Privacy Policy
Last updated: July 2, 2026
SKIDOSH ("we," "us," "our") is a children's educational app published by mlchronix. We are committed to protecting the privacy of children and their parents. This policy explains what information we collect, why, who we share it with, and the choices you have. SKIDOSH is designed for families and complies with the Children's Online Privacy Protection Act (COPPA), GDPR/GDPR-K, the UK Children's Code, and Google Play's Families policy.
1. Who provides information
SKIDOSH is intended to be set up and managed by a parent or legal guardian.
- Parents create the account and provide their email and a display name.
- Children use the app under a parent-created profile. We collect only the limited information needed to run the educational experience, and only after a parent has given verifiable consent (see Section 6).
2. Information we collect
From parents (account holders):
- Email address (account creation, sign-in, and parental-consent records).
- Display name (optional; from email sign-up or, if used, Google/Apple sign-in).
- Parental-consent records (the fact and date of consent, consent version, marketing opt-in choice, and the child's age band).
- Purchase history (which subscription was bought; processed by our payment provider — see Section 4).
From or about children (with parental consent):
- Child's first name or nickname and age (used only to show age-appropriate content and personalize the experience).
- An optional profile picture (avatar), if a parent chooses to add one.
- Learning progress and in-app activity: games played, scores, XP, levels, streaks, achievements, time spent, and screens viewed.
- In-app family messages between a parent and their child.
- Child-created content such as drawings saved in creative games, and personal notes (notes are stored only on the device).
We do NOT collect: precise location, contacts, microphone/audio, camera input, advertising identifiers, or device push-notification tokens. The app contains no third-party advertising. The microphone and camera are disabled.
3. Why we collect it (purposes)
- Account management — create and secure the parent account.
- App functionality — save progress across devices, personalize content to the child's age, enable family messaging, and unlock purchased features.
- Legal compliance — record verifiable parental consent (COPPA/GDPR-K).
- Analytics — understand which educational activities are used so we can improve the app. Profile-linked analytics are sent to our servers only after parental consent has been given.
- App performance — diagnose crashes and errors (see Section 4).
We do not sell personal information, and we do not use children's data for behavioral advertising or profiling beyond the educational personalization described above.
4. Who we share information with
We use a small number of trusted service providers ("processors") who handle data on our behalf. We do not sell data or share it for advertising.
- Supabase — our database and authentication backend. Stores account, child profile, progress, consent, messaging, and entitlement data. Data in transit is encrypted via HTTPS.
- RevenueCat — processes in-app subscription purchases and restores. We send it a non-identifying account ID to link purchases to your account. We do not send your name, email, or your child's information to RevenueCat.
- Cloudinary — image hosting for optional profile pictures. If you add an avatar, the image is uploaded to Cloudinary. We do not run facial recognition, identification, or create any biometric profile of your child.
- Cloudflare R2 — content delivery and hosting for our own educational media (story videos, storybook pages, and drawing/writing template images). It serves app content to your device; we do not upload or store any personal information about you or your child in R2.
- Sentry (only if enabled) — receives crash/error diagnostics to help us fix bugs. We send only a non-identifying account ID (never email) and never attach screenshots of app content.
- Apple / Google — only if you choose "Sign in with Apple" or "Continue with Google," in which case the provider returns your name/email to create your account.
We may also disclose information if required by law or to protect the safety of a child or the public.
5. International data transfers
Our service providers may process data on servers located outside your country. Where required, we rely on appropriate safeguards for such transfers.
6. Children's privacy & verifiable parental consent (COPPA)
SKIDOSH does not knowingly collect personal information from a child under 13 without verifiable parental consent. Before a child's information is collected or transmitted, a parent must complete our consent step, confirming they are the child's parent or guardian and agreeing to our data practices. Until consent is given, profile-linked activity is held on the device and is not transmitted to our servers.
A parent may, at any time: review the personal information we have collected about their child; refuse further collection or use; withdraw marketing consent (Parent Dashboard); and request deletion (Section 8). To exercise these rights, use the in-app Parent Dashboard or contact us (Section 10).
7. How we protect data
- All data transmitted between the app and our providers is encrypted in transit using HTTPS/TLS.
- Access to our backend is restricted and protected by authentication.
- The parent area is protected by a parent PIN, stored on the device in hashed form.
8. Data retention and deletion
We keep personal information only as long as needed to provide the service or as required by law. You can delete your data at any time:
- In the app: open the Parent Dashboard → "Delete All Data." This removes your child's progress, achievements, profile, messages, drawings, and account data from your device and from our servers, and queues your account for full removal within 30 days.
- By web request: visit our Delete Your Data page and follow the instructions.
- By email: contact us (Section 10) and we will process your request.
9. No advertising
SKIDOSH contains no third-party advertising and no ad networks. We do not use advertising identifiers and do not engage in behavioral advertising.
10. Contact us
mlchronix
Email: m.usman003344@gmail.com
11. Changes to this policy
We may update this policy from time to time. If we make material changes to how we handle children's data, we will re-request parental consent and update the "Last updated" date above.