Back to Kiddo-Bank

Privacy Policy for Kiddo-Bank

Effective Date: March 6, 2026

Kiddo-Bank ("Kiddo-Bank", "we", "our", or "us") respects your privacy. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Kiddo-Bank iOS application, related web functionality, and connected services (collectively, the "Service").

Kiddo-Bank is offered as a parent-managed family organization and learning tool. This Privacy Policy is intended to reflect the current behavior of the Kiddo-Bank app based on the live codebase and the business/contact information provided for this policy draft.

1. Who We Are

- App Name: Kiddo-Bank

- Operator Type: Individual

- Location: Calgary, Alberta, Canada

- Contact Email: zero.energy.ai@gmail.com

- Contact Page: http://www.kiddo-bank.com/contact

2. Information We Collect

We collect information directly from parents, from child profiles created by parents, from app usage, and from device features used inside the app.

A. Account and Parent Information

We collect:

- Email address

- Password and account credentials handled through our authentication provider

- Email verification and password reset details

- Privacy and notification settings

- Subscription status or access status used to control parts of the Service

B. Child Profile Information

Parents or guardians can create one or more child profiles. For each child profile, we may collect and store:

- Display name or nickname

- Age

- Grade level

- Avatar or avatar URL

- Family role

- Hashed 4-digit child PIN

- Virtual Power Points balance, savings balance, level, rewards, transactions, chores, loans, and related in-app progress data

C. Chore, Reward, and Learning Activity Information

We collect and store information generated through use of the Service, including:

- Chore titles, descriptions, due dates, reward values, and completion status

- Reward catalog entries and redeem history

- Power Point (PP) Loan requests and the reason entered by the child or parent

- Trivia or learning progress, scores, and age or grade-based settings

- Parent review actions, approvals, rejections, and notifications

D. Photos and Camera Data

If a chore requires photo proof, the app may collect:

- Chore proof photos uploaded by the child

- Photo metadata used for retention and verification workflow

- Verification results and feedback

The app may also use the device camera for:

- Capturing chore proof images

- Scanning QR codes for the Kiddo card or parent scanner features

If a chore is configured not to require a photo, the app is intended not to request one for that chore.

The app may also generate QR code images for printable or scannable card features using a third-party QR code service. In those cases, the QR payload may include a child/member identifier used by the app's card and scanner flow.

E. Device and Local Storage Data

We may store certain information locally on the device to keep the app working properly. This can include:

- Current user role

- Selected child profile

- Device activation data

- Device token or activation marker

- Subscription snapshot data

- Temporary draft chore proof information

- Cached child/session information needed for login or routing

These local storage items may function as persistent identifiers used for session continuity, child-device activation, saved app state, and security.

Where the Service is used through web-based functionality, we may also use cookies or similar browser storage for basic app preferences and interface state.

F. Information We Do Not Collect Based on the Current App Build

Based on the current codebase, we do not intentionally collect:

- GPS location data

- Contact list or address book data

- Social media profile data

- Phone number

- Postal mailing address

3. How We Use Information

We use collected information to:

- Create and manage parent accounts

- Verify parent email addresses and reset passwords

- Create and manage child profiles

- Enable child login and one-time device activation

- Run chores, rewards, loans, trivia, wallet, and dashboard features (No real currency is used in the app; all balances and transactions are virtual and for educational purposes only)

- Process and review chore submissions

- Send in-app notifications, device or browser notifications, and account-related emails

- Enforce privacy settings chosen by the parent

- Prevent abuse, fraud, or unauthorized access

- Maintain app security, session continuity, and service quality

- Comply with legal obligations

4. AI-Assisted Features

Kiddo-Bank includes AI-assisted features for chore verification and trivia generation.

If a parent explicitly enables AI verification, the system may use:

- The chore title

- The chore description

- The submitted proof photo

to evaluate whether a chore appears complete.

The app currently presents photo verification as using Google Gemini AI. The app also presents a consent notice stating that photos processed through this AI feature may be used by Google to improve their services. Parents may choose manual review instead of AI review.

If AI-assisted photo review is enabled, the system is intended to reject chore proof images that appear to contain a person or visible body parts, such as faces, hands, feet, arms, or legs, and may ask the child to retake the photo.

If AI verification is not enabled, chore photos are routed for manual parent review.

Kiddo-Bank may also use generative AI services through our backend provider to create grade-appropriate trivia content for BrainQuest. For this feature, the app may transmit the child's configured grade level and age. The app is intended not to send the child's name or parent email as part of the trivia-generation prompt. The trivia system is also intended to apply content-safety rules designed to block profanity, obscenity, adult themes, sexual content, violence, self-harm, drugs, weapons, and other inappropriate material from AI-generated or fallback trivia content.

Kiddo-Bank may also use AI-assisted rewriting tools to help a parent turn loan rejection feedback into kinder, family-friendly wording before it is shown to a child.

5. Children’s Information and COPPA

Kiddo-Bank allows a parent or guardian to create and manage child profiles, including profiles for children under 13. The primary account relationship is parent-managed, and child information is used only to operate family features selected and controlled by the parent or guardian.

We rely on the parent or legal guardian to provide and manage child information in the app. Parents are expected to:

- Create child profiles

- Set child PINs

- Control privacy settings

- Decide whether photo proof is required

- Choose whether AI-assisted photo review is enabled

Only a parent or guardian may create a child profile and enable child access on a device. Child access is tied to the parent-managed family account and is activated through the app's parent setup and device activation flow.

We collect children’s information only to operate the Service, including chores, rewards, virtual balances, trivia, loans, and related family dashboard functions.

Parents may request review, correction, or deletion of their child’s information by contacting us or by using the account management tools available in the app.

We do not knowingly use children’s information for behavioral advertising or third-party ad targeting.

6. Legal Bases for Processing Under GDPR

Where GDPR applies, we process personal data under one or more of the following legal bases:

- Performance of a contract or to provide the Service you request

- Consent, where required, including optional AI/photo processing choices

- Legitimate interests, including service security, fraud prevention, product maintenance, and basic operational improvements

- Compliance with legal obligations

7. CCPA/CPRA Notice

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to:

- Know what personal information we collect, use, disclose, or retain

- Request access to your personal information

- Request correction of inaccurate information

- Request deletion of personal information, subject to legal exceptions

- Not be discriminated against for exercising privacy rights

Kiddo-Bank does not currently describe its codebase as selling personal information or sharing personal information for cross-context behavioral advertising.

8. CalOPPA Notice

Users may visit the app and review this Privacy Policy to understand what information is collected and how it is used. If we make material changes to this Privacy Policy, we will update the Effective Date at the top of this document.

9. Emails We Send

The app currently uses account-related email functionality, including:

- Email verification codes

- OTP verification or resend flows

- Password reset emails

These communications are used to secure user accounts and operate the Service. They are not described in the current codebase as promotional marketing emails.

10. Third Parties and Service Providers

We may share information with third-party service providers only as needed to run the app, secure accounts, store files, or provide app functionality. Based on the current codebase, these may include:

- Base44 for app backend, authentication, database, function execution, and backend-routed AI features

- Google Gemini for optional AI-assisted chore photo review when a parent explicitly enables that setting

- DiceBear for generated avatar images where used

- Third-party QR code generation services for printable or scannable card QR images where used

We disclose only the information reasonably necessary for these providers to perform their services. For example, account-related information may be processed through our backend and authentication provider, chore proof photos may be processed by Google Gemini only when a parent has explicitly enabled AI-assisted review, age/grade inputs may be used by backend-routed generative AI services to create educational trivia, a child/member identifier may be embedded in a QR image generated for the app's card features, and avatar-generation services may receive a child display name, nickname, or generated seed value to create a profile image.

We may also use platform or infrastructure services required to host files, deliver authentication flows, or operate the app environment.

We do not currently describe the app as using:

- Advertising networks

- Google Analytics or similar analytics SDKs

- Remarketing services

- Google Places

- Mouseflow

- FreshDesk

11. Sharing of Information

We may share information:

- With service providers that help us operate the Service

- Between parent and child views within the same family account structure

- When needed to protect the security or integrity of the Service

- When required by law, regulation, subpoena, court order, or similar legal process

- In connection with a merger, acquisition, financing, or sale of assets, subject to applicable law

We do not currently state that we sell personal information.

12. Data Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Based on the current app logic:

- Account and family profile information may remain until deleted or requested to be deleted

- Chore proof photos may be assigned a retention period of 30 days and may be purged after expiration

- Local device storage items may remain on the device until the user logs out, clears the app, or the app removes them

Retention periods may vary where legal obligations or operational needs require longer or shorter storage.

13. Security

We use reasonable administrative, technical, and organizational measures to protect information.

Examples reflected in the current codebase include:

- Parent authentication through a backend auth provider

- Email verification and password reset flows

- Child PIN hashing before storage

- Scoped ownership checks using account email or family ownership markers

- Device activation markers and tokens for child device access

No security method is perfect, and we cannot guarantee absolute security.

14. International Data Transfers

Your information may be processed in countries other than your own depending on where our service providers, infrastructure, or AI services operate. Where required by law, we will take appropriate steps to protect personal information during international transfers.

15. Your Choices and Rights

Depending on your location, you may have the right to:

- Access personal information we hold about you

- Correct inaccurate information

- Delete your information

- Withdraw consent where processing is based on consent

- Object to or restrict certain processing

- Request a copy of certain personal information

Parents may also manage many family settings directly in the app, including child profiles, privacy preferences, chore requirements, and AI review choices.

As you confirmed for the submitted app build, account deletion is supported in-app. Users may also contact us to request deletion or other privacy assistance.

16. Do Not Track

The current codebase does not indicate a dedicated response mechanism for browser "Do Not Track" signals. If this changes, we will update this Privacy Policy.

17. Links to Other Services

The app may display or rely on third-party hosted content or service endpoints, such as avatar images or file storage links. We are not responsible for the privacy practices of third-party services except as described in this Policy.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date at the top of this document and may provide additional notice where required.

19. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, you may contact us:

- Email: zero.energy.ai@gmail.com

- Contact Page: http://www.kiddo-bank.com/contact

20. Summary of Current Privacy Position

Based on the current Kiddo-Bank codebase and submitted policy inputs:

- The app collects parent email addresses and child profile information

- The app collects child-related chore, reward, loan, and progress information

- The app may use the camera for chore photos and QR scanning

- The app may generate QR images for card features using a third-party QR service

- The app may locally store activation, session, and routing information on the device

- The app may send in-app notifications and may display device or browser notifications when enabled

- The app may process proof photos with Google Gemini if a parent explicitly enables AI review, and may use backend-routed generative AI services to create age/grade-appropriate trivia

- The app does not currently appear to use analytics SDKs, advertising SDKs, GPS, contact list access, or remarketing tools

---

Important note: This document is a codebase-informed draft for Kiddo-Bank. It should be reviewed for legal sufficiency, business entity details, and final App Store publication requirements before public use.