad tracking on Kidtual pages that a child sees.

Third parties we rely on

  • Anthropic (Claude Sonnet 4.5) — the large language model that powers Meko's replies. Messages sent to the model are subject to Anthropic's API policies.
  • MongoDB Atlas — encrypted database storage.
  • PostHog (analytics) — anonymized product analytics.

Parent rights

Parents who link a child can request full deletion of that child's data at any time by emailing hello@kidtual.com. During Early Access we complete deletion requests manually within 7 business days.

Changes

As we move out of Early Access, this policy will be replaced with a full, counsel-reviewed policy. We will notify all registered parents by email before any material change.

Questions? Email hello@kidtual.com.