Privacy Policy
Last updated: January 31, 2026
Compliant with COPPA (USA), DPDPA (India), Privacy Act 2020 (NZ), Privacy Act 1988 & Online Safety Act 2021 (AU), and GDPR (EU)
At KidJar, we take the privacy of your family seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services. KidJar is designed with children's privacy as a top priority, and we comply with the Children's Online Privacy Protection Act (COPPA), India's Digital Personal Data Protection Act (DPDPA 2023), New Zealand's Privacy Act 2020, Australia's Privacy Act 1988 & Online Safety Act 2021, and the EU General Data Protection Regulation (GDPR).
Information We Collect
Parent/Guardian Information
- Email address (for account creation and communication)
- Name (optional, for personalization)
- Profile picture (optional)
- Country of residence (for jurisdiction-specific compliance)
Child Information
- First name or nickname (for display within the family)
- Birth year (to provide age-appropriate experiences)
- Avatar emoji or image (chosen by parent)
- Chore completion data and earned points
Usage Information
- App usage patterns and feature interactions
- Device information (type, operating system)
- Error logs for troubleshooting
Minimal Data Principle: Across all jurisdictions, KidJar collects only data that is strictly necessary to provide the chore-tracking and rewards service. We never collect personal identifiers (SSN, government ID) or precise geolocation from children.
How We Use Your Information
- To provide and maintain our service
- To manage user accounts and family groups
- To track chores, points, and rewards within families
- To send notifications about chore reminders and achievements
- To improve our app based on usage patterns
- To communicate important updates about the service
- To respond to customer support requests
We never use child data for profiling, behavioural advertising, or automated decision-making. This applies globally regardless of your jurisdiction.
Children's Privacy Protection
KidJar is committed to protecting children's privacy across every jurisdiction we operate in:
- Children cannot create accounts — only parents/guardians can add children to their family
- Children access the app through a secure code system, not email addresses
- We collect minimal information about children (name/nickname, birth year, avatar)
- Child data is only visible to their parent/guardian
- Children cannot interact with users outside their family
- No third-party advertising is shown to children
- No profiling or behavioural tracking of children
- Parents can review, modify, export, or delete their child's information at any time
- Verifiable parental consent is obtained before collecting any child data
International Compliance
KidJar operates globally and complies with child privacy regulations in each jurisdiction. Below are the specific standards we adhere to based on your country of residence.
United States — COPPA (Children's Online Privacy Protection Act)
For users in the United States, KidJar complies fully with COPPA, enforced by the Federal Trade Commission (FTC):
- Age threshold: 13 years — children under 13 require verifiable parental consent
- Verifiable parental consent (VPC): Before any child data is collected, the parent/guardian must actively confirm their consent during registration
- Parental rights: Parents may review, modify, or delete their child's data at any time through their account settings or by contacting us
- No targeted advertising: KidJar does not show targeted or behavioural advertising to children
- No unnecessary data collection: We do not condition a child's participation on disclosing more information than is reasonably necessary
- Data retention: Child data is retained only as long as necessary to provide the service, with a maximum retention period of 365 days after account deletion
- Third-party operators: We do not share child data with third parties for their own marketing purposes
India — DPDPA (Digital Personal Data Protection Act 2023)
For users in India, KidJar complies with the Digital Personal Data Protection Act 2023:
- Age threshold: 18 years — all users under 18 are treated as children requiring guardian consent
- Verifiable parental consent: Required before processing any child data; parents must confirm their identity and guardian status
- Guardian declaration: Parents must explicitly declare they are a lawful guardian of the child
- No tracking or profiling: KidJar does not perform behavioural monitoring, tracking, or profiling of children
- No targeted advertising: Advertising directed at children is strictly prohibited
- Data principal rights: Parents (as data fiduciaries for their children) have the right to access, correct, and erase their child's data
- Data retention: Child data retained for a maximum of 730 days (2 years) after account deletion, as prescribed
- Cross-border transfers: Data may be stored on servers outside India only in accordance with DPDPA provisions
New Zealand — Privacy Act 2020
For users in New Zealand, KidJar complies with the Privacy Act 2020 administered by the Office of the Privacy Commissioner:
- Age threshold: 16 years — children under 16 require parental/guardian consent
- Parental consent: Parents must provide consent before any child data is collected
- Information Privacy Principles (IPPs): KidJar adheres to all 13 Information Privacy Principles, including purpose limitation, data minimization, and accuracy
- Purpose limitation: Child data is used only for providing the chore-tracking and rewards service
- Access & correction: Parents can request access to and correction of their child's data at any time
- Data export & deletion: Parents can export all child data in a portable format or request complete deletion
- Mandatory breach notification: In the event of a privacy breach likely to cause serious harm, we will notify the Privacy Commissioner and affected individuals as required
- Data retention: Child data retained for a maximum of 365 days after account deletion
- No profiling: No behavioural profiling or automated decision-making is performed on children
Australia — Privacy Act 1988 & Online Safety Act 2021
For users in Australia, KidJar complies with the Privacy Act 1988 (Australian Privacy Principles) and the Online Safety Act 2021:
- Age threshold: 16 years — children under 16 require parental/guardian consent
- Australian Privacy Principles (APPs): KidJar adheres to all 13 APPs including transparency, purpose limitation, and data security
- Parental consent: Verifiable parental consent required before collecting any child data
- Online Safety Act compliance: KidJar incorporates age-appropriate design features to ensure online safety for children
- No targeted advertising to children: No behavioural or targeted advertising is displayed to child users
- No profiling: KidJar does not profile, track, or monitor children's behaviour beyond what is necessary for core functionality
- Data export & deletion: Parents can export or delete their child's data at any time
- Data retention: Child data retained for a maximum of 365 days after account deletion
- Notifiable data breach scheme: We comply with the mandatory data breach notification requirements under Part IIIC of the Privacy Act
- Cross-border disclosure: Where data is transferred outside Australia, we ensure equivalent privacy protections are in place
European Union — GDPR (General Data Protection Regulation)
For users in the European Union, KidJar complies with the General Data Protection Regulation (GDPR):
- Age threshold: 16 years (or lower as defined by member state, minimum 13) — children below the threshold require parental consent
- Lawful basis: We process child data based on parental consent (Article 8) and legitimate interest for service delivery (Article 6(1)(f))
- Data subject rights: Right to access, rectification, erasure (“right to be forgotten”), data portability, restriction of processing, and right to object
- Data minimization: Only data strictly necessary for the service is collected
- Data portability: Parents can export all child data in a structured, commonly used format (JSON)
- Right to erasure: Parents can request complete deletion of their child's data
- No profiling: No automated decision-making or profiling is performed on children
- Privacy by design: KidJar implements data protection by design and by default
- Data retention: Child data retained for a maximum of 365 days after account deletion
Consent Age Summary
| Country | Regulation | Child Consent Age | Parental Consent | Data Retention |
|---|---|---|---|---|
| United States | COPPA | 13 | Verifiable (VPC) | 365 days |
| India | DPDPA 2023 | 18 | Verifiable + Declaration | 730 days |
| New Zealand | Privacy Act 2020 | 16 | Parental | 365 days |
| Australia | Privacy Act 1988 + OSA | 16 | Verifiable | 365 days |
| European Union | GDPR | 16 | Verifiable | 365 days |
Data Security
We implement appropriate security measures to protect your information:
- All data is encrypted in transit using TLS/SSL
- Passwords are hashed and never stored in plain text
- Access to user data is restricted to essential personnel only
- Regular security audits and updates
- Secure cloud infrastructure
- Consent actions are logged with full audit trail (timestamp, IP address, user agent)
We use industry-standard measures to protect your data. However, no method of transmission over the Internet or electronic storage is 100% secure.
Data Sharing
We do not sell your personal information. We may share information only in these cases:
- Service Providers: With trusted partners who help us operate our service (e.g., cloud hosting, email delivery)
- Legal Requirements: If required by law or to protect rights and safety
- With Consent: When you explicitly agree to sharing
Child data is never shared with third parties for marketing, advertising, or any purpose beyond providing the KidJar service. This applies globally, regardless of jurisdiction.
Your Rights
Regardless of your location, you have the right to:
- Access the personal information we hold about you and your children
- Correct inaccurate information
- Delete your account and all associated data
- Export your data in a portable format (JSON)
- Opt out of marketing communications
- Withdraw consent at any time
- Request deletion of specific child data without deleting your parent account
- Receive notification of data breaches that may affect you
To exercise any of these rights, visit your Account Settings or contact our Privacy Team at the email below. Requests will be processed within 30 days.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, KidJar will:
- Notify the relevant supervisory authority within the timeframe required by applicable law (72 hours under GDPR, “as soon as practicable” under NZ/AU law)
- Notify affected individuals without undue delay
- Document remedial actions taken to address the breach
Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us:
KidJar Privacy Team
Email: media@sirisapps.com
Address: Auckland, New Zealand
For COPPA-specific inquiries, you may also contact us with the subject line “COPPA Request”. For DPDPA, Privacy Act, or GDPR inquiries, please indicate the relevant regulation in your message.
Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the app. Continued use of KidJar after changes constitutes acceptance of the updated policy.