ReadBud is committed to protecting the privacy of children and families. We do not show ads, do not track children, and do not sell or share personal data with third parties.
1. Introduction
ReadBud ("we", "our", or "us") operates the ReadBud mobile application and website at readbud.app (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use our Service.
ReadBud is an educational app designed for children ages 3-8, used under the supervision of a parent or guardian. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and applicable data protection laws.
2. Information We Collect
2.1 Parent Account Information
When a parent or guardian creates an account, we collect:
- Email address — used for account login, password recovery, and important service communications
- Password — stored in encrypted (hashed) form; we never store or see your plain-text password
2.2 Child Profile Information
Parents may create child profiles within their account. For each child, we collect:
- Child's first name — used to personalize the learning experience (e.g., "Great job, Aarav!")
- Child's age or date of birth — used to select age-appropriate curriculum content (levels 1-5)
2.3 Learning Progress Data
We store information about activities completed, stories read, and plan progress. This data is used solely to:
- Track the child's learning journey within the app
- Allow parents to monitor their child's progress
- Resume learning from where the child left off
2.4 Recorded Stories
Parents may optionally record audio of stories read aloud. These recordings are:
- Stored securely and associated only with the parent's account
- Accessible only by the parent who created them
- Deletable at any time by the parent
2.5 Payment Information
If you subscribe to ReadBud Premium, payment processing is handled entirely by Razorpay, our PCI DSS-compliant payment processor. We do not store, process, or have access to your credit card numbers or bank account details. We only receive a confirmation of successful payment and subscription status from Razorpay.
2.6 Information We Do NOT Collect
- We do not collect location data
- We do not collect device contacts or call logs
- We do not collect photos or camera data
- We do not use advertising identifiers
- We do not use analytics that track individual children
- We do not collect any information directly from children — all account actions require a parent
3. How We Use Information
We use the collected information exclusively to:
- Provide and personalize the educational experience for your child
- Authenticate your parent account and keep it secure
- Track learning progress within the app
- Send essential service communications (e.g., password reset, critical updates)
- Process Premium subscription payments (via Razorpay)
- Improve the app's educational content and features (using aggregated, anonymized data only)
4. Children's Privacy (COPPA Compliance)
ReadBud is designed with children's safety as a top priority. We comply with the Children's Online Privacy Protection Act (COPPA).
- Only parents or guardians can create accounts and manage child profiles
- Children cannot independently provide personal information
- We do not display advertisements of any kind
- We do not have social features, chat, or user-generated content from children
- We do not track, profile, or behaviorally target children
- Parents can review, modify, or delete their child's information at any time through their account settings
- Parents can request complete deletion of all data by contacting us
5. Data Storage and Security
Your data is stored on secure servers hosted on Google Cloud Platform (GCP) in accordance with industry-standard security practices:
- All data transmission is encrypted using TLS/SSL (HTTPS)
- Passwords are hashed using industry-standard algorithms
- Authentication uses secure JSON Web Tokens (JWT) with automatic rotation
- Database access is restricted to authorized application services only
- Audio recordings are stored in secure cloud storage with access controls
- Regular security updates are applied to all server infrastructure
6. Third-Party Services
We use a minimal number of third-party services, each chosen for their strong privacy and security practices:
We do not use any advertising networks, social media tracking pixels, or third-party analytics services that track individual users.
7. Data Sharing
We do not sell, trade, rent, or share your personal information with any third parties, except:
- With Razorpay, strictly for the purpose of processing your payment (if you subscribe to Premium)
- If required by law, court order, or legal process
- To protect the safety or rights of our users or the public
8. Data Retention and Deletion
- Your data is retained for as long as your account is active
- You can delete individual child profiles and their associated data at any time
- You can delete recorded stories at any time
- You can request complete account deletion by emailing us — we will delete all your data within 30 days
- Upon account deletion, all personal data, child profiles, progress data, and recordings are permanently removed
9. Your Rights
As a parent or guardian, you have the right to:
- Access all information we have about your account and your children's profiles
- Correct or update any personal information
- Delete your child's profile and all associated data
- Delete your entire account and all associated data
- Withdraw consent for data collection at any time (by deleting your account)
- Request a copy of your data in a portable format
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Posting the updated policy on this page with a new "Last updated" date
- Sending a notification to your registered email address for significant changes
We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Governing Law
This Privacy Policy is governed by the laws of India. For users in other jurisdictions, we comply with applicable local privacy laws, including COPPA (United States) and GDPR (European Union) where applicable.