Privacy Policy

Introduction

At Naniby, we take your privacy and the privacy of your children seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Services").

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree with these terms, please do not use our Services.

This policy is designed to comply with:

• General Data Protection Regulation (GDPR) – EU 2016/679
• California Consumer Privacy Act (CCPA)
• Children's Online Privacy Protection Act (COPPA)
• UK GDPR and Data Protection Act 2018

Information We Collect

1. Information You Provide to Us

We may collect information that you voluntarily provide to us when you:

• Create an account or register for our Services
• Subscribe to our newsletter or mailing list
• Contact us via email, contact form, or social media
• Participate in surveys, polls, or promotional activities

This information may include:

• Name and contact information: Name, email address, postal address, phone number
• Account credentials: Username, password (encrypted), security questions
• Payment information: Processed through secure third-party payment processors (we do not store complete credit card numbers)
• Profile information: Parent/guardian name, child's age range (if provided), preferences
• Communications: Messages, feedback, and other content you send to us

2. Information Automatically Collected

When you use our Services, we automatically collect certain information, including:

• Device and usage information: IP address, browser type, operating system, device type, unique device identifiers, mobile network information
• Log data: Access times, pages viewed, features used, errors encountered
• Location information: Approximate geographic location based on IP address (not precise GPS location)

3. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and track information about your browsing activities. See our Cookies and Tracking section below for more details.

4. Information from Third Parties

We may receive information about you from third parties, such as:

• Social media platforms (if you connect your account)
• Payment processors (when you make purchases)
• Analytics providers (aggregated, anonymized data)

How We Use Your Information

We use the information we collect for the following purposes:

• Provide and improve Services: To deliver, maintain, and improve our Services, including customer support
• Process transactions: To process payments, send confirmations, and manage subscriptions
• Communicate with you: To send updates, security alerts, and support messages
• Personalization: To customize your experience and provide relevant content
• Analytics and research: To analyze usage patterns, improve features, and develop new services
• Legal compliance: To comply with legal obligations and protect our rights
• Safety and security: To detect, prevent, and address technical issues and fraudulent activity

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we rely on the following legal bases:

• Consent: When you explicitly consent to specific processing activities
• Contract performance: To fulfill our obligations under our Terms of Service
• Legal obligation: To comply with applicable laws and regulations
• Legitimate interests: For purposes such as fraud prevention, network security, and improving our Services

Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow our Services to function properly.

Types of Cookies We Use

1. Essential Cookies (Required)

These cookies are necessary for the Services to function. They enable core functionality such as:

• User authentication and account access
• Security and fraud prevention
• Maintaining your session state

2. Analytics Cookies

We use analytics tools to understand how visitors use our Services:

• Google Analytics / similar tools
• Page views, user flows, and feature usage
• Device and browser information
• Anonymized and aggregated data only

3. Marketing Cookies

With your consent, we may use marketing cookies for:

• Displaying relevant advertisements
• Tracking campaign performance
• Personalizing content based on your interests

Third-Party Services

We may use third-party services that place cookies on your device:

• Google Analytics: Web analytics (see Google's Privacy Policy)
• Payment processors: Stripe, PayPal (see their respective privacy policies)
• Email service providers: For newsletter and transactional emails

Managing Cookies

You can control and manage cookies through:

• Browser settings: Most browsers allow you to block or delete cookies
• Cookie banner: Use our cookie consent banner to manage preferences
• Opt-out tools: Some third-party services offer opt-out mechanisms

Please note that disabling essential cookies may affect the functionality of our Services.

Third-Party Disclosure and Sharing

When We May Share Your Information

We do not sell your personal information. However, we may share your information with third parties in the following circumstances:

1. Service Providers

We work with trusted third-party companies to help us operate our Services:

• Cloud hosting providers (data storage, security)
• Analytics providers (usage insights)
• Payment processors (transaction processing)
• Email service providers (communications)
• Customer support platforms

These service providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your data.

2. Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (court orders, subpoenas, warrants)
• Government regulations or law enforcement inquiries
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

4. With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Data Transfers Outside Your Jurisdiction

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with applicable laws (e.g., GDPR Standard Contractual Clauses).

Data Security and Retention

Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Access controls: Strict access limits and authentication requirements
• Regular audits: Periodic security reviews and vulnerability assessments
• Secure development: Security best practices in software development lifecycle

Despite our best efforts, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

• Fulfill the purposes outlined in this Privacy Policy
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain business records as required by law

When you delete your account, we will delete or anonymize your personal information within a reasonable time period, except where retention is required by law.

Your Privacy Rights

Rights Under GDPR (EEA/UK Residents)

If you are located in the EEA or UK, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)

Rights Under CCPA (California Residents)

California residents have the following rights:

• Right to Know: Request disclosure of categories of personal information collected and used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@naniby.com. We will respond to your request within 30 days (or as required by applicable law).

Children's Privacy (COPPA Compliance)

Our Commitment to Children's Privacy

Naniby is designed for families with young children. We are committed to protecting the privacy of children and comply with the Children's Online Privacy Protection Act (COPPA) and other applicable children's privacy laws.

Information Collection from Children

We do NOT knowingly collect personal information from children under 13 without parental consent.

If our Services are directed to children under 13:

• We obtain verifiable parental consent before collecting personal information
• We provide parents with direct notice of our information practices
• We offer parents review and deletion rights for their child's information
• We do not condition participation on collection of more personal information than necessary

Parental Controls and Access

Parents and guardians have the right to:

• Review the personal information we have collected about their child
• Request deletion of their child's personal information
• Refuse to permit further collection or use of their child's information
• Opt-out of certain data collection activities

To exercise these rights, parents may contact us at hello@naniby.com with "COPPA Request" in the subject line.

School and Educational Use

If our Services are used in educational settings, we may collect information from students with school consent. Schools have the ability to review and delete student information.

Additional Safeguards for Children

• No behavioral advertising targeted at children
• No location tracking for children
• Limited data collection to what is necessary for the service to function
• Enhanced security and privacy measures for children's accounts

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices and Services
• Changes in applicable laws and regulations
• Technical and operational improvements
• Feedback from our users

Notification of Changes

We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification (if you have an account)
• Displaying a prominent notice in our Services

Your continued use of the Services after the effective date of the updated policy constitutes acceptance of the changes.

We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@naniby.app

Website: https://naniby.app

Data Protection Officer (EU/UK)

If you are located in the EEA or UK and have privacy-related concerns, you may also contact your local data protection authority:

• UK: Information Commissioner's Office (ICO) – ico.org.uk
• EU: Contact your national Data Protection Authority

We will respond to your inquiry within 30 days of receipt.