Privacy Policy

1. Introduction

Tarqatoo ("we," "our," or "us") is committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

2. Information We Collect

2.1 Parent Account Information

When you create a parent account, we collect:

Authentication Data:

• Apple ID (if using Apple Sign-In)
• Google account information (if using Google Sign-In)
• Email address and password (if using email registration)
• Display name

Subscription Information:

• Subscription tier (Free, Pro, Premium)
• Payment history (processed by Apple, not stored by us)
• Receipt validation data

Settings and Preferences:

• Language preference
• Notification settings
• Parental controls (e.g., "Show Solution" permission)

2.2 Child Account Information

With parental consent, we collect:

Basic Profile:

• First name (provided by parent)
• Birth date (for age verification)
• Invitation code
• Parent-child relationship

Device Information:

• Device token (for authentication)
• Device model and name
• iOS version
• Last active timestamp

Educational Data:

• Chat messages with AI tutor
• Submitted homework photos
• Learning progress and statistics
• Completed tasks count
• Topic classifications
• Session history

Gamification Data:

• Experience points (XP)
• Level and streaks
• Unlocked achievements

2.3 Automatically Collected Information

Analytics Data:

• App usage patterns
• Feature interactions
• Error logs and crash reports
• Session duration

Technical Data:

• IP address (not stored long-term)
• App version
• Device identifiers

2.4 Photos and Camera

• We collect homework photos when you use the photo capture feature
• Photos are uploaded to secure cloud storage
• Photos are only used for educational assistance
• Parents can delete photos at any time

3. How We Use Your Information

3.1 To Provide the Service

• Authenticate users and maintain accounts
• Process and respond to educational questions
• Generate personalized learning content using AI
• Track learning progress and provide analytics
• Enable parent-child account linking
• Manage subscriptions and billing

3.2 To Improve the Service

• Analyze usage patterns to improve features
• Identify and fix technical issues
• Develop new educational content
• Enhance AI tutoring effectiveness

3.3 To Communicate With You

• Send important service updates
• Notify about subscription status
• Respond to support requests
• Send push notifications (with your consent)

3.4 Legal and Safety

• Comply with legal obligations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Ensure child safety online

4. How We Share Your Information

4.1 We Share Data With:

Third-Party Service Providers:

4.2 We Do NOT:

• Sell or rent your personal information to third parties
• Share children's data for advertising purposes
• Use children's information for behavioral advertising
• Share data with data brokers or marketing companies

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

• Protect our legal rights
• Prevent fraud or security threats
• Comply with COPPA or GDPR requirements
• Protect child safety

5. Data Security

5.1 Security Measures

We implement industry-standard security measures:

Encryption:

• Data encrypted in transit (TLS/SSL)
• Data encrypted at rest in Firebase
• Device tokens stored in iOS Keychain

Access Controls:

• Role-based access limitations
• Secure authentication mechanisms
• Regular security audits

Firebase Security Rules:

• Parents can only access their own children's data
• Children can only access their own sessions
• Server-side validation of all requests

5.2 Data Retention

• Active Accounts: Data retained as long as account is active
• Deleted Accounts: All data deleted immediately upon account deletion
• Chat History: Retained for educational progress tracking
• Analytics: Anonymized after 90 days

5.3 Security Limitations

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

6.1 GDPR Rights (EU Users)

If you are in the European Union, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Objection: Object to certain data processing
• Restriction: Restrict how we process your data
• Withdraw Consent: Withdraw consent at any time

6.2 COPPA Rights (US Users)

Parents have the right to:

• Review their child's personal information
• Request deletion of their child's information
• Refuse further collection of their child's information
• Consent to collection but refuse third-party disclosure (not applicable - we don't share)

6.3 How to Exercise Your Rights

• In-App: Use account settings to manage data
• Email: Contact us at contact@tarqatoo.com
• Account Deletion: Delete account through app settings

We will respond to requests within 30 days.

7. Parental Controls and Consent

7.1 Verifiable Parental Consent

We obtain verifiable parental consent through:

• Parent account creation (Apple/Google Sign-In or email verification)
• Parent must be 18+ years old
• Explicit consent checkbox when creating child profiles, with timestamp recorded

7.2 Parent Dashboard

Parents can:

• View and edit child profiles
• Monitor learning progress
• View chat history (Premium)
• Manage device access
• Control "Show Solution" feature
• Delete child data at any time

7.3 Child Privacy Protection

• Children cannot create accounts without parent
• No direct marketing to children
• No behavioral advertising based on child data
• Age-appropriate content only

8. International Data Transfers

• Our servers are located in the United States
• By using the App, you consent to data transfer to the US
• We comply with applicable data protection laws
• EU users: We implement appropriate safeguards for international transfers

9. California Privacy Rights

If you are a California resident, you have additional rights under CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of sale (Note: We do not sell personal information)
• Right to deletion
• Right to non-discrimination for exercising privacy rights

California Notice: We do not sell personal information of minors under 16 years old.

10. Children's Privacy (COPPA Compliance)

10.1 Age Restrictions

• The App is intended for students aged 11-17 years old
• We do not knowingly collect information from children under 11
• Parent verification required before child can use the App

10.2 Data Minimization

We only collect information necessary to provide the educational service:

• No precise geolocation
• No social media integration for children
• No photo/video sharing outside the App
• No collection of social security numbers or financial information from children

10.3 Parental Notification

Parents are notified about:

• What information is collected from their child
• How the information is used
• Our disclosure practices
• Parent's rights to review, delete, and refuse further collection

11. Cookies and Tracking

• We do not use cookies in the mobile app
• We do not use third-party tracking or advertising SDKs
• Analytics are collected through Firebase Analytics (anonymized)
• No cross-app or cross-site tracking

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• In-app notification
• Email to your registered address
• Posting the new Privacy Policy on our website
• Updating the "Last Updated" date

For material changes affecting children's privacy, we will obtain renewed parental consent.

13. Data Breach Notification

In the event of a data breach affecting personal information:

• We will notify affected users within 72 hours
• Parents will be notified if children's data is affected
• We will provide information about the breach and remediation steps
• We will comply with all applicable breach notification laws

14. Do Not Track

Our App does not respond to Do Not Track signals because we do not track users across third-party websites or apps.

15. Your Choices

15.1 Account Settings

You can control:

• Email notifications
• Push notifications (iOS Settings)
• Language preference
• Parental controls

15.2 Data Deletion

To delete your data:

1. Go to Settings in the App
2. Select "Delete Account"
3. Confirm deletion
4. All data will be deleted immediately

15.3 Access Your Data

To access your data:

• Email contact@tarqatoo.com
• We will provide a copy within 30 days
• Available in JSON or PDF format

16. Third-Party Links

The App does not contain links to third-party websites or services. All functionality is contained within the App.

17. Contact Us

For privacy-related questions or concerns:

• Email: contact@tarqatoo.com

For GDPR-related requests, please specify "GDPR Request" in the subject line.

18. Supervisory Authority

If you are in the EU and believe we have not addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

19. Data Protection Officer

For data protection inquiries, you can contact us at: contact@tarqatoo.com