KidSprout Privacy Policy

Effective date: June 27, 2026 · Operator: Akshana Enterprises LLC (Sproutopolis / KidSprout)

Contact: privacy@sproutopolis.com · Phone: (857) 264-0439 · Mailing address: 82 Wendell Ave., STE 100, Pittsfield, MA 01201, USA

1. Who this is for

KidSprout helps families discover and plan kids' activities. An adult (18+) holds the account and creates child profiles. This policy explains what we collect from children and parents, why, and your rights.

2. What we collect

From the account holder (adult): email, name, payment info (processed by Stripe — we never store card numbers), and an approximate location (ZIP code) used to surface activities near you (coarse — not precise GPS).

From/about the child (only after parental consent): a Profile name (a first name or nickname — we do not ask for a last or full name), birth year and month (we do not collect an exact date of birth), the child's interests, activity selections, weekly activity plan, and saved providers.

KidSprout does not use the microphone and does not collect a child's voice.

3. How we use it

To recommend age-appropriate local activities, build the family's weekly plan, personalize content to the child's age, and operate/secure the service. We do not sell children's data, do not use it for behavioral advertising, and do not send children's data to third-party AI/ad services. We use no third-party analytics or advertising SDKs.

4. Parental consent (COPPA)

We obtain verifiable parental consent before collecting any child data — via the parent's paid subscription (a card transaction) or an explicit in-app affirmation by the signed-in parent. A parent can review, or refuse further collection, at any time.

5. Your rights as a parent

• Review your child's data · Delete it · Refuse further collection.
• Delete in-app (Delete account) or email privacy@sproutopolis.com. We complete deletion within 30 days.

6. Who we share with (subprocessors)

Service providers that process data on our behalf under contract (DPAs): Supabase, Neon, Railway, Cloudflare, Apple/Expo, Stripe (parent payment). Activity listings come from public business data (e.g., Google Places) about providers — not children. A current subprocessor list is available on request at privacy@sproutopolis.com. We disclose data only as required by law.

7. Data retention, security, isolation

Kept while the account is active; deleted on request (§5). Security: encrypted in transit, row-level access controls, an audit log of access to children's data. Children's data is physically isolated from our unrelated business lines.

8. Changes & contact

We'll post changes here and update the effective date. Questions: privacy@sproutopolis.com.