FFEAI Young Developer

Draft — pending legal review. This document is not yet effective and may change before launch.

EAI Young Developer · Privacy Policy
Status Draft v1.0 (initial publication-ready draft) · pending external counsel review
Effective Date [TBD upon launch]
Last Updated 2026-05-29
Version v1.0

A short summary for young readers. EAI Young Developer is a place where you build robot programs ("Skills") and share them with other kids. Before you can use it, your parent has to say yes — that's the law (it's called COPPA). We don't ask you for your real name, your email, your address, or your school. We don't show you ads. We don't sell anything you make. We keep your stuff safe. Your parent can look at your account, change things, or delete it any time. If you have any worries, talk to your parent or to a teacher you trust, and they can contact us at privacy@eai-kids.com.

§1. Introduction and Scope

EAI Young Developer ("Platform", "we", "us", "our") is an open K-12 robotic-programming community operated by [FF US Subsidiary Legal Entity Name], a Delaware corporation with its principal place of business at [Mailing Address] ("Company"). The Platform is accessible at eai-kids.com and its subdomains.

This Privacy Policy ("Policy") describes how we collect, use, disclose, and otherwise process personal information from and about visitors, registered users, and the parents and legal guardians of minor users. It applies to all features of the Platform, including the website, the web-based code editor, the simulator, the physical-robot deployment functionality, community interaction features, and learning resources (collectively, the "Service").

This Policy is one of the documents that together govern your relationship with the Platform. The complete documentation set is:

In case of conflict between this Policy and any other document in the set, the document more specifically governing the matter at issue prevails, except that the Youth Developer Agreement controls all matters of parental consent, the scope of the parent's authority over a minor's account, the IP license granted by a Rightsholder, and hardware-safety obligations.

§1.1 The Service in Brief

The Platform is an open community modeled on Scratch and micro:bit. Registered users author code projects ("Skills") in a block-based or text-based editor. They run those Skills in a simulator and, where physical hardware is available and a parent has authorized it, on a physical FF EAI Brain robot (Futurist, Master, FX Aegis, FX Navi, or other supported model). Published Skills are licensed under Creative Commons Attribution-ShareAlike 4.0 International ("CC BY-SA 4.0"); other Platform users may browse, download, and Remix them.

The Service is non-commercial within the community. We do not charge usage fees, do not sell user-published Skills, do not run advertising, do not accept tips, and do not issue any virtual currency. We do not sell or share personal information for cross-context behavioral advertising in any age band.

§1.2 Age and User Categories

The Platform serves four age bands and one adult category, with distinct privacy treatments:

Category Ages Privacy Treatment
Younger child 5–7 Verifiable Parental Consent (VPC) required; templated-creation mode; system-generated random username; account managed by Parent
Older child 8–12 VPC required; standard editor; randomized-username recommendation; account managed by Parent
Teen 13–17 VPC required (consistent with the Youth Developer Agreement); standard editor; account managed by Parent, with age-appropriate self-management privileges where consistent with parental supervision
Adult 18+ (teachers, parents, community contributors) Self-consent; account managed by user
Visitor Any May browse public-facing pages and published Skills; minimal processing only

For purposes of this Policy, "Minor" or "Minor User" means any registered user aged 5 through 17 inclusive. "Parent" means the parent or legal guardian who has provided VPC and signed the Youth Developer Agreement on the Minor's behalf.

The VPC scope for ages 13 through 17 is broader than the federal floor of the Children's Online Privacy Protection Act (COPPA), which by its terms applies only below age 13. We have adopted the broader scope as a deliberate child-protection posture consistent with the Youth Developer Agreement and applicable state-law minor-protection regimes.

§1.3 Geographic Scope

The Service is primarily operated for users in the United States. We accept users from other jurisdictions and apply additional protections where local law sets a higher standard than this Policy. See §12 for jurisdiction-specific provisions (California, EEA/UK, mainland China, others).

§2. Information We Collect

We collect personal information directly from registered users (Minors and adults), from Parents during the VPC flow, and automatically when any person interacts with the Service. The categories below are exhaustive: if a category is not listed here, we do not collect it.

§2.1 Information We Collect From a Minor

Category Examples Source
Account identifiers Username (chosen by the child or parent at registration; for ages 5–7 a system-generated random username is required); hashed password; age band (5-7, 8-12, 13-17); account creation timestamp At registration; subsequent updates
Profile attributes Avatar selection from ~50 Platform-preset illustrated avatars; nickname (separate from username); theme and accessibility preferences At registration; user updates
User-generated content Block-based or text-based code in published or draft Skills; project title, description, tags; auto-generated thumbnail of the running Skill When a Skill is saved or published
Community interactions Comments (only preset phrases plus emoji reactions; no free-text), follows, likes, favorites, Remix actions, reports filed During use
Activity logs Login timestamps, page views, publish events, download events for others' Skills, IP address (in standard server logs), browser/user-agent string Automatically during use
Robot operational data Where a Skill is deployed to a physical FF EAI Brain robot connected through the Service: command logs, motion telemetry, sensor envelopes, and execution outcomes — see §8 and Youth Developer Agreement §7A Only when physical hardware is connected and the Parent has consented

We do not collect from a Minor: the Minor's first or last name, full date of birth (only the age band), email address, telephone number, postal address, school name, precise geolocation, biometric identifiers, uploaded photographs, uploaded videos, uploaded audio files, uploaded 3D models, or any other media file. These collection limits are enforced at the database schema level (see §10) and reflect the Platform's data-minimization design.

§2.2 Information We Collect From a Parent

Category Examples Source
Parent email address ("Parent Email") The email a parent registers for VPC, password recovery, COPPA notices, and parental-rights requests Parent-supplied at registration
VPC verification record Confirmation that email-plus consent was completed; reference number of a signed consent form (fallback method, if used); timestamp of consent; verification method used; consent version Generated during the VPC flow per 16 CFR §312.5(b)(2)
Parent contact details Name and relationship to the Minor as disclosed on the Youth Developer Agreement Schedule A Parent-supplied during VPC
Communications history Records of email communications between the Parent and the Platform During use

Parent Email and VPC verification records are held in an independent "parent personal information table" (parent_pii) keyed by a one-way hash to the related child account record. Parent personal information is treated as parent personal information for purposes of COPPA; we apply commensurate protections to it but it is not "personal information from a child" within the meaning of 16 CFR §312.2.

§2.3 Information We Collect From an 18+ User

A user aged 18 or older may register as a teacher, parent, or community contributor. We collect: email address, hashed password, display name, profile information the user chooses to provide, and the same activity logs and user-generated content categories listed in §2.1. 18+ users self-consent; VPC does not apply.

§2.4 Information We Collect From Visitors

A visitor (any person who accesses the Service without logging in) generates only standard server-log information (IP address, browser/user-agent string, requested URL, referrer where present, timestamp) and the cookies described in the Cookies and Tracking Technologies Notice. We do not assemble visitor profiles, and we do not use visitor data for advertising.

§2.5 Persistent Identifiers Used Solely for Service Operations

Where the Service uses persistent identifiers within the meaning of 16 CFR §312.2 (for example, session cookies or rotated analytics identifiers), those identifiers are used solely to support the internal operations of the Service within the meaning of 16 CFR §312.5(c)(7) and the COPPA-Rule definitions, and are not used to contact a specific individual, to deliver targeted advertising, or to amass cross-context profiles. See Cookies and Tracking Technologies Notice §§3, 5 for the cookie inventory.

§3. How We Use Personal Information

We use the personal information described in §2 only for the purposes enumerated below. We do not use Minor personal information for any purpose not listed here without first obtaining additional VPC.

  1. Provide and operate the Service: create and authenticate accounts; render Skills; enable publishing, browsing, Remixing, and downloading; deploy Skills to connected physical robots; render community interaction features.
  2. Safety and abuse prevention: pre-publish and post-publish content moderation; detect and respond to abuse, harassment, or hazardous content; investigate user reports; enforce the Community Guidelines and the Youth Developer Agreement; respond to law-enforcement requests as legally required.
  3. Service quality: monitor performance using aggregated or de-identified telemetry; investigate and fix bugs; improve usability.
  4. Communicate with you and with Parents: send transactional emails (password resets, parental-rights confirmations, material-change notices, security alerts); reply to support inquiries.
  5. Comply with law: respond to lawful requests from regulators and law-enforcement; satisfy our recordkeeping obligations under 16 CFR §312.10 (VPC retention) and 17 USC §512(c)(2) (DMCA Designated Agent records); satisfy state breach-notification obligations; meet tax and accounting requirements applicable to the Company.
  6. Protect rights and resolve disputes: enforce our Terms of Service; resolve disputes; protect the rights, property, or safety of the Platform, our users, or the public.

We do not use Minor personal information for: advertising of any kind, behavioral profiling, sale or share for cross-context behavioral advertising as defined in CCPA §1798.140, or training of general-purpose AI models. See §7 for the AI/ML use restrictions.

§4. Verifiable Parental Consent (VPC)

The Platform requires Verifiable Parental Consent before a Minor's account is activated. VPC is obtained at registration and recorded in compliance with 16 CFR §312.5 and §312.10.

§4.1 Methods We Use

We offer VPC through the following methods enumerated in 16 CFR §312.5(b)(2):

  • Email-plus (§312.5(b)(2)(vi)) — our primary method. We send a consent request to the Parent's email, the Parent confirms, and we take an additional confirming step (a follow-up confirmation). This method is available because the Platform does not disclose a child's personal information to third parties, and a child's public username and Skills are randomized / non-identifying by design. No credit card or payment is required.
  • Signed consent form (§312.5(b)(2)(i)) — higher-assurance fallback; a downloadable form returned by electronic scan, used where a higher level of assurance is required (for example, v1 robot features that capture a child's voice or image, which are categorical PII with no internal-operations exception)

The Parent completes VPC during the flow. We do not charge any fee and do not condition the Service on payment.

§4.2 Relationship to the Direct Notice

Before the Parent signs the Youth Developer Agreement, we deliver the COPPA Direct Notice to Parents as a separate document. The Direct Notice is the notice required by 16 CFR §312.4(c). This Policy is the longer, fully detailed disclosure document referenced by the Direct Notice.

§4.3 Recording and Retention of VPC

We retain the VPC record (verification method used, timestamp, anonymized verification reference) for the period reasonably necessary to provide the Service to the Minor, plus an additional two years after the Minor's account is closed for purposes of regulatory recordkeeping and dispute resolution. After that period, we delete the VPC record from production systems within 30 days and from backups within an additional 30 days.

§4.4 Re-Consent Triggers

We will obtain renewed VPC from the Parent if:

  • We materially change the categories of information collected from Minors;
  • We materially change the purposes for which Minor information is used or disclosed; or
  • A change of operator (corporate sale, merger, or asset transfer) results in a new entity controlling Minor personal information that is inconsistent with the consent originally obtained.

A change that merely tightens our practices, or that adds additional protections without expanding collection or use, does not trigger re-consent.

§5. Parental Rights

The Parent of a Minor has the following rights under COPPA and this Policy.

§5.1 Right to Review

Upon request from the Parent verified through the Parent Email or another reasonable identity-verification method, the Parent may review the personal information we have collected from the Minor. We will provide a structured export within 15 business days of receipt of a verified request.

§5.2 Right to Refuse Further Collection and Use

The Parent may at any time direct us to stop further collection of personal information from the Minor. We will honor the direction within 5 business days. Where the direction makes continued operation of the Service impossible (for example, where the Parent refuses any further collection of activity logs), we may suspend the Minor's account.

§5.3 Right to Delete

The Parent may direct us to delete the Minor's account and associated personal information. Upon receipt of a verified deletion request:

  • We confirm receipt within 24 hours.
  • We complete deletion in production systems within 5 business days.
  • We complete unwinding of associated data in backups, analytics pipelines, and any moderation-model training sets within 30 days.
  • Where law requires us to retain certain records (for example, VPC records under 16 CFR §312.10 or DMCA records under 17 USC §512), we retain only the minimum record required and provide the Parent with written notice of the basis and expected retention period.

Copies of the Minor's published Skills that other users have already downloaded or Remixed under CC BY-SA 4.0 are not retroactively recalled; the published-version license is irrevocable as to copies already lawfully obtained. Future distribution of the Minor's Skills from our systems ceases at deletion.

§5.4 Right to Revoke Consent

The Parent may revoke VPC at any time. Revocation has the same effect as a deletion request.

§5.5 How to Exercise Rights

The Parent may exercise the rights in this section through any of the following channels:

  • Parent Portal: log in at eai-kids.com/parent/[token] (the link is sent to the Parent Email)
  • Email: send a request from the registered Parent Email to privacy@eai-kids.com
  • Postal mail: [FF US Subsidiary Legal Entity Name], [Mailing Address]

We do not require the Parent to create a separate account, complete more than two steps in the one-click deletion flow, or pay any fee to exercise these rights.

§6. Data Sharing and Third-Party Service Providers

We share personal information only as described in this section. We do not sell or rent personal information of any user, and we do not share personal information for cross-context behavioral advertising or third-party marketing.

§6.1 Categories of Recipients

We share personal information with the following categories of recipients, each subject to written Data Processing Agreements ("DPAs") consistent with §6.4.

Category Purpose Examples
Cloud infrastructure Hosting, storage, content delivery AWS (primary), Vercel (static asset delivery), Cloudflare (CDN and child-safe DNS)
Content moderation Pre-publish and post-publish review of Skills, titles, descriptions, comments Azure Content Moderator; OpenAI Moderation API (operated in zero-data-retention mode); Google reCAPTCHA Enterprise (score-only, fingerprinting disabled)
Error monitoring Diagnostic stack traces and request metadata Sentry (PII scrubbing enabled by default)
Transactional email Delivery of password resets, VPC confirmations, material-change notices Postmark (preferred); SendGrid (backup)
VPC verification Transactional email delivery for email-plus consent (§312.5(b)(2)(vi)) Our transactional email provider (used only to send and confirm the parental-consent request; no payment processor involved)
Analytics Aggregated traffic and Core Web Vitals telemetry Self-hosted (Plausible / Umami / PostHog deployed under our control); no third-party SaaS analytics receives Minor data
Robot connection Pairing between the Service and a physical FF EAI Brain robot owned by the user's family The robot's manufacturer-provided pairing service, subject to a separate DPA
Law enforcement and regulators Response to lawful requests; mandatory reports (NCMEC, etc.) NCMEC CyberTipline (for CSAM reports per 18 USC §2258A); federal, state, and local law enforcement as legally required

§6.2 Vendor List Maintenance

We maintain the complete vendor list as of the date of this Policy. We will publish a material-change notice via Parent Email and in-platform banner at least 30 days before adding a new vendor that processes Minor personal information or before materially changing the data flowing to an existing vendor. The same 30-day notice applies before a vendor's own privacy policy change becomes effective for our processing.

§6.3 Prohibited Vendor Categories

We do not engage, and we do not permit our vendors to subcontract to:

  • Advertising SDKs (Google AdSense, Facebook Pixel, AppLovin, and similar)
  • Behavioral-tracking SDKs in default configurations (Mixpanel, Amplitude, Hotjar, FullStory, and similar)
  • Third-party persistent-identifier vendors for cross-context profiling
  • Any vendor that uses children's data for purposes of targeted advertising or to train general-purpose AI models

This is a categorical prohibition. The lesson of In re YouTube/Google, FTC No. C-4685 (2019) (US$170M civil penalty for COPPA violations associated with persistent-identifier ad targeting on child-directed content), is built into our vendor architecture.

§6.4 Vendor Commitments: the "No Lower Than" Standard

Each vendor that processes Minor personal information must commit in its DPA to data-handling standards no lower than the standards established in this Policy. Specifically, the DPA must require the vendor to:

  1. Use Minor personal information only for the purposes we direct;
  2. Not use Minor personal information to train its own models for sale to third parties (zero-data-retention configurations, where available, are required);
  3. Not retain Minor personal information beyond the period necessary to provide the contracted service;
  4. Notify us within 72 hours of any suspected or actual breach affecting Minor personal information;
  5. Pass equivalent requirements down to any sub-processor;
  6. Cooperate with parental rights requests we forward.

If a vendor's policy or practice changes in a way that conflicts with this standard, we will (a) require the vendor to revise its policy back to compliance, (b) replace the vendor, or (c) cease using the data flow that triggered the conflict, within a reasonable transition period.

§6.5 Disclosures Required by Law

We may disclose personal information when we believe in good faith that disclosure is required to: comply with a subpoena or court order; respond to a lawful regulatory or law-enforcement request; report mandated content (such as suspected child sexual abuse material to NCMEC per 18 USC §2258A); enforce our Terms of Service; or protect the rights, property, or safety of the Platform, our users, or the public. We narrow each disclosure to the minimum information necessary and, where consistent with legal obligation and safety, notify the affected user.

§6.6 Business Transfers

If we are acquired, merged, or sold, or if we sell substantially all of our assets relating to the Service, personal information may be transferred as part of the transaction. We will provide notice via Parent Email and in-platform banner at least 30 days in advance and the successor will be bound to provide protections no less protective than this Policy. A change that would materially expand collection or use of Minor personal information will trigger re-consent under §4.4.

§7. AI and Machine Learning

We use machine-learning systems internally for content moderation and abuse detection. We do not use Minor personal information to train any general-purpose AI model.

§7.1 Internal Moderation Models

We may train moderation-only models (such as personal-information detection, inappropriate-content classification, and spam-comment detection) on Minor personal information solely for the purpose of moderating the Service. Such moderation models:

  • Are deployed only on the Service and not sold, licensed, or otherwise distributed externally;
  • Are subject to per-source data-lineage tracking, so that a Parent's deletion request triggers unwinding of the affected data from the relevant training set and incremental retraining of the model, as technically practicable, within the timelines stated in §5.3;
  • May be supplemented by third-party moderation APIs (Azure Content Moderator, OpenAI Moderation, etc.) only in zero-data-retention configuration, contractually preventing those vendors from training their models on data we send.

§7.2 Prohibited AI Uses

We do not use, and we do not permit any vendor to use, Minor personal information for any of the following purposes:

  • Training general-purpose large language models or foundation models;
  • Training motion-control or perception models intended for non-Service use;
  • Behavioral profiling of Minors for commercial or research purposes unrelated to operating the Service;
  • Generative output that incorporates a Minor's data in a way that could be reproduced for an unrelated user.

The FTC's algorithmic-disgorgement remedy applied in In re Amazon (Alexa), FTC No. C-4791 (2023) (US$25M) and In re WW Int'l (Kurbo), FTC No. C-4773 (2022) (US$1.5M) underlies this categorical prohibition.

§7.3 AI Coding Assistance

If at a future date we offer an AI-assisted coding feature (such as code completion in the editor), we will: clearly label AI-generated suggestions in the user interface; not use Minor inputs to train any model external to the Service; and obtain additional VPC if the new feature materially changes the categories of information used.

§8. Embodied AI Operational Data (Physical-Robot Use)

When a Minor User runs a Skill on a physical FF EAI Brain robot connected to the Service, the robot and our systems exchange operational data described in Youth Developer Agreement §7A. For the avoidance of doubt:

  • Audio captured by a robot's microphone and video or images captured by a robot's camera that contain a child's image or voice are personal information within the meaning of 16 CFR §312.2, regardless of how the data is later processed, aggregated, or de-identified.
  • We do not stream or retain audio or video containing a child's image or voice for any purpose unless the Parent has provided additional, specific VPC for that purpose under a separate consent flow.
  • Aggregate motion telemetry, sensor envelopes, command logs, and execution outcomes that do not contain a child's image or voice may be processed under the general VPC for purposes of operating the Service, diagnosing failures, and safety monitoring within the meaning of §3 above.
  • The categorical prohibitions in §7.2 apply with full force to Embodied AI Operational Data.

We will not use Embodied AI Operational Data for training general-purpose AI models, and we will not sell or share Embodied AI Operational Data with third parties, except as described in §6 for service operation.

§9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in §3, unless a longer retention period is required or permitted by law.

Category Retention Period Notes
Active account record (Minor) Lifetime of the account Deleted within 5 business days of a verified deletion request per §5.3
Active account record (18+) Lifetime of the account User-initiated deletion at any time
Parent personal information table (parent_pii) Bound to the lifetime of the child account; deleted in synchrony with the child account Cascade-trigger on child account deletion
VPC record Two years after child account closure Per 16 CFR §312.10 and recordkeeping for dispute resolution
Published Skill (CC BY-SA 4.0) Indefinite, until user deletion Copies already downloaded or Remixed remain valid under the license
Activity logs (login, publish, download events) 12 months in production; aggregated/anonymized after Used for safety, abuse prevention, and service operation
Server logs (IP address, user-agent) 30 days Used for security and abuse prevention
Cookies See Cookies Notice Per-cookie retention disclosed there
Embodied AI Operational Data 90 days (aggregate motion telemetry); audio/video containing child image or voice: not retained without separate VPC See §8
Content-moderation reports and records 24 months after final disposition Supports the Community Guidelines appeals process and §230 good-faith showing
DMCA notice and counter-notice records Per 17 USC §512(c)(2) recordkeeping practice (commonly 5 years) See DMCA Policy
Communications history (Parent ↔ Platform) 24 months Customer-service quality and dispute resolution
Records subject to a legal hold As required by the hold Notice given to affected user when consistent with the underlying legal process

Where law sets a longer minimum retention period, the longer period applies. Where law requires earlier deletion, the shorter period applies.

§10. Data Security

We maintain a written information security program that includes administrative, technical, and physical safeguards reasonably designed to protect personal information against unauthorized access, use, disclosure, alteration, or destruction.

Our principal safeguards include:

  • Schema-level enforcement of data-minimization: database CHECK constraints prevent storage of categories of information we have committed not to collect (for example, email IS NULL on the child-account table)
  • Encryption in transit for all connections to the Service (TLS 1.2 or higher)
  • Encryption at rest for personal-information databases
  • Hashed and salted passwords using bcrypt or argon2 with industry-standard work factors; plaintext passwords are not retrievable by any Platform employee
  • Independent storage of Parent personal information (the parent_pii table) linked to the child account record through a one-way hash, reducing exposure if either store is compromised
  • Access controls limiting employee access to personal information to a least-privilege basis with logged audit trails
  • Vendor security commitments under the DPA framework described in §6.4
  • Annual security assessments including penetration testing of customer-facing endpoints
  • Incident response procedures as described in §11
  • Zero-data-retention configuration for third-party moderation APIs that process Minor inputs

No security program is impenetrable. We cannot guarantee absolute security and do not warrant that the safeguards described above will be sufficient against all attacks. We commit to the standards above and to the breach-notification obligations in §11.

§11. Data Breach Notification

In the event of a suspected or confirmed unauthorized access to, acquisition of, or use of personal information, we will: investigate promptly; contain the incident; notify affected users and Parents in accordance with the breach-notification statute of each applicable jurisdiction; and notify regulators as required.

We notify by:

  • Email to the registered user (for 18+ accounts) or the Parent Email (for Minor accounts);
  • In-platform banner where appropriate; and
  • Posting at eai-kids.com/security-notices for significant incidents affecting a class of users.

We undertake to notify within the timelines set by the most stringent applicable law and, in any event, without unreasonable delay. The specific information categories implicated, jurisdictional triggers, and our cooperative posture with regulators are detailed in our internal incident-response plan, which is summarized publicly in the event of any reported incident.

For purposes of this section, the categories of "personal information" subject to breach notification are construed broadly to include any data within the scope of the applicable state breach-notification statute and, additionally, any data that would constitute a child's personal information within the meaning of 16 CFR §312.2. Because our schema does not collect classical personal-information categories (full name, social security number, address, exact date of birth, financial account numbers, biometrics) from Minors, the practical universe of breach-notifiable Minor data is limited to: Parent email addresses, password hashes, account metadata, and content-moderation records that may contain user-submitted personal details. We adopt a precautionary posture: in case of doubt, we notify rather than withhold.

§12. International Users

The Service is primarily operated for users in the United States. The following supplemental provisions apply where users reside in the listed jurisdictions and prevail in case of conflict with other provisions of this Policy.

§12.1 European Economic Area, United Kingdom

For users residing in the EEA or the United Kingdom, processing is implemented in compliance with Regulation (EU) 2016/679 ("GDPR") and applicable Member State or UK domestic legislation. Specifically:

  • Age of consent under Article 8: where the user's Member State sets a digital age of consent higher than the United States' 13-year threshold, our VPC obligation applies up to that higher age (Member States set 13 to 16; the UK sets 13). Because our VPC scope already extends to 17 for all users globally, this Member-State variation does not require additional measures from us.
  • Data-subject rights under Articles 15 through 22 (access, rectification, erasure, restriction, portability, objection): requests may be sent to privacy@eai-kids.com and we will respond within 30 days, extendable to 90 days for complex requests with written notice.
  • Lawful basis: for Minor accounts, our lawful basis is parental consent under Article 6(1)(a) combined with Article 8. For 18+ users, the lawful basis is consent or contract, depending on the processing.
  • International transfers: where we transfer personal data from the EEA/UK to the United States, we rely on Standard Contractual Clauses approved by the European Commission and, where applicable, the EU-US Data Privacy Framework. Additional safeguards are implemented as required by the Schrems II judgment (Case C-311/18) and successor authority.
  • Right to lodge a complaint: EEA/UK users may complain to their national supervisory authority. We will provide contact information for the relevant authority on request.

§12.2 California (CCPA / CPRA and Related State Laws)

For California residents, we comply with the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.) as amended by the California Privacy Rights Act ("CCPA/CPRA") and related California minor-protection statutes (CA SB 976, CA AB 2273, CA AB 1394 as applicable). Specifically:

  • Categories of personal information collected: as enumerated in §2 above.
  • Categories of sources: directly from the user and the Parent, automatically through interaction with the Service, and from our service providers.
  • Categories of recipients: as enumerated in §6.1 above.
  • Business or commercial purposes: as enumerated in §3 above.
  • Sale and share: we do not sell or share personal information for cross-context behavioral advertising. This is a categorical no-sale, no-share posture across all age bands. We honor the Global Privacy Control (Sec-GPC: 1) signal as a verified consumer request to opt out of sale and share; see Cookies Notice §8.
  • Sensitive personal information: where any data we collect is sensitive personal information under CCPA, we use it only for the limited purposes enumerated in §1798.121(a).
  • Consumer rights: California residents have rights to know, delete, correct, opt out of sale or share, limit use of sensitive personal information, and non-discrimination for exercising these rights. Requests may be sent to privacy@eai-kids.com; we respond within 45 days, extendable to 90 days for complex requests.
  • Authorized agents: a California resident may designate an authorized agent to act on the resident's behalf, subject to identity verification.
  • Minor-specific protections: SCOPE-Act-style commitments — no targeted advertising to known minor users; no algorithmic recommendation feed for minor users by default; no precise geolocation collection from minors; one-click parental account access and deletion per §5.

§12.3 Other US States

We implement substantially equivalent rights for residents of other US states with comprehensive privacy laws (including but not limited to Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and Washington), responding to the most rights-protective interpretation where statutes diverge. The Texas SCOPE Act, New York SAFE for Kids Act, and Illinois SOPPA additionally inform our posture toward minor users. Where a state law sets a higher minor-protection standard than this Policy, the higher standard applies.

§12.4 Mainland China

For users residing in mainland China, processing is implemented in compliance with the Personal Information Protection Law ("PIPL") and the Regulations on the Network Protection of Minors. Specifically:

  • Article 31 PIPL: processing of personal information of minors under the age of 14 requires the consent of a parent or other guardian. Our VPC requirements (which apply to all users under 18 globally) satisfy this requirement for the 14-and-under cohort in mainland China.
  • Withdrawal of consent: users (or their guardians) may withdraw consent through privacy@eai-kids.com. We respond within 15 business days.
  • Cross-border transfer: where regulated, we implement the measures required for cross-border transfer of personal information of mainland China users, including, where applicable, security assessments approved by the Cyberspace Administration of China or other approved transfer mechanisms.
  • The full applicability of mainland China legal requirements depends on whether the Service is offered to users in mainland China in the relevant period; consult our then-current operations for current status.

§12.5 Other Regions

For users residing in other jurisdictions, we apply local minor-protection requirements where they are equivalent to or higher than the standards in this Policy. If you reside in a jurisdiction not listed and have a question, contact privacy@eai-kids.com.

§13. California-Specific Disclosures and Other US State Notices

In addition to the disclosures in §12.2 and §12.3:

  • Do Not Track: we honor the DNT: 1 browser header in the same way we honor Sec-GPC: 1, recognizing that DNT has been deprecated by major standards bodies but providing the protection nonetheless.
  • Shine the Light (Cal. Civ. Code §1798.83): California residents may request information about disclosures of personal information to third parties for the third parties' direct-marketing purposes. We do not disclose personal information to third parties for direct-marketing purposes; our response to any such request will so state.
  • Eraser Button for minors (Cal. Bus. & Prof. Code §22581): minor users (or their Parents) may request removal of content the minor has posted to the Service; requests may be made through the Parent Portal or privacy@eai-kids.com.

§14. Cookies and Tracking Technologies (Summary)

The Service uses a small set of cookies and similar tracking technologies. The complete inventory and the controls available to users are described in the Cookies and Tracking Technologies Notice. The Notice forms part of this Policy by reference.

Key commitments:

  • We use only strictly-necessary, functional, and self-hosted analytics cookies. We do not use third-party advertising or behavioral tracking SDKs.
  • We honor Sec-GPC: 1 and DNT: 1 signals as opt-out requests.
  • The cookie banner does not preselect "Accept All" and provides a one-click "Reject" with equal prominence.
  • For minor accounts, analytics is off by default regardless of banner selection.

§15. Children's Online Privacy (COPPA Summary)

This section is provided as a navigation aid; the full COPPA-specific disclosures are in the COPPA Direct Notice to Parents, in §4 and §5 of this Policy, and in the Youth Developer Agreement.

We are subject to COPPA (15 USC §§ 6501-6506) and the COPPA Rule (16 CFR Part 312, as amended effective April 22, 2026). Our practices implementing those obligations are as follows:

  • We provide separate Direct Notice to the Parent before collecting any personal information from a Minor (§4.2).
  • We obtain Verifiable Parental Consent before activating a Minor's account (§4).
  • We collect no more personal information from a Minor than is reasonably necessary to operate the Service (§2.1).
  • We do not condition a Minor's participation on disclosure of more personal information than is reasonably necessary.
  • We do not use Minor personal information for behavioral advertising or third-party marketing (§3, §7).
  • We do not share Minor personal information with third parties for their independent commercial purposes (§6).
  • We provide a streamlined process for the Parent to review, refuse further use of, delete, and revoke consent for the Minor's personal information (§5).
  • We retain Minor personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected (§9).
  • We maintain reasonable security to protect personal information (§10).

If you believe a child's privacy has been violated by our Service, please contact privacy@eai-kids.com. The FTC's consumer-protection resources for COPPA are available at https://www.ftc.gov/coppa.

§16. Changes to This Policy

We may modify this Policy from time to time.

  • Non-material modifications (correction of typographical errors, link fixes, formatting changes) take effect upon posting.
  • Material modifications affecting your substantive rights or our processing of Minor personal information are subject to:
    • At least 30 days' advance notice via Parent Email (for Minor accounts) or the user's own email (for 18+ accounts);
    • At least 30 days' advance notice via prominent in-platform banner;
    • For Minor accounts, a re-consent prompt under §4.4 where the modification expands collection or use; and
    • Maintenance of a complete version-history audit log retained for regulatory and judicial evidentiary purposes.

If you do not consent to a material modification, you may close your account before the effective date. Continued use after the effective date constitutes acceptance.

§17. Contact

Purpose Contact
Privacy questions and parental-rights requests privacy@eai-kids.com
Emergency child-safety reports (CSAM, suicide, bullying, abduction, grooming) safeguarding@eai-kids.com
General reports and content complaints reporting@eai-kids.com
DMCA infringement notices and counter-notices dmca@eai-kids.com
General legal and dispute matters legal@eai-kids.com
Postal mail [FF US Subsidiary Legal Entity Name], Attn: Privacy Officer, [Mailing Address]

Privacy Officer / Data Protection Officer (EEA/UK): requests under GDPR Articles 13(1)(b), 14(1)(b), or 37–39 may be addressed to privacy@eai-kids.com, marked Attn: DPO.

§18. Version

Item Content
Version v1.0 (Initial publication-ready draft, pending external counsel review)
Drafting Date 2026-05-29
Effective Date [TBD upon launch]
Last Updated 2026-05-29
Companion Documents Terms of Service · COPPA Direct Notice · DMCA Policy · Community Guidelines · Cookies Notice · Youth Developer Agreement · Code of Conduct

End · For questions, contact privacy@eai-kids.com. For young readers — talk to your parent or a trusted adult, and ask them to write to us.