Privacy policy

Last updated:

Oct 29, 2025

Last updated: 26-10-2025

This Privacy Policy explains how SWARM for Kids (“App”, “we”, “our”, “us”) collects, uses, stores, and protects personal information from children and their parents or legal guardians. We are committed to ensuring child safety, privacy, and compliance with:

  • General Data Protection Regulation (GDPR-K) for children in the European Union (Article 8 of the GDPR), and

  • Children’s Online Privacy Protection Act (COPPA) for users under 13 years old in the United States.

If you are a parent or guardian, please review this policy carefully. By using our App, you agree to its terms.

1. Who We Are

SWARM for Kids is operated by SWARM LTD, headquartered at to be determined. If you have questions or concerns, contact us at privacy@swarm.kids.

Our appointed Data Protection Officer (DPO) can also be reached through the same address.

2. What Information We Collect

We collect minimal data necessary to provide a safe and personalized learning experience.

2.1. Information Provided by Parents

  • Name and email address.

  • Payment and billing information (if subscribing).

  • Parental consent verification data.

2.2. Information About the Child

  • First name or nickname.

  • Age range (not exact birth date).

  • Language preferences.

  • Progress and achievements in learning activities.

  • Voice data processed in real-time during learning sessions (not stored without consent).

2.3. Technical and Usage Data

  • Device type and operating system.

  • Session duration, lesson interactions, and anonymized IP addresses.

  • Diagnostic data to monitor app performance.

We do not collect or store:

  • Geolocation data.

  • Contacts or photos.

  • Any data unnecessary for educational functionality.

3. How We Use the Data

We process data only for legitimate educational and operational purposes:

  • Delivering and customizing lessons.

  • Tracking child progress and engagement.

  • Sending progress updates and notifications to parents.

  • Maintaining App functionality and security.

  • Complying with legal requirements (GDPR-K / COPPA).

4. Legal Basis for Processing

For users in the European Union, processing of children’s personal data is based on explicit parental consent (GDPR Article 8).

For users in the United States, we comply with COPPA Section 312.5, obtaining verifiable parental consent before any collection.

5. Data Hosting and Security

We host and process all data securely on Microsoft Azure infrastructure within the European Union (EU).

Azure Security Measures:

  • Encryption: AES-256 at rest and TLS 1.3 in transit.

  • Regional storage: All data hosted in EU data centers.

  • Access control: Role-Based Access Control (RBAC) via Azure Active Directory.

  • Key management: Azure Key Vault for encryption keys.

  • Monitoring: Continuous vulnerability management and intrusion detection.

We perform regular security audits and comply with ISO 27001 and SOC 2 standards.

6. Third-Party Services

We integrate with select, privacy-compliant third-party services that help us operate SWARM for Kids securely and efficiently. All third-party processors are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) to ensure GDPR and COPPA compliance.

6.1. Supabase (Database and API Layer)

We use Supabase as our managed database and API platform to store and retrieve educational and user-related data.

  • Supabase operates on secure PostgreSQL infrastructure hosted in the European Union.

  • All connections are encrypted using TLS 1.3, and stored data is encrypted with AES-256.

  • Row-Level Security (RLS) ensures each child’s data is accessible only to their authorized parent or guardian account.

  • Supabase complies with GDPR, CCPA, and SOC 2 Type II standards and undergoes regular third-party audits.

6.2. Mixpanel (Analytics)

We use Mixpanel to understand app usage patterns and improve the learning experience.

  • All data sent to Mixpanel is pseudonymized; no child identifiers, personal voice data, or contact details are ever transmitted.

  • Analytics focus solely on anonymous engagement metrics (e.g., lesson completion, time spent).

  • Mixpanel operates under GDPR-compliant DPAs and allows parents to opt out of analytics by contacting privacy@swarmforkids.com.

6.3. Novu (Notifications)

We use Novu to deliver real-time in-app and email notifications to parents and guardians (e.g., lesson progress, achievements, or reminders).

  • Novu only processes event-based metadata such as “lesson completed” or “goal reached.”

  • It does not process personal content, voice recordings, or chat messages.

  • All data is transmitted securely via HTTPS/TLS 1.3.

6.4. Stripe (Payments)

For parents subscribing to premium features, Stripe securely processes payment information.

  • Stripe is fully PCI-DSS certified and GDPR-compliant.

  • We do not collect or store credit card information directly; all transactions are handled by Stripe’s encrypted payment gateway.

  • Stripe only processes the minimum required information to complete the transaction.

Each third-party provider listed above is carefully selected for its strong data protection standards, transparency, and adherence to both GDPR-K and COPPA requirements.

7. Parental Rights

Parents or guardians have the right to:

  • Access, review, or correct their child’s data.

  • Withdraw consent at any time.

  • Request deletion of their child’s account and associated data.

  • Request confirmation of data deletion.

  • File a complaint with a Data Protection Authority.

To exercise any of these rights, contact privacy@swarm.kids.

8. Data Retention

We retain data only as long as necessary to provide the App’s services or until a parent withdraws consent.

Upon account deletion or consent withdrawal

  • All child data is permanently deleted within 30 days.

  • Backups are purged in the next scheduled deletion cycle (within 90 days).

9. Voice and AI Interaction Data

Voice inputs are processed in real time to enable live tutoring.

  • Data is not stored unless explicitly consented for progress tracking.

  • AI processing occurs on Azure’s secure servers.

  • No voice recordings are used for AI model training or shared with external parties.

10. International Data Transfers

Data is stored in the EU. If data is transferred outside the EU (e.g., for analytics support), we use:

  • Standard Contractual Clauses (SCCs) under GDPR Article 46.

  • Partners that provide equivalent protection under GDPR and COPPA.

11. Cookies and Tracking

We use limited, privacy-safe cookies or local storage for:

  • Session management.

  • App functionality (e.g., remembering login state).

  • Aggregated analytics via Mixpanel.

We do not use advertising or behavioral tracking cookies.

12. Changes to This Policy

  • We may update this Privacy Policy from time to time.

  • Parents will be notified via email and in-app alerts before significant changes take effect.

  • Continued use of the App after notification constitutes acceptance.

13. Contact Us

SWARM for Kids Operated by SWARM LTD 📧 privacy@swarm.kids 📍 Address: To be determined 🇪🇺 Data Protection Officer (DPO): Nick van der Meij