Family Protection
Get complete online protection for your family. Join our Pilot Study
DemoMindfulnessSafetyAboutPricing

Privacy Policy

Last Updated: February 4, 2026

Important: This Privacy Policy applies to Komal, a social-emotional learning (SEL) therapy application designed for children. We are committed to protecting the privacy of children and their parents/guardians in compliance with:

  • Google Play Families Policy (for child-directed apps distributed on Google Play)
  • COPPA (Children's Online Privacy Protection Act) - United States
  • DPDPA (Digital Personal Data Protection Act, 2023) - India
  • GDPR (General Data Protection Regulation) - European Union

Legal Compliance: We are compliant with all applicable local, national, and international laws and regulations governing data protection, privacy, and children's online safety in all jurisdictions where our services are available. This includes, but is not limited to, compliance with regional data protection laws, children's privacy regulations, and consumer protection standards across all countries where Komal operates.

Critical Privacy Assurance: We do NOT store any biometric data (raw video, audio, facial images, or voice recordings). All biometric processing occurs locally on your device, and we only store de-identified scores, metrics, and basic information. No biometric identifiers are transmitted or stored on our servers.

1. Introduction

Komal ("we," "our," or "us") is a mobile application that provides therapeutic and social-emotional learning interventions for children ages 3.5-15. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

By using our App, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use the App.

2. Information We Collect

2.1 Account Information

When you create an account as a parent or guardian, we collect:

  • Contact Information: Phone number, email address, or authentication method (Apple, Google)
  • Account Preferences: Language preferences, PIN (hashed and encrypted), Face ID settings
  • Subscription Information: Subscription status and tier (free, premium, trial)
  • Usage Data: Last login timestamp, account creation date

2.2 Learner Profile Information

For each child profile created in the App, we collect:

  • Basic Information: Name, date of birth, age (calculated), gender
  • Focus Areas: Selected areas of focus for therapy (e.g., social skills, language skills, cognitive development, emotional intelligence, life skills)
  • Settings: Sound volume preferences, animation level, preferred avatar type, color scheme, session duration preferences
  • Profile Image: Optional profile picture (stored as base64 or URL)
  • Optional PIN: For multi-learner households (hashed and encrypted)

2.3 Session Data (De-Identified Scores Only)

During therapy sessions, biometric data (camera video, microphone audio) is processed entirely on your device and is never stored or transmitted. We only collect and store the following de-identified data:

  • Session Metadata: Start time, end time, duration, focus area, avatar mode
  • Task Completion: Tasks completed, total tasks, activities log
  • Attention Scores: Numeric attention metrics (no raw eye tracking data)
  • Engagement Scores: Numeric engagement metrics (no raw facial data)
  • Emotion Scores: Categorized emotion assessments (no raw facial images)
  • Touch Analytics: Touch pattern scores and motor behavior metrics
  • Voice Analytics: Confidence and engagement scores (no raw audio recordings)
  • Domain Scores: Performance scores across different skill domains
  • Biomarker Analytics: Aggregated biomarker metrics (no individual biometric identifiers)
  • Measurement Results: Assessment scores and progress metrics
  • Mood Checks: Emoji check-ins and mood assessments
  • Reports: Concise and extended session reports containing only aggregated scores

Critical Privacy Protection:

  • NO Biometric Storage: We do NOT store, transmit, or retain any raw biometric data including video recordings, audio recordings, facial images, voice samples, or any biometric identifiers.
  • Local Processing Only: All biometric processing (eye tracking, facial expression analysis, voice analysis) occurs entirely on your device and is immediately discarded after generating scores.
  • De-Identified Data Only: We only store numeric scores, metrics, and aggregated analytics that cannot be used to identify or reconstruct biometric data.
  • No Biometric Identifiers: No fingerprints, facial templates, voiceprints, or any other biometric identifiers are stored in our systems.

2.4 Device Information

We automatically collect certain information about your device, including:

  • Device type and operating system
  • App version and build number
  • Network information (for connectivity purposes)
  • Device permissions status (camera, microphone - only if granted)

2.5 Advertising Data

Our App uses Google AdMob to display advertisements. Because Komal is a child-directed app, we configure our advertising requests to support the Google Play Families Policy and applicable children's privacy laws.

  • Child-directed ad requests: We request ads as child-directed (COPPA) and for users under the age of consent (TFUA) where applicable.
  • No personalized ads: We do not allow interest-based / personalized advertising for children.
  • Ad content rating: We restrict ad content to be suitable for general audiences ("G").
  • Identifiers: AdMob may still process limited device/app information necessary to serve ads, prevent fraud, and measure performance.

For more information about how Google AdMob handles data, please visit: Google Privacy Policy

3. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide Services: Deliver personalized therapy sessions, track progress, and generate reports
  • To Improve the App: Analyze usage patterns to enhance features and user experience
  • To Communicate: Send important updates, notifications, and support communications
  • To Ensure Security: Protect accounts, prevent fraud, and maintain app security
  • To Comply with Legal Obligations: Meet legal requirements and respond to legal requests
  • For Analytics: Generate aggregated analytics and progress reports for parents/guardians

4. Data Storage and Security

4.1 Data Storage

Your data is stored using:

  • Supabase: Cloud database service for account information, profiles, and de-identified session scores
  • Local Storage (IndexedDB): Offline-first design with local caching for improved performance
  • Encrypted Storage: Sensitive data (PINs, authentication tokens) are encrypted

What We Store: We only store de-identified data including:

  • User authentication details (email, phone, encrypted credentials)
  • Basic profile information (name, age, gender, focus areas)
  • Numeric scores and metrics (attention scores, engagement scores, domain scores)
  • Session metadata (timestamps, duration, task completion)
  • We do NOT store: Raw video, raw audio, facial images, voice samples, or any biometric identifiers

4.2 Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of sensitive data in transit and at rest
  • Secure authentication using Supabase Auth
  • Row-level security policies in our database
  • Regular security audits and updates
  • PIN and Face ID protection for parent access

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

  • Supabase: Cloud database and authentication services
  • Google AdMob: Advertising services (subject to their privacy policy)

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as:

  • Court orders or subpoenas
  • Government investigations
  • Protection of rights, property, or safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Children's Privacy - COPPA, DPDPA, and GDPR Compliance

6.1 COPPA Compliance (United States)

Komal is designed for children and fully complies with the Children's Online Privacy Protection Act (COPPA).

  • We only collect personal information from children with verifiable parental consent
  • Parents/guardians must create accounts and manage child profiles
  • We do not knowingly collect personal information from children under 13 without parental consent
  • Parents can review, modify, or delete their child's information at any time
  • We do not share children's personal information with third parties except as necessary to provide our services or as required by law
  • All biometric processing occurs locally on the device, and only de-identified scores are stored
  • No biometric data is collected, stored, or shared

6.2 DPDPA Compliance (India)

Komal complies with the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

  • Lawful Purpose: We process personal data only for specified, legitimate purposes related to providing therapeutic services
  • Data Minimization: We collect only the minimum necessary data (scores, basic info, authentication details) and do not store biometric data
  • Consent: We obtain explicit consent from parents/guardians before processing any child's data
  • Data Accuracy: We maintain accurate data and allow users to update their information
  • Storage Limitation: We retain data only as long as necessary for the stated purposes
  • Security Safeguards: We implement appropriate technical and organizational measures to protect personal data
  • Rights of Data Principals: Users have the right to access, correct, and delete their personal data
  • Grievance Redressal: Users can contact us at privacy@komalkids.com for any data-related concerns
  • No Biometric Data: We do not process or store any biometric data as defined under DPDPA

6.3 GDPR Compliance (European Union)

Komal complies with the General Data Protection Regulation (GDPR) for users in the European Union.

  • Lawful Basis: We process personal data based on consent and legitimate interests (providing therapeutic services)
  • Data Minimization: We collect and process only the minimum data necessary (scores, basic info, authentication)
  • Purpose Limitation: Personal data is processed only for specified, explicit, and legitimate purposes
  • Storage Limitation: Data is retained only as long as necessary for the stated purposes
  • Accuracy: We take reasonable steps to ensure personal data is accurate and up-to-date
  • Integrity and Confidentiality: We implement appropriate security measures to protect personal data
  • Accountability: We maintain records of data processing activities and implement privacy by design
  • Special Category Data: We do not process special category data (biometric data) as all biometric processing is local-only and no biometric identifiers are stored
  • Children's Data: We obtain parental consent for processing children's data under age 16 (or as per member state law)

7. Your Rights and Choices

You have the following rights regarding your personal information under COPPA, DPDPA, and GDPR:

7.1 Right to Access and Review

You can access and review all information associated with your account and child profiles through the App's parent dashboard. You may also request a copy of your data in a structured, commonly used format.

7.2 Right to Rectification (Modification)

You can update or modify your account information, child profiles, and preferences at any time through the App settings. You have the right to have inaccurate personal data corrected.

7.3 Right to Erasure (Deletion)

You can request deletion of your account and all associated data by contacting us at privacy@komalkids.com. We will delete your information within 30 days of your request, subject to legal retention requirements. Under GDPR, you have the right to be forgotten.

7.4 Right to Data Portability

You can request a copy of your data in a portable, machine-readable format by contacting us. We will provide your data in a structured format (JSON or CSV) within 30 days.

7.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

7.6 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.

7.7 Right to Withdraw Consent

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint

If you are in the EU, you have the right to lodge a complaint with your local data protection authority. If you are in India, you can file a complaint with the Data Protection Board.

7.9 Opt-Out of Advertising

You can opt out of personalized advertising through your device settings. On Android, go to Settings > Google > Ads > Opt out of Ads Personalisation.

8. Permissions

Our App may request the following permissions:

  • Camera: Required for real-time eye tracking and micro-expression analysis during therapy sessions. Important: Video is processed locally on your device and is never stored or transmitted. Only numeric scores are saved. This permission is optional and the App can function with limited features if not granted.
  • Microphone: Required for real-time voice tracking and analysis during therapy sessions. Important: Audio is processed locally on your device and is never stored or transmitted. Only numeric scores are saved. This permission is optional and the App can function with limited features if not granted.
  • Internet: Required for account synchronization, data backup, and accessing cloud services.
  • Network State: Required to check connectivity status for optimal app performance.

Biometric Data Processing: When camera or microphone permissions are granted, biometric data is processed in real-time on your device to generate scores. The raw biometric data (video/audio) is immediately discarded and never stored. Only de-identified numeric scores and metrics are saved to our servers.

You can revoke these permissions at any time through your device settings, though this may limit certain App features.

9. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy. Specifically:

  • Account Information: Retained until account deletion or until you request deletion
  • Session Scores: Retained to provide historical progress tracking and reports (de-identified scores only)
  • Analytics Data: Aggregated, de-identified data may be retained for research and improvement purposes

Retention Periods:

  • GDPR: Data is retained only as long as necessary for the stated purposes, with regular review and deletion of data no longer needed
  • DPDPA: Data is retained only for the period necessary to satisfy the purpose for which it was collected
  • COPPA: Children's data is retained only as long as reasonably necessary to fulfill the purpose for collection

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. No biometric data is retained as we do not store biometric data.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

For EU Users (GDPR): We ensure that appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

For Indian Users (DPDPA): We comply with DPDPA requirements for cross-border data transfers and ensure adequate protection measures are in place.

For US Users (COPPA): We comply with COPPA requirements and ensure that data transfers maintain the same level of protection for children's data.

By using our App, you consent to the transfer of your information to these countries, subject to the safeguards described above.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy in the App
  • Updating the "Last Updated" date at the top of this policy
  • Providing in-app notifications for significant changes

Your continued use of the App after such changes constitutes your acceptance of the updated Privacy Policy.

12. Third-Party Links and Services

Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

Third-Party Services We Use:

13. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Email: privacy@komalkids.com

App Name: Komal

App ID: com.komalkids.app

Support: For technical support or account-related inquiries, please use the in-app support feature or contact us through the App.

For GDPR Inquiries (EU Users): You can contact us at privacy@komalkids.com for any GDPR-related requests or to exercise your data protection rights.

For DPDPA Inquiries (Indian Users): You can contact us at privacy@komalkids.com for any DPDPA-related requests or to file a complaint regarding data processing.

Response Time: We will respond to your privacy requests within 30 days as required by applicable laws (GDPR, DPDPA, COPPA).

14. Consent

By using Komal, you consent to this Privacy Policy and agree to its terms. If you do not agree to this policy, please do not use the App.

If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately so we can delete such information.

This Privacy Policy is effective as of the date listed above and applies to all users of the Komal application.