COLORING APP FOR KIDS — PRIVACY POLICY
Effective date: May 10, 2026
This Privacy Policy (“Policy”) describes how personal information is collected, used, stored, disclosed, and otherwise processed in connection with the Coloring App for Kids mobile application for Apple iOS and iPadOS devices (the “App”) and the related online services that power the App (collectively, the “Services”). The Services are made available by the operator identified through the contact channels listed in Section 13 below (“Operator,” “we,” “us,” or “our”).
This Policy is intended to be read together with our Terms of Use. By accessing or using the Services, you acknowledge that you have read this Policy. If you do not agree, you must not use the Services.
The authoritative version of this Policy is published at:
https://sites.google.com/brataas.io/coloringappforkids/privacy-policy
1. SCOPE; ROLE OF PARENTS AND GUARDIANS
1.1 The App is designed for family use and is not directed to unsupervised children. Where a minor uses the App, such use must occur under the supervision and authority of a parent or legal guardian who has authority to enter into this Policy on the minor’s behalf.
1.2 For purposes of consent, account registration, subscription decisions, and privacy notices under applicable children’s privacy laws, the adult who creates or controls the sign-in credentials (for example, through Google Sign-In) is treated as the responsible account holder and primary contact.
1.3 The App employs in-product confirmation gates (sometimes referred to as “parental gates”) before certain destructive or sensitive actions, including, without limitation, deleting saved coloring pages from the gallery and deleting the account. These gates are intended to reduce the risk of accidental or unsupervised actions by minors. They are a usability and safety measure and do not constitute formal age verification.
2. DEFINITIONS
“Account Data” means identifiers and credentials associated with your account, including your Firebase user identifier and information supplied by your authentication provider.
“Device Identifier” means a per-installation identifier generated or stored on the device and processed by us in hashed or similarly de-identified form for security and quota enforcement.
“User Content” means prompts, difficulty selections, voice-derived text, generated images, colored images, gallery metadata, and similar materials you submit or create through the Services.
“Processor” means an entity that processes personal information on our behalf and in accordance with our instructions.
3. CATEGORIES OF INFORMATION WE PROCESS
3.1 Account and authentication data. If you authenticate through Google Sign-In (via Firebase Authentication), we and our processors receive and process your Firebase user identifier, email address, and basic profile attributes (such as display name) as made available by Google in accordance with your Google account settings and Google’s policies. We do not operate a separate “parent recovery email” collection step in the App; the contact identity for the account is that of the authenticated Google account.
3.2 User Content. We process User Content necessary to operate the Services, including: (a) text prompts describing requested artwork; (b) difficulty settings; (c) outputs from our image-generation pipeline; (d) locally stored and, where you use cloud-backed features, server-stored copies of line art and colored layers associated with your account; and (e) voice input that you choose to provide, which is converted to text using Apple’s on-device or system speech-recognition frameworks subject to Apple’s permissions, technical implementation, and policies. Prompts submitted to the image-generation pipeline are subject to client-side and server-side validation (including minimum and maximum length checks and automated moderation) before processing; submissions that fail validation may be rejected without generating an Output.
3.3 Community features. If you use the Community area, we process authentication state, request metadata, and server-side operational data necessary to deliver curated catalogs, time-limited signed URLs for artwork retrieval, and import flows that copy selected community line art into your personal gallery storage. Community artwork is curated and supplied through our cloud infrastructure (including Firebase Cloud Functions, Cloud Firestore, and Cloud Storage).
3.4 Subscription and transaction-related data. In-app purchases are processed by Apple Inc. We do not receive your full payment card number. We process limited data elements necessary to verify entitlements and operate paid features, which may include Apple-provided transaction identifiers, subscription status signals, and related cryptographic materials (such as signed transaction representations) as transmitted by the App in accordance with Apple’s StoreKit rules.
3.5 Device, integrity, and abuse-prevention data. We process technical signals to protect the Services, including Firebase App Check attestations (such as DeviceCheck or App Attest on supported devices) and related integrity tokens. We also process a Device Identifier (for example, a per-install UUID) that the App transmits in hashed form to enforce per-device and per-account quotas and to mitigate abuse.
3.6 Diagnostics data. Subject to an in-app control, we may collect crash reports, stack traces, device model, operating system version, and related diagnostic metadata through Google Firebase Crashlytics. As represented in the App’s Settings, crash reporting is designed not to include your coloring pages or prompts; nonetheless, crash artifacts can sometimes include incidental technical context. You may disable crash reporting via Settings → Diagnostics → “Send crash reports”; the change takes effect the next time you open the App.
3.7 Server and security logs. We maintain logs for operations, security monitoring, troubleshooting, and abuse prevention. These logs may include timestamps, coarse technical identifiers (such as Account Data identifiers), error codes, request routing data, and similar metadata. They are not intended to be used for marketing profiling.
3.8 Local storage. Certain User Content and preferences may reside only on your device unless and until you use features that synchronize or back up content to our cloud environment.
3.9 Photos, microphone, printing, and sharing. Access to device capabilities (such as Photos, Microphone, printing, or share sheets) is invoked only to perform actions you initiate. We do not access the microphone for ambient listening, and we do not browse your photo library except as needed to carry out a user-directed import or save.
3.10 Aggregated or de-identified data. We may create aggregated or de-identified information that cannot reasonably be used to identify you, and we may use such information for analytics, product improvement, and security.
4. PURPOSES OF PROCESSING
We process personal information to: (a) provide, maintain, and improve the Services; (b) authenticate users and manage accounts; (c) generate, moderate, store, sync, and retrieve User Content; (d) operate community features; (e) verify subscriptions and enforce entitlements; (f) protect the security and integrity of the Services, including fraud prevention, rate limits, and quota enforcement; (g) comply with law and respond to lawful requests; (h) communicate service-related notices; and (i) analyze diagnostics where enabled.
5. LEGAL BASES (WHERE APPLICABLE)
Where the EU General Data Protection Regulation (“GDPR”) or similar laws apply, we rely on one or more of the following legal bases, as appropriate: performance of a contract; legitimate interests (such as securing the Services, preventing abuse, and improving reliability), balanced against your rights; compliance with legal obligations; and consent where required (for example, where mandated for certain analytics or optional features).
6. DISCLOSURES; SUBPROCESSORS
6.1 We disclose personal information to categories of recipients that include: (a) Google LLC and affiliates for Firebase, Google Sign-In, Crashlytics (if enabled), App Check, and related cloud infrastructure; (b) Apple Inc. for App Store payments and platform services; (c) providers of generative image models and moderation tools (for example, OpenAI or successor vendors) to the extent necessary to generate and moderate outputs; and (d) professional advisers, auditors, or authorities where required.
6.2 Processors are bound by contractual terms requiring appropriate confidentiality and security measures and, where applicable, data processing terms consistent with GDPR requirements.
6.3 We do not sell personal information within the meaning of the California Consumer Privacy Act, as amended (“CCPA/CPRA”), and we do not share personal information for cross-context behavioral advertising as defined under the CPRA.
7. INTERNATIONAL TRANSFERS
Personal information may be processed in the United States and other countries where we or our processors maintain facilities, including jurisdictions that may not be deemed to provide an adequate level of protection by your local supervisory authority. Where required, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms, together with supplementary measures we deem appropriate based on the nature of the processing.
8. DATA RETENTION
8.1 We retain personal information only for so long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
8.2 Account-related data is generally retained while your account remains active. User Content is retained until deleted by you, replaced through normal use, or removed through account deletion workflows, subject to reasonable propagation delays and backup cycles.
8.3 Logs and diagnostics are retained according to internal schedules aligned with security and operational needs. Backup systems may retain residual copies for a limited period until overwritten in the ordinary course.
9. SECURITY
We implement technical and organizational measures designed to protect personal information, including encryption in transit for network communications between the App and our services, access controls, and reliance on industry-standard cloud security controls provided by our processors. No method of transmission or storage is completely secure; you use the Services at your own risk to that extent.
10. YOUR RIGHTS AND CHOICES
10.1 Depending on your jurisdiction, you may have rights to access, rectify, delete, port, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.
10.2 The App provides in-product tools (where applicable) to delete account-associated data and to request a **ZIP export** of data tied to your account. Export requests are fulfilled server-side; we send a **time-limited HTTPS download link** (intended to remain valid for approximately **three days**) to the **email address on your Google account**. Exports are rate-limited (for example, you may not receive more than one export email within a short window). Access to the ZIP relies on that link and standard transport security; store the file promptly in a place you control.
10.3 Residents of California may have additional rights under the CCPA/CPRA, including rights to know, delete, and correct personal information, and to opt out of certain processing. Because we do not sell or share personal information for cross-context behavioral advertising as described in Section 6.3, we do not provide a “Do Not Sell or Share” link for those specific activities.
10.4 To exercise rights or submit privacy inquiries, use the contact channel in Section 12. We may need to verify your request consistent with applicable law.
11. CHILDREN’S PRIVACY
We do not knowingly collect personal information directly from children in a manner that would violate the U.S. Children’s Online Privacy Protection Act (“COPPA”) without appropriate parental authority. Where processing relates to a minor’s use of the Services, it is expected to occur under the supervision and Google-authenticated account of a parent or guardian. Parents or guardians may request access, correction, or deletion subject to verification and legal exceptions.
12. CHANGES TO THIS POLICY
We may update this Policy from time to time. We will post the revised Policy at the URL above and revise the “Effective date.” Where required by law, we will provide additional notice or obtain consent.
13. CONTACT
For privacy requests and questions regarding this Policy:
https://sites.google.com/brataas.io/coloringappforkids/support