Legal Document

Privacy Policy

Application: Bright Kids  ·  Developer: AppZila  ·  Effective: June 28, 2026

1.

Introduction

Welcome to Bright Kids, a fun and safe educational application for young children, developed and published by AppZila ("we," "us," or "our"). Bright Kids helps children learn the alphabet, numbers, counting, and early literacy and numeracy skills through interactive games and colorful activities.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you or your child downloads, installs, or uses the Bright Kids mobile application (the "Application") on Android or iOS devices, and when you visit our website at www.appzila.com (the "Site").

Because Bright Kids is designed for use by young children, we treat children's privacy with the utmost seriousness. This policy is written to be fully compliant with the U.S. Children's Online Privacy Protection Act ("COPPA"), the EU General Data Protection Regulation as applied to minors ("GDPR-K"), and all other applicable children's privacy laws globally.

Summary of Key Points:
  • We do not collect personal information from children without verifiable parental consent.
  • We do not show behavioral or interest-based advertisements to children.
  • All learning activities, games, and progress tracking are processed entirely on the device. No learning data is uploaded to our servers.
  • We do not allow children to share personal information publicly or communicate with other users.
  • Parents can contact us at any time to review, delete, or restrict data.
2.

Child-Directed Application Notice

This Application is directed at children. Bright Kids is designed for use by children, typically under the age of 13. Parents and guardians are encouraged to supervise their child's use of the Application and to read this Privacy Policy in full before allowing their child to use the Application.

As a child-directed application, Bright Kids is subject to stricter data handling requirements than general-audience apps. Specifically:

  • No Behavioral Advertising: We do not use advertising identifiers (such as the Android Advertising ID or Apple IDFA) to build profiles or deliver interest-based advertisements to child users. Any advertisements displayed are non-personalized and contextual only, served in strict compliance with COPPA and Google AdMob's Families Policy.
  • No Social Features: The Application does not include chat, messaging, social sharing, or any feature that would allow a child to communicate with or share personal information with other users or strangers.
  • No Account Registration: Children are not required to create an account, provide a name, email address, or any other personal information to use the Application.
  • No In-App Purchases Without Parental Gate: If any premium or in-app purchase features are offered, they are gated behind a parental authorization mechanism to ensure only an adult can authorize a transaction.
  • Safe Content Only: All content within the Application is designed to be age-appropriate, educational, and free from violence, adult themes, or inappropriate language.
3.

Information We Collect

We collect only the minimum information necessary to operate, improve, and deliver a safe experience. We never collect personal information directly from children without verifiable parental consent.

3.1 Information Provided by Parents or Guardians

The Application does not require children or parents to register an account. However, if a parent or guardian contacts us for support, they may voluntarily provide their name and email address. This information is used solely to respond to the inquiry and is never shared for marketing purposes.

3.2 Information Collected Automatically

When the Application is used, our third-party service providers may automatically collect limited technical information. Because this is a child-directed app, this collection is strictly limited:

  • Device Information: Device model, operating system version, screen resolution, and device locale. This information is used in aggregate to ensure compatibility and to improve the Application.
  • Usage Data: Which educational activities or games are opened and session duration, collected at an aggregated, non-identifiable level to understand which learning features are most helpful.
  • Diagnostic and Crash Data: Error logs, crash reports, and performance metrics collected by Firebase Crashlytics to identify and fix software bugs. This data does not include any learning content or child-identifiable information.
  • IP Address: Your device's IP address may be temporarily logged by third-party SDKs for fraud prevention and regional compliance. We do not collect or store precise GPS location.

3.3 What We Do NOT Collect

We explicitly do not collect:

  • The child's name, age, date of birth, or any identity information.
  • Photos, voice recordings, or any biometric data.
  • Precise geolocation data.
  • Contact list, SMS messages, or call logs.
  • Behavioral or interest-based advertising identifiers from child users (advertising is served as non-personalized / child-directed).
  • Learning progress, quiz scores, or activity history beyond what is stored locally on the device.
  • Financial or payment information from children.
4.

How We Use Information

The limited information we collect is used only for the following purposes, and never for profiling, targeting, or monetizing child users:

  • To provide and maintain the Application: Delivering educational games, alphabet and number activities, and interactive learning content safely and reliably.
  • To improve the Application: Analyzing aggregated, non-identifiable usage data to understand which learning activities engage children most effectively and to develop new content.
  • To detect and fix bugs: Using crash logs and diagnostic reports to identify and resolve software defects, improving the stability of the Application.
  • To display non-personalized ads: Showing contextual, child-safe advertisements configured under Google AdMob's child-directed and Families policies. No behavioral profiling is used.
  • To comply with legal obligations: Responding to lawful requests from public authorities and meeting our obligations under COPPA, GDPR, and other applicable laws.
  • To respond to parental inquiries: Addressing support requests or privacy questions submitted by a parent or guardian.
5.

Educational Content and Local Processing

Important: All educational activities, learning games, and in-app progress in Bright Kids are processed entirely on your child's device. Learning data, scores, and activity history are never uploaded to our servers.

The following principles govern how the Application handles educational and in-session data:

  • On-Device Learning Progress: If the Application tracks activity completion, stars earned, or levels unlocked, this data is stored locally on the device using the Application's sandboxed storage (e.g., shared preferences or local database). We cannot access this data remotely.
  • No Learning Profiles: We do not build or maintain profiles of individual children based on their learning activity, quiz performance, or content preferences.
  • No Microphone or Voice Input: The Application does not use the device's microphone or collect any voice data from children. All interactions are tap- and touch-based.
  • No Camera Access: The Application does not access the device camera. No photos or images of children are captured or collected.
  • Offline Functionality: Core learning content and games are designed to work offline. Internet connectivity is only required for loading advertisements and transmitting anonymized analytics and crash reports.
6.

Permissions We Request and Why

The Application requests only the minimum permissions required. We do not request permissions for camera, microphone, contacts, location, or photo library access.

Internet Access

Android: INTERNETiOS: (System-managed)

Why we need it: Required to load child-safe, non-personalized advertisements from Google AdMob (configured under the Families policy) and to transmit anonymized crash reports and analytics to Firebase. Internet access is never used to upload learning content or any child-identifiable data.

Network State

Android: ACCESS_NETWORK_STATE

Why we need it: Allows the Application to check for an available network connection before attempting to load advertisements, preventing unnecessary network errors and enabling graceful offline mode.

Vibration

Android: VIBRATE

Why we need it (if applicable): Used to provide tactile feedback during learning games and activities (e.g., a gentle vibration when a child taps the correct letter or number). No data is collected as part of this permission.

7.

Advertising (Child-Safe)

Child-Directed Advertising Commitment: All advertisements displayed in Bright Kids are served as non-personalized, child-directed ads in strict compliance with COPPA, the Google Play Families Policy, and Apple's App Store guidelines for children's apps. We do not use behavioral targeting, advertising identifiers, or interest-based profiling for any child user.

The Application uses Google AdMob with the following child-safe configuration:

Child-Directed Treatment

The Application is configured with AdMob's child-directed treatment tag set to true. This instructs Google to:

  • Disable interest-based advertising and remarketing.
  • Disable the use of the Android Advertising ID or Apple IDFA.
  • Serve only ads from advertisers who have certified compliance with Google's Families Policy.
  • Restrict ad categories to those appropriate for children.

Ad Content Standards

Advertisements served in the Application are filtered to exclude content involving violence, adult themes, gambling, alcohol, or any material deemed inappropriate for young children. Google AdMob's Families policy certification process governs which advertisers are permitted to show ads in child-directed apps.

No Advertising Identifiers from Children

Because the Application is child-directed, the Android Advertising ID and Apple IDFA are not used to serve advertisements. Ads may be contextualized based on the general subject matter of the Application (educational / children's content) but not on individual behavioral data.

AdMob Privacy Policy

For more information about how Google handles data in child-directed apps, review Google Play's Families Policy and Google's Privacy Policy at policies.google.com/privacy.

8.

Analytics and Crash Reporting

Firebase Analytics

We use Firebase Analytics to collect aggregated, anonymized usage statistics. For child-directed apps, Firebase Analytics is configured to disable advertising features and to avoid collection of advertising identifiers. Data collected includes:

  • App open and session events
  • Feature-level events (e.g., "alphabet_activity_started," "counting_game_completed")
  • Device type and OS version
  • App version
  • First open event

Firebase Analytics data is pseudonymized and aggregated. It is used only to improve the Application's educational content and user experience. For more information, visit firebase.google.com/support/privacy.

Firebase Crashlytics

We use Firebase Crashlytics to automatically detect and report application crashes and errors. Crashlytics collects:

  • Crash stack traces and error logs
  • Device state at time of crash (memory, OS version, device model)
  • Application version
  • A pseudonymous Crashlytics installation UUID (not linked to any child's identity)

Crashlytics data is used exclusively to fix software bugs and does not include any child-identifiable information. You may request deactivation of Crashlytics collection by contacting us.

9.

Third-Party Services

The Application integrates the following third-party services. All services are configured for child-directed use where applicable:

ServiceProviderPurpose
Google AdMob (Families)Google LLCChild-safe, non-personalized in-app advertising
Firebase AnalyticsGoogle LLCAggregated, anonymized usage analytics
Firebase CrashlyticsGoogle LLCCrash reporting and app stability
Google Play ServicesGoogle LLCCore Android platform services
Apple System ServicesApple Inc.Core iOS platform services (iOS only)

We do not integrate social media SDKs, third-party analytics beyond Firebase, or any service that would collect personal information from children for commercial purposes. We are not responsible for the independent data practices of these providers, but we contractually require them to comply with applicable children's privacy laws.

Google Play Data Safety and Apple App Privacy Disclosures

  • Data Collected: App interactions (aggregated, anonymized), crash logs, diagnostics, and device information.
  • Advertising Identifiers: Not collected from child users. Child-directed treatment is enabled in AdMob.
  • Data NOT Collected: Name, email, photos, location, voice, learning progress, or any personally identifiable information from the child.
  • Data Security: All data in transit is encrypted using TLS. Users may request data deletion (see Sections 13 and 15).
10.

Data Sharing and Disclosure

We do not sell, trade, rent, or share personal information about children with any third party for commercial or marketing purposes. We may share limited information in the following strictly controlled circumstances:

  • Service Providers: We share anonymized technical data (crash logs, aggregated usage) with Firebase (Google LLC) solely to operate and improve the Application. These providers are contractually bound to use the data only as directed and to comply with applicable children's privacy laws.
  • Legal Requirements: We may disclose information if required to do so by law, court order, or governmental request. We will notify you of such requests to the extent permitted by law.
  • Protection of Safety: We may share information where strictly necessary to protect the safety of a child or to prevent illegal activity, fraud, or harm.
  • Business Transfers: In the event of a merger, acquisition, or sale of our assets, we will provide notice to parents and offer the opportunity to have data deleted before it is transferred to a new entity with a different privacy policy.
We never share a child's learning activity, progress data, or any personally identifiable information for advertising, analytics-for-hire, data brokering, or any purpose beyond operating the Application.
11.

Data Retention

We retain data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Given the child-directed nature of this Application, we apply the shortest practical retention periods:

  • Analytics Data: Aggregated, pseudonymized data in Firebase Analytics is retained for up to 14 months (the default Firebase retention period), after which it is automatically deleted or anonymized.
  • Crash Logs: Crash reports in Firebase Crashlytics are retained for 90 days by default.
  • Support Communications: If a parent or guardian contacts us, we retain communications for up to 12 months to facilitate follow-up. We never retain support communications longer than necessary.
  • Learning and Progress Data: Stored exclusively on the device. We have no access to this data and cannot delete it remotely — deletion occurs when the Application is uninstalled or when the device's app storage is cleared.

A parent or guardian may request early deletion of any data we hold by contacting us at info@appzila.com. We will fulfill deletion requests within 30 days.

12.

Security Measures

Protecting children's information is our highest priority. We implement industry-standard and child-appropriate security measures including:

  • Encryption in Transit: All data transmitted between the Application and third-party service providers is encrypted using Transport Layer Security (TLS).
  • Minimal Data Collection: By collecting only the technical data strictly necessary for app operation, we minimize the risk of any privacy incident involving child data.
  • On-Device Storage: Learning progress and activity data remain on the child's device, protected by the device's own security (screen lock, encryption at rest).
  • No Personal Data Servers: We do not operate servers that store children's personal information, eliminating the risk of a server-side data breach affecting child users.
  • Access Controls: Any aggregated analytics or crash data accessible via dashboards (e.g., Firebase Console) is restricted to authorized AppZila personnel on a need-to-know basis.
  • Regular Review: We periodically review our data practices, third-party integrations, and this Privacy Policy to ensure ongoing compliance with COPPA, GDPR-K, and evolving children's privacy standards.
13.

COPPA Compliance (U.S. Users)

The U.S. Children's Online Privacy Protection Act ("COPPA") imposes requirements on operators of websites and online services directed to children under 13, or that have actual knowledge they are collecting personal information from children under 13. Bright Kids is a child-directed application and is operated in full compliance with COPPA.

No Collection of Personal Information Without Parental Consent

We do not collect, use, or disclose personal information from children under 13 without verifiable parental consent. Because the Application does not require account creation and performs all learning activities locally, it does not collect personal information from children in the ordinary course of use.

The limited technical data collected automatically (device information, aggregated usage events, crash logs) falls within the COPPA exceptions for support for internal operations and does not require prior parental consent, as this data is not used to contact children, build profiles, or for any external purpose.

Parental Notice

This Privacy Policy serves as our direct notice to parents and guardians about our data practices for child users, as required by COPPA. We provide this policy:

  • On the Application's listing page in the app store.
  • Within the Application (accessible via the Settings or About screen).
  • On our website at www.appzila.com.

How to File a COPPA Complaint

If you believe we have not complied with COPPA or have questions about our practices, you may contact us at info@appzila.com. You may also contact the U.S. Federal Trade Commission ("FTC") at ftc.gov.

14.

Parental Rights and Controls

As a parent or guardian, you have the following rights with respect to your child's use of Bright Kids:

Right to Review

You have the right to review the personal information, if any, that we have collected about your child. Because we collect minimal technical data and no identifiable information, we will describe the categories of data collected and confirm that no personal data is attributed to your specific child.

Right to Delete

You may request deletion of any data we hold that may be attributable to your child. For data held by Firebase (Google), you may also submit a deletion request directly through Google's privacy tools. For locally stored learning progress, you can clear this data by uninstalling the Application or clearing app data in your device settings.

Right to Refuse Further Collection

You may request that we cease collecting data related to your child. The most effective way to prevent all data collection is to discontinue use of the Application. You may also contact us to understand and exercise your options for limiting specific data collection.

How to Exercise Parental Rights

To exercise any parental rights, please contact us at info@appzila.com with the subject line "Parental Privacy Request — Bright Kids." We will respond within 30 days. We may take reasonable steps to verify that you are the parent or legal guardian of the child before processing the request.

15.

GDPR Rights (EEA and UK Users)

If you or your child is located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) or UK GDPR applies. For children under 16 in the EEA/UK (or a lower age threshold in some member states), parental or guardian consent is required for the processing of personal data. Because Bright Kids does not collect identifiable personal data from children in the ordinary course of use, this threshold is generally not triggered.

Parents and guardians may exercise the following rights on behalf of their child:

Your Rights

  • Right of Access (Art. 15 GDPR): Request a copy of any personal data we hold about your child.
  • Right to Rectification (Art. 16 GDPR): Request correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): Request deletion of personal data.
  • Right to Restriction of Processing (Art. 18 GDPR): Request that we restrict processing under certain circumstances.
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests.
  • Right to Lodge a Complaint (Art. 77 GDPR): Lodge a complaint with the relevant supervisory authority in your member state.

How to Exercise Your Rights

Contact us at info@appzila.com with the subject line "GDPR Data Request." We will respond within 30 days.

Legal Basis for Processing

  • Legitimate Interests (Art. 6(1)(f)): Anonymized crash reporting and aggregated analytics for app stability and improvement.
  • Performance of Contract (Art. 6(1)(b)): Providing the core educational app functionality.
  • Legal Obligation (Art. 6(1)(c)): Compliance with COPPA, GDPR, and other applicable laws.

Data Transfers Outside the EEA/UK

Our third-party service providers (Google LLC, operating Firebase and AdMob) are based in the United States. Transfers are conducted under Standard Contractual Clauses approved by the European Commission. Google participates in the EU-U.S. Data Privacy Framework. For more information, visit Google's GDPR compliance page.

16.

CCPA Rights (California Residents)

If you are a California resident and a parent or guardian of a child using Bright Kids, the California Consumer Privacy Act ("CCPA") as amended by the CPRA grants you the following rights:

Categories of Personal Information Collected

  • Internet or Network Activity: Aggregated, anonymized app usage events and crash logs. No advertising identifiers are collected from child users.
  • Device Information: Device model, OS version, and app version (pseudonymized).

Your CCPA/CPRA Rights

  • Right to Know: Request details about the categories and specific pieces of information collected about your child.
  • Right to Delete: Request deletion of personal information collected from your child.
  • Right to Opt-Out of Sale: We do not sell personal information. We do not share children's data for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

How to Submit a CCPA Request

Contact us at info@appzila.com with the subject line "CCPA Privacy Request." We will respond within 45 days.

17.

International Users

Bright Kids is operated from India and available globally. If you or your child accesses the Application from outside India, information may be processed in countries with different data protection laws, including the United States (where Google LLC operates Firebase and AdMob). We take steps to ensure adequate protection through contractual arrangements with service providers.

In addition to COPPA (U.S.), GDPR/GDPR-K (EEA/UK), and CCPA (California), users in other jurisdictions may have additional rights:

  • Brazil (LGPD / LGPD for Minors): Rights of access, correction, deletion, anonymization, and portability. Processing of children's data requires parental consent.
  • Canada (PIPEDA): Rights of access, correction, and withdrawal of consent.
  • Australia (Privacy Act): Rights of access and correction under the Australian Privacy Principles.
  • India (DPDP Act 2023): Processing of children's personal data requires verifiable parental consent. We do not process personal data of children for tracking or behavioral monitoring.

To exercise rights under any applicable local privacy law, please contact us at info@appzila.com.

18.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy. When we make material changes — particularly changes affecting how we collect or use children's information — we will provide prominent notice by:

  • Updating the "Effective Date" at the top of this page.
  • Displaying a notice within the Application or on our website at www.appzila.com.
  • For changes that require renewed parental consent under COPPA or GDPR-K, we will seek fresh consent from parents before the changes take effect.

We encourage parents to review this Privacy Policy periodically. Continued use of the Application after changes are effective constitutes acceptance of the updated terms.

19.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your child's data, please contact us. We are committed to responding promptly to all parental privacy inquiries.

Developer / Data Controller

AppZila

Application

Bright Kids

Privacy & Parental Inquiries

info@appzila.com

Recommended Email Subject

Parental Privacy Request — Bright Kids

Response Time

We aim to respond to all parental privacy inquiries within 30 days, and within legally required timelines for COPPA and GDPR requests.

For COPPA-related complaints, you may also contact the U.S. Federal Trade Commission at ftc.gov. For GDPR complaints (EEA/UK), you may contact the data protection supervisory authority in your member state.

This Privacy Policy was last updated on June 28, 2026 and is effective as of that date. Previous versions are available upon request.

© 2026 AppZila. All rights reserved.