Privacy Policy

Brain Ninjas is operated by [YOUR LLC NAME], a company based at [YOUR BUSINESS ADDRESS]. We operate the website at edukidsgames.com and any associated apps or services (collectively, the "Service").

If you have any questions about this Privacy Policy or your data, contact us at:

The Children's Online Privacy Protection Act (COPPA) is a United States federal law that protects children under 13 online. We comply fully with COPPA and its 2026 amendments enforced by the Federal Trade Commission (FTC).

Our core privacy design principle: children never register directly.

Only parents and legal guardians create accounts. Children are added as anonymous profiles under a parent account. We collect no personal information from children — no name, email address, date of birth, location, voice recording, photo, or device identifier.

From Parents and Guardians:

• •Email address: Used for your account login and to send you important account notices. We do not send marketing emails without your separate consent.
• •Password: Stored as an encrypted hash (bcrypt). We never store or can read your plain-text password.
• •Payment information: If you subscribe to Premium, your payment is processed securely by Stripe, Inc. We never see or store your full card number. Stripe provides us only a subscription status and customer ID.

From Child Profiles (created by parents):

• •Nickname: A name chosen by the parent — 2 to 20 characters. We ask parents not to use a child's real full name, and our system does not require or verify real names.
• •Avatar: An emoji icon chosen from a fixed list of 8 options (e.g. 🦁 🐸 🦊). Not a photo.
• •Age group: One of three broad categories: Preschool (ages 3–5), Early (6–7), or Elementary (8–11). We do not ask for or store exact birth dates.
• •Game progress: Score, level reached, and time played per game session. This is used only to show the parent a progress report. It is never sold or shared.

What We Do NOT Collect:

• ✗We do not collect real names of children
• ✗We do not collect email addresses from children
• ✗We do not collect dates of birth
• ✗We do not collect precise location data
• ✗We do not collect photos or videos
• ✗We do not collect voice or audio recordings
• ✗We do not use persistent device identifiers tied to children
• ✗We do not use behavioral advertising tracking of any kind

We use the information we collect only for these specific purposes:

• ✓To create and manage your parent account
• ✓To display child profiles and game progress in your parent dashboard
• ✓To process and manage your subscription payment through Stripe
• ✓To send you account-related emails (e.g. registration confirmation, subscription receipts)
• ✓To improve the quality and content of our games based on aggregated, anonymous usage patterns
• ✓To comply with legal obligations

We do not use your information for targeted advertising. We do not sell your data. We do not share your data with third-party advertisers.

We do notsell, rent, or trade your personal information or your child's profile data to any third party.

We share information only in these limited circumstances:

• Stripe, Inc.— Our payment processor. Stripe receives your billing information to process subscription payments. Stripe's privacy policy governs their use of your data. We do not share any child profile data with Stripe.
• Hosting infrastructure — Our servers and database are hosted on infrastructure providers (such as Vercel and Supabase/Railway). These providers process data on our behalf under data processing agreements and do not use your data for their own purposes.
• Legal requirements — We may disclose information if required to do so by law, court order, or to protect the rights, property, or safety of Brain Ninjas, our users, or the public.

COPPA 2026 Notice:We do not disclose children's information to any third party for targeted advertising or any commercial purpose unrelated to providing the Service. Any future third-party data sharing would require separate, explicit parental consent.

Under COPPA, you have the following rights regarding your child's information. You can exercise any of these rights at any time by emailing us at [YOUR CONTACT EMAIL].

Note: Exercising these rights will not affect your ability to continue using the Service, except where deletion of data is necessary to fulfill the request.

We retain your data only as long as necessary for the purposes described in this policy. This is a requirement of the 2026 COPPA amendments.

We do not retain personal information beyond these periods. When your account is deleted, all associated child profiles and progress data are permanently removed from our systems within 30 days.

We take reasonable technical and organizational steps to protect your data, including:

• 🔐All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• 🔐Passwords are hashed using bcrypt with a minimum cost factor of 12 — they cannot be reversed
• 🔐Payment processing is handled entirely by Stripe — we never touch raw card data
• 🔐Access to production databases is restricted to essential personnel only
• 🔐We conduct regular security reviews of our codebase and infrastructure

No system is 100% secure. In the unlikely event of a data breach affecting your information, we will notify you by email as required by applicable law.

We use a minimal number of cookies necessary to operate the Service:

• 🍪Session cookie — keeps you logged in during your visit. Deleted when you close your browser or log out.
• 🍪Authentication token — a secure token that identifies your parent account. Required for the Service to function.

We do not use:

• ✗Google Analytics or any behavioral analytics
• ✗Facebook Pixel or any social media tracking
• ✗Advertising cookies of any kind
• ✗Cross-site tracking technologies

We may use Plausible Analytics — a privacy-first analytics tool that collects no personal data, sets no cookies, and is fully GDPR and COPPA compliant — to understand overall site traffic (e.g. how many people visit the homepage).

Brain Ninjas is operated in the United States. If you are visiting from the European Union or United Kingdom, please be aware that your data will be transferred to and processed in the United States.

If you are located in the EU/UK and your child is under the applicable digital consent age (13–16 depending on your country), the same rules apply: parents must register and consent on behalf of children. We do not collect personal data from children directly.

EU/UK users may also have rights under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, and port your data. Contact us at [YOUR CONTACT EMAIL] to exercise any GDPR rights.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect, and we will update the effective date at the top of this page.

Your continued use of the Service after changes take effect means you accept the updated policy. If you do not agree with any changes, you may close your account at any time.

If you have questions, concerns, or requests related to this Privacy Policy — including to exercise any parental rights under COPPA — please contact us:

You may also file a complaint with the Federal Trade Commission at ftc.gov/complaint or by calling 1-877-FTC-HELP.