Privacy Policy — Kidea

Effective date: March 10, 2025
Last updated: April 10, 2026

Kidea (“we”, “our”, or “us”) is a learning app designed for children and young people. This Privacy Policy explains what information we collect, how we use it, and your rights, especially for users under 13. Please read it with your child or teen if they use the app.

Kidea is operated by Esa Tanskanen, located in Finland, who acts as the data controller for the personal data described in this policy. For contact details, see section 12 (Contact).

By using Kidea, you agree to this Privacy Policy.

1. Introduction

Kidea is primarily intended for users aged approximately 7–18 years and their parents or teachers. We take privacy seriously and follow applicable laws, including the Children’s Online Privacy Protection Act (COPPA) in the United States and the General Data Protection Regulation (GDPR) in the European Union/EEA.

Kidea does not include sign-in or account creation. The app also does not include an age-gate flow. Profile names and grades are optional and are stored only on the device.

2. Information We Collect

“Personal information” means information that identifies an individual or a device—for example, an account identifier, name, email address, or similar data.

2.1 Technical identifiers for security and service operation

• Installation identifier (app instance ID)
  The app generates a random identifier for this app installation on your device. We use it only for internal operations such as abuse prevention, request quotas, and service reliability.
• Play Integrity attestation data
  For costly generation requests, the app sends a Play Integrity token and a short-lived one-time challenge/nonce so our server can verify requests come from a genuine Play-installed app and reject replayed requests. We use this only for security, fraud prevention, and service protection.

2.2 Information stored only on your device

The following information is stored only on your device and is not uploaded to our servers or shared with third parties:

• Profile information
  Such as a display name, school level, grade, language, and avatar (sticker) choices. This is used only for the learning experience on your device.
• Learning and progress data
  Books, chapters, progress, stickers, and other study content and results. These stay on your device unless you use optional features that upload limited study snapshots (see section 2.5).
• User photos and camera images
  Photos you take with the app (e.g. of textbook or chapter pages) are generally kept only on your device. When you use the feature to create study materials from photos of pages, we send those images to our servers and to Google Cloud Vision (a Google service) only so we can extract text (OCR) and create study materials. The images are processed in memory and we do not store them on our systems or on Google’s for this purpose, and we do not use them for advertising or any other purpose. We never store user photos on our servers.

2.3 Information we store on our servers

When you use features that need our servers, we receive and store:

• Your installation-level security identifier used for entitlement and abuse-prevention bookkeeping.
• Entitlement and usage data, such as: whether you use a subscription, a school/usage key, or ads; and (if you use a school key) the key code linked to your installation so we can grant access.
• Usage limits, such as how many chapters were created in a day or week (for fair use).
• Purchase-related data
  If you make in-app purchases, we receive purchase tokens and product/chapter identifiers from Google Play so we can unlock the right content. Payment details are handled by Google, not by us.

2.4 Content sent to create study materials

When you create or use study content (e.g. chapters, learning steps, songs, or adventures), we send to our servers the information needed to generate that content. When you create a chapter from photos of textbook or chapter pages, we send those images to our servers and to Google Cloud Vision for text extraction (OCR) only; the images are processed in memory and not stored by us or by Google for this purpose. For other study content we send only text and metadata—for example: chapter text, terms, definitions, bullet points, character descriptions, and language. This content is processed by our servers and by service providers (AI providers such as OpenAI for content generation and MusicGPT for music/song generation from lyrics, and cloud providers such as Google Cloud for infrastructure and services such as text-to-speech) to generate study materials, images, speech, or music. Content sent to our AI providers is used only to generate the requested study materials and is not used by us to train AI models, in line with our agreements with those providers. We do not store photos you send for this purpose; they are processed only to generate the requested materials.

2.5 Optional “Share chapter”

If you choose to share a chapter, the app may upload a limited snapshot to our servers so we can give you a link for others to open in Kidea. That snapshot includes only transformed study aids from chapter creation—for example book and chapter names as labels, summary, key points and terms from the initial chapter bundle, and language—not full book text, photos, audio, your profile name, grades, or other personal results, and not separate “all terms” or “all bullets” expansions. We do not upload original source pages or copyrighted body text. We store that snapshot for approximately 30 days, after which it is deleted. Sharing is voluntary; recipients need the app to use the link as intended.

3. How We Use the Information

We use the information we collect to:

• Provide and operate the Kidea app (e.g. sync entitlements, unlock content, enforce usage limits).
• Generate study content (e.g. illustrations, learning steps, songs, adventures) using our systems and service providers.
• Show ads (via Google AdMob) when you have chosen an ad-supported option. Ads shown in the app are child-directed and non-personalized, consistent with Google Play Families policies.
• Process in-app purchases and subscription status with Google Play.
• Comply with law and protect the security of our services.

We do not use personal information for advertising directed to children beyond what is permitted under child-directed ad policies (e.g. contextual, non-personalized ads).

4. Where Data Is Stored

• On your device
  Profile information (name, school level, grade, language, avatar), learning progress, books, chapters, stickers, and your photo files are stored only on your device. We do not store your or your child’s photos on our systems. When you create study materials from photos of pages, those images are sent for processing only and are not stored.
• On our servers
  We store a technical installation-level identifier, entitlement type, school/usage key (if used), usage limits, and records related to in-app purchases. We also process the text and metadata you send when creating study materials (as described in section 2.4). We do not store profile names or grades on our servers.
• With third parties
  Some data is processed by: Google (AdMob for ads; Google Play for purchases). Google Cloud Vision (photos of pages are sent for OCR only to create study materials; images are not stored). AI and cloud providers (for example OpenAI for content generation, MusicGPT for music/song generation from lyrics, and Google Cloud for infrastructure and services such as text-to-speech and images). Their privacy policies apply to their processing. Ads in the app are non-personalized and child-directed (Google AdMob).
• International transfers
  Some of our service providers may process data in countries outside the European Economic Area (EEA), including the United States. Where this occurs, we rely on appropriate safeguards such as standard contractual clauses or equivalent protections required by law.

5. Third Parties and Subprocessors

We do not sell personal information. Photos sent for OCR are processed in memory and are not stored by us or our service providers.

6. Parents’ Rights

Users under 13

Kidea is designed to minimize personal-data collection for all users, including children under 13. We use technical identifiers only for internal operations such as security, fraud prevention, and service integrity. Kidea does not include sign-in, account creation, or an age-gate flow.

Users are not required to provide more personal information than is necessary. For example, a profile name and grade are optional and are stored only on the device.

Your rights as a parent or guardian

You may:

• Review the personal information we hold about your child.
• Request deletion of that information.
• Refuse further collection of personal information.

To do any of this, please contact us using the details in section 12. We will respond within a reasonable time (e.g. as required by law, such as within 30 days under COPPA).

7. Your Data Protection Rights (EU/EEA)

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Request deletion of your data
• Restrict or object to processing
• Data portability (receive your data in a structured, commonly used format where applicable)
• Lodge a complaint with a supervisory authority

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

To exercise these rights, contact us using the details in section 12 (Contact).

8. Retention and Deletion

• On your device
  Data stored only on the device (profiles, progress, photos) remains until you delete the app or clear its data. We do not store photos on our systems.
• On our servers
  We retain entitlement and operational security data (e.g. installation-level identifier, usage key, purchase records, and anti-abuse counters/challenge state) for as long as needed to operate and protect the service, and then delete or anonymize it according to legal and operational requirements. You may request deletion of your or your child’s data at any time; we will delete or anonymize it in line with our legal obligations.

9. Security

We use reasonable technical and organizational measures to protect the information we process—for example, secure connections (HTTPS), access controls, and secure storage. No system is completely secure; we encourage you to use a secure device and to keep account and device access limited to trusted persons.

10. App Permissions

• Internet — Required for the app to work (loading content, ads, and syncing with our servers).
• Notifications — Optional; used for reminders (e.g. timer). You can deny this and still use the app.
• Foreground service (media playback) — Used when the app plays audio (e.g. study timer) in the background.
• Camera — Used when you take photos of textbook or chapter pages to create study materials. Those images are sent to our servers and to Google Cloud Vision for OCR only and are not stored (see sections 2.2 and 2.4).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the current version at https://www.dancingmanatee.com/restudy/privacy.html (and in the app where applicable). Where required by law, we will notify you of significant changes (e.g. in the app or by email). The “Last updated” date at the top shows when the policy was last revised.

12. Contact

Data controller: Esa Tanskanen, Finland

For privacy questions, parental requests (access, deletion, or refusal of further collection), or any concern about your or your child’s data:

• Email: restudy.admin@gmail.com
• Or: See email above.

We will respond as required by applicable law (e.g. COPPA in the United States, GDPR in the EU/EEA).

This policy is designed for users and parents. If you need it in another language or format, please contact us.