Privacy policy
1. Who We Are
This app is operated by Employee Of The Month S.L., based in Málaga, Spain ("we," "our," "us").
Contact: privacy@pennytime.app
2. Data We Collect
| Category | Purpose | Examples |
|---|---|---|
| Parent data | Account management & consent | Name, email, date of birth, consent log |
| Child data | Learning progress tracking | Nickname, age range, progress data |
| Technical logs | Security & fraud prevention | Device and usage logs (non-identifiable) |
No photos, voice, geolocation are collected.
3. Legal Basis for Processing
We process data under:
- Consent (GDPR Art. 6(1)(a), Art. 8; COPPA §312.5) - parental approval for child participation
- Legitimate Interest (GDPR Art. 6(1)(f)) - security, maintenance, and fraud prevention
4. How We Use the Data
- Provide educational features and track progress
- Maintain parental dashboards
- Secure and monitor accounts
- Improve the app with anonymized usage insights
We do not use data for advertising, profiling, or resale.
5. Data Sharing and Storage
We use a secure, GDPR-compliant cloud provider based in the EU for authentication, database, and file storage.
Data remains within the EU and is protected under strict data protection standards.
No international transfers occur outside the EU.
6. Retention and Deletion
| Data Type | Retention | Deletion Method |
|---|---|---|
| Active accounts | Until parent deletes | Immediate removal |
| Inactive accounts | 12 months | Automatic purge |
| Consent logs | 12 months | Secure deletion |
All data is permanently deleted when accounts are removed or after 12 months of inactivity.
7. Parental Consent
- For all children (6-14), verified parental consent is required before activating accounts.
- For U.S. users under 13, parents confirm consent before data collection. We may use additional verification methods if required by COPPA.
- Parents may withdraw consent or delete data at any time.
8. Children's Privacy
We only collect what's necessary for learning activities.
No ads, social features, or external links appear inside the app.
9. Data Security
We apply strong safeguards:
- Encryption in transit and at rest (TLS/SSL)
- Role-based access control
- Pseudonymization of child records
- Secure backups and audits
10. Your Rights (EU / EEA)
Parents and guardians may:
- Access their data
- Request correction or deletion
- Withdraw consent at any time
- Request data portability
- Restrict processing for legitimate reasons
Contact privacy@pennytime.app to exercise these rights.
11. Supervisory Authority
If you believe your data has been mishandled, contact:
Agencia Española de Protección de Datos (AEPD) - www.aepd.es
12. COPPA Compliance (Children under 13 in the U.S.)
We comply with the Children's Online Privacy Protection Act (COPPA).
Parents must verify consent before any data is collected.
We collect only basic, non-sensitive information and do not share it outside the app.
13. Policy Updates
We may update this policy to reflect new features or legal changes.
Parents will be notified by email before any significant change takes effect.
Latest revision: October 2025