Back to home

Privacy Policy

Last updated: February 15, 2026

1. Information We Collect

We collect information you provide directly when creating an account, registering a child, or subscribing to our service:

  • Parent information: name, email address, and payment details
  • Child information: first name, age, and email (for children 13 and older only)
  • Financial account identifiers (Roth IRA account IDs)
  • Usage data including login activity and platform interactions

2. COPPA Compliance

KidsBuild does not knowingly collect personal information from children under the age of 13 in compliance with the Children's Online Privacy Protection Act (COPPA) and the FTC's updated COPPA Rule (effective 2025). Our platform requires all child users to be at least 13 years of age. If we learn that we have collected personal information from a child under 13, we will promptly delete that information and terminate the associated account.

3. Session Replay and Website Analytics

KidsBuild uses website session replay technology (similar to Hotjar, FullStory, or LogRocket) to record how users interact with the KidsBuild web application. This is a standard web analytics practice and does not involve recording your desktop, other applications, or any activity outside the KidsBuild browser tab.

  • What we capture: Clicks, scrolls, mouse movements, page navigation, and on-screen content within the KidsBuild website. We do not capture audio, webcam, other browser tabs, other applications, your desktop, or local files.
  • Sensitive data masking: Passwords, payment card numbers, and other sensitive form inputs are automatically masked and never recorded or stored.
  • Consent: By using the KidsBuild platform, you consent to session replay data collection as described in this section. Parents provide consent on behalf of their child during account setup. Either the parent or child (13+) may opt out at any time by contacting privacy@kidsbuild.com. Opting out may limit our ability to provide technical support or activity documentation.
  • Purpose: Session replays are used to (a) improve platform usability and fix bugs, (b) provide technical support, (c) document platform activity that may support earned-income records, and (d) protect against platform misuse and frivolous disputes.
  • Storage and retention: Session replay data is encrypted at rest and in transit. Data is retained for the duration of the active subscription plus 90 days, after which it is permanently deleted.
  • Access: Session replay data is accessible only to authorized KidsBuild administrators for the purposes listed above. It is never shared with third parties, used for advertising, or sold.
  • Deletion requests: Parents or children (13+) may request deletion of session replay data at any time by contacting privacy@kidsbuild.com. Deletions are processed within 30 days.

4. How We Use Your Information

  • To provide and maintain the KidsBuild platform
  • To process subscriptions and payments
  • To facilitate child access to AI coding tools on Builder and Pro Team plans
  • To send transactional emails including account verification and child invitations
  • To document project work sessions (with consent)
  • To improve our services and develop new features

5. Data Sharing and Third Parties

We do not sell your personal information. We share data only with service providers necessary to operate the platform:

  • Supabase: Authentication and database hosting
  • Stripe: Payment processing (PCI DSS compliant)
  • AI Providers: AI coding tools on paid plans. Third-party AI providers may retain conversation data per their privacy policies. AI interactions may be used to improve models unless opted out at the account level.
  • Vercel: Application hosting and deployment

Each provider maintains their own privacy policies and security standards. We encourage you to review them.

6. Children's Data Protections

  • We collect the minimum data necessary to operate child accounts
  • Child data is never used for advertising, behavioral profiling, or sold to third parties
  • Parents have full visibility into and control over their child's data
  • Children 13+ can access and request deletion of their own data
  • Session replay data involving child accounts is treated as sensitive data with enhanced access controls

7. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure password hashing, row-level security policies on our database, and encrypted storage for session replay data. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention and Deletion

We retain your data for as long as your account is active. Upon account deletion: personal data is removed within 30 days, session replay data is deleted within 90 days, and anonymized usage analytics may be retained indefinitely. You may request deletion of your account and associated data at any time. Child data will be deleted when a parent removes the child from their account or closes their parent account.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data; object to processing; and data portability. California residents have additional rights under the CCPA/CPRA. To exercise any of these rights, contact us at privacy@kidsbuild.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. Your continued use of KidsBuild after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at privacy@kidsbuild.com.