Privacy Policy

Effective Date May 8, 2026 Last Updated June 21, 2020

1. Introduction & Scope
Shoonya Digital, Inc. ("Shoonya," "we," "our," or "us") provides Shoonya Kids, a language-learning application and related services ("Services") used by children at home through the Apple App Store and by students, teachers, and administrators inside K–12 schools and school districts. This Privacy Policy explains what personal information we collect, how we use and share it, the choices and rights available to you, and the specific commitments we make to children, parents, schools, and California residents.
This Policy applies to:

our website at shoonyadigital.com and any successor domains;
the Shoonya Kids iOS application and any other Shoonya mobile or web applications;
our teacher and administrator portal; and
any related products, content, and services that link to this Policy.

When Shoonya provides Services to a school or district under a written agreement, the school or district's instructions and our agreement with them control how student personal information is processed. Where this Policy and a school/district agreement conflict with respect to student personal information, the agreement controls.

2. Key Commitments to Children, Parents, and Schools
Shoonya Kids is a child-directed online service under the U.S. Children's Online Privacy Protection Act ("COPPA"). We design our product, our data practices, and our vendor relationships around the following commitments:

No sale of personal information. We do not sell personal information of children, students, parents, or teachers, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the CPRA ("CCPA").
No targeted advertising to children or students. We do not use student or child personal information to deliver targeted advertising, and we do not allow third parties to do so on our Services.
No advertising of any kind inside Shoonya Kids. The Shoonya Kids app does not display third-party advertisements.
No selling, leasing, trading, or renting student records. We do not sell, lease, trade, or rent any student personal information for commercial purposes.
No building of non-educational profiles. We do not amass profiles of students for any purpose other than providing and improving the educational Services authorized by the school or parent.
Data minimization. We collect only the personal information reasonably necessary to deliver the Services and operate our business.
Educator and parental control. Schools and parents can review, request deletion of, and request export of personal information we hold about a child or student in their care, as described in this Policy.
Best-interests-of-the-child design. Consistent with the California Age-Appropriate Design Code, our default settings, defaults, and explanations are designed for the age of the children using the Service.

3. Children Under 13 (COPPA)
Shoonya Kids is directed to children, including children under 13. We comply with the U.S. Children's Online Privacy Protection Act of 1998 ("COPPA") and its implementing rule, 16 C.F.R. Part 312.
3.1 Operator and Contact
Shoonya Digital, Inc. is the COPPA "operator" of Shoonya Kids. Parents and schools can contact our Privacy Officer at privacy@shoonyadigital.com with any questions, to review the personal information we have collected from a child, to ask us to delete it, or to refuse further collection.
3.2 Personal Information We Collect from Children
From child users we collect only what is reasonably necessary to operate the Services:

account identifiers (such as a username and a school class code, or, for at-home users, the parent-provided account ID);
limited profile information the parent or school chooses to provide (such as first name or initials, grade level, and language preferences);
learning activity data (lesson progress, gameplay events, accuracy on skill-check games, time on task);
persistent identifiers (such as a device-generated app identifier) used solely to provide internal operations of the Service — for example, to remember progress across sessions, prevent abuse, secure the Service, and analyze and improve the educational features of the Service; and
audio recordings of a child's voice when the child uses speech-based language-learning activities, processed only for the purpose of providing those activities, retained only for the period described in Section 11, and never used to build voiceprints, biometric templates, or advertising profiles.

We do not condition a child's participation in any Shoonya Kids activity on the disclosure of more personal information than is reasonably necessary for that activity.
3.3 Verifiable Parental Consent and the School Authorization Exception
Where Shoonya Kids is provided directly to a household through the Apple App Store, we obtain verifiable parental consent before collecting personal information from a child, using one or more of the methods permitted by the COPPA Rule (such as a credit/debit card transaction with a small charge or refund through Apple, a signed consent form, or a knowledge-based authentication question). For free-tier accounts that collect only persistent identifiers used for internal operations, we may rely on the limited "internal operations" treatment permitted by the COPPA Rule.
Where Shoonya Kids is used inside a school or district under a written contract, we rely on the school as our agent to provide consent on behalf of the parent for the collection of student personal information used solely for the educational purposes authorized by the school, consistent with FTC guidance. The school agrees in our contract to provide notice to parents and to obtain any further consent that may be required by state law.
3.4 Parental Rights
At any time, a parent may:

review the personal information we have collected from their child;
refuse to permit further collection or use of their child's personal information;
request that we delete their child's personal information; and
have us cease use of audio recordings or other previously collected information.

To exercise these rights, contact privacy@shoonyadigital.com. We will verify the parent's identity using a method appropriate to the sensitivity of the request (for example, the email address of record, or signed written confirmation) before honoring it. If a child's account is part of a school deployment, we will also coordinate with the school.

4. Information Collected and Processed in Schools (FERPA, SOPIPA, AB 1584)
When Shoonya Kids is licensed to a school, school district, or county office of education ("School"), Shoonya processes student personal information solely on behalf of and at the direction of the School. We treat that information as follows.
4.1 FERPA — School Official Designation
To the extent we receive personally identifiable information from "education records" as defined under the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. § 1232g and 34 C.F.R. Part 99, we receive that information as a "school official" with a "legitimate educational interest" under 34 C.F.R. § 99.31(a)(1)(i)(B). We:

perform an institutional service or function for which the School would otherwise use employees;
are under the direct control of the School with respect to the use and maintenance of education records; and
use the education records only for the educational purposes authorized by the School, and do not re-disclose them to third parties without the School's authorization or as otherwise permitted by FERPA.

4.2 California SOPIPA (Cal. Bus. & Prof. Code §§ 22584–22585)
Shoonya is an "operator" subject to California's Student Online Personal Information Protection Act ("SOPIPA"). With respect to "covered information" of K–12 students, we:

do not engage in targeted advertising on the Service or any other site, service, or application based on covered information;
do not use covered information to amass a profile about a K–12 student except in furtherance of K–12 school purposes;
do not sell, rent, or trade student personal information;
do not disclose covered information except as expressly permitted by SOPIPA (e.g., to the School, with parental consent, to comply with law, for legitimate research conducted under SOPIPA's safeguards, or to a service provider bound by equivalent restrictions);
maintain reasonable security procedures and practices appropriate to the nature of the covered information; and
delete covered information at the request of the School within a commercially reasonable period.

4.3 California AB 1584 (Cal. Ed. Code § 49073.1)
When we contract with a California Local Educational Agency ("LEA"), our contract includes the elements required by AB 1584, including: (i) a statement that pupil records continue to be the property of and under the control of the LEA; (ii) a description of the means by which pupils may retain possession and control of their own pupil-generated content; (iii) a prohibition on Shoonya using pupil records for any purpose other than those required or specifically permitted by the contract; (iv) a description of the procedures by which a parent, legal guardian, or eligible pupil may review and correct personally identifiable information in the pupil's records; (v) a description of actions Shoonya will take in the event of an unauthorized disclosure of pupil records; (vi) a certification that pupil records will not be retained or available to Shoonya upon completion of the terms of the contract, and a description of how that certification will be enforced; and (vii) a description of how Shoonya and the LEA will jointly ensure compliance with FERPA.
4.4 Parent and Eligible-Pupil Access through the School
Parents, legal guardians, and eligible pupils who wish to review, correct, or delete student personal information should contact the School in the first instance, because the School is the "owner" of the education record. Shoonya will support those requests promptly when they are forwarded to us at privacy@shoonyadigital.com.

5. Information We Collect (All Users)
We collect the following categories of personal information. For California residents, Section 9 sets out how these data types map to the categories of personal information defined under the California Consumer Privacy Act.
5.1 Information You (or a Parent, Teacher, or School) Provide

Account & contact information — name, email address, school role (student, teacher, administrator, parent), school code, and password (stored only as a salted hash).
Child profile data — first name or initials, grade level, language preferences, and any avatar selection. We do not require last names for child users.
Subscription and billing information — for at-home users, we do not receive credit card or bank account numbers; subscriptions are processed by Apple through the App Store, and we receive only the limited transaction information Apple provides (such as a transaction ID and subscription status).
Communications — information you provide when you contact support, request a quote, or respond to a survey.

5.2 Information We Collect Automatically

Learning activity — lessons started and completed, gameplay events, skill-check accuracy, time on task, and similar in-app interactions.
Device and app information — device type, OS version, app version, language settings, time zone, IP address (used for security and coarse country-level localization only), and crash diagnostics.
Voice recordings — audio captured during voice-based language activities, processed solely to provide the activity.
Cookies and similar technologies on our website — strictly-necessary cookies for site operation, plus, with your consent where required, limited analytics. We do not place advertising cookies.

5.3 Information from Third Parties

Identity providers — if you sign in to the teacher portal using Clever or Google SSO, we receive the limited profile information your administrator authorizes those providers to share (typically a user ID, name, email, role, and school).
Apple App Store — limited transaction and subscription metadata as described above. Apple does not share payment-card information with us.
Schools — student rosters, class assignments, and similar data that the School chooses to provide to set up the Service.

We do not collect, and we instruct our service providers not to collect on our behalf: precise geolocation, government-issued identifiers, financial account numbers, biometric identifiers used for identification, race or ethnic origin, religious beliefs, health information, sexual orientation, immigration status, or contents of mail, email, or text messages other than communications you direct to us.

6. How We Use Information
We use personal information only for the following purposes:

Provide and operate the Services. Authenticate users; deliver lessons; track progress; sync data across the child's sessions and devices; provide voice-based activities; and respond to your support requests.
Educational improvement. Maintain, analyze, and improve the educational features of the Service, including — in aggregated or de-identified form — product research and quality improvement.
Security and integrity. Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms.
Legal and compliance. Comply with applicable law, respond to lawful requests, and enforce our agreements.
Business communications with adults only. Send service communications (billing, security, policy updates) and, for adult users only, optional newsletter and product-update communications. We do not send marketing communications to children, and we do not send marketing communications to a parent's email address based on a child's account without the parent's separate opt-in.

We do not use personal information for: (a) targeted advertising; (b) cross-context behavioral advertising; (c) "selling" or "sharing" personal information as those terms are defined under the CCPA; (d) profiling for decisions producing legal or similarly significant effects; or (e) any purpose that is materially different from, or incompatible with, the purposes disclosed in this Policy without first providing notice and obtaining any required consent.

7. How We Share Information
We share personal information only in the limited circumstances below, and only with parties bound by written agreements that restrict their use of the information:

Service providers and processors. Cloud hosting, application analytics, customer support tooling, identity providers, and similar vendors that process personal information on our behalf under written agreements that meet the "service provider"/"contractor" requirements of the CCPA, the "processor" requirements of GDPR-style laws, and FERPA/SOPIPA flow-down obligations. The categories of sub-processors we currently engage are described in Section 14. We are in the process of compiling a complete, named sub-processor list and will publish it on this site when finalized; in the interim, you may request the current named list by emailing privacy@shoonyadigital.com.
Schools and authorized educators. When the Service is used through a School, we share student information with the School and with the educators and administrators that the School authorizes.
Parents and guardians. We share a child's information with a verified parent or guardian on request.
Apple. Apple processes App Store transactions and, where users opt in, Family Sharing membership; we do not control Apple's processing of that information, which is governed by Apple's privacy policy.
Legal disclosures. When required by law, court order, or other valid legal process, or to protect the rights, property, or safety of Shoonya, our users, or the public. Where permitted, we will notify the affected user (or, for student data, the School) before disclosure.
Corporate transactions. In a merger, acquisition, financing due diligence, or sale of all or part of our business or assets, subject to confidentiality obligations and continuing protections at least as protective as this Policy. We will provide notice (and, where applicable, an opportunity to object) before student personal information is transferred to a successor entity that does not commit to honor this Policy.

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising. In the preceding 12 months, we have not sold or shared (as defined under the CCPA) the personal information of any consumer, including any consumer under 16. We have disclosed personal information to the categories of recipients listed above for the business and operational purposes described in this Policy.

8. Apple App Store, Kids Category, and Family Sharing
Shoonya Kids is distributed through the Apple App Store and is designed to comply with Apple's App Store Review Guidelines, including the Kids Category requirements.

App Privacy "nutrition label." The information disclosed on our App Store product page — including the categories of data linked to the user, data linked to identity, and data used to track — mirrors this Policy. If you find a discrepancy, this Policy controls and we will correct the App Store disclosure.
App Tracking Transparency (ATT). We do not use the AppTrackingTransparency framework to request permission to track because we do not track users across apps and websites owned by other companies, and we do not share user data with data brokers.
No third-party advertising or third-party analytics not appropriate for children. Consistent with the Kids Category, we do not include behavioral advertising, third-party advertising not human-reviewed and age-appropriate, or third-party analytics that do not meet Apple's Kids-Category requirements.
In-app purchases and subscriptions. Subscriptions are sold and processed by Apple. Payment cards, Apple ID credentials, and Apple ID-level personal information are handled by Apple under its privacy policy. We receive only limited transaction metadata necessary to provision and renew the subscription. To manage or cancel a subscription, use your Apple ID settings (Settings → [your name] → Subscriptions).
Family Sharing and "Ask to Buy." When a child uses Shoonya Kids through Family Sharing, the family organizer's "Ask to Buy" controls govern subscription purchases. Apple's Family Sharing privacy practices apply to that relationship.

9. California Privacy Rights (CCPA / CPRA)
This Section 9 supplements the rest of this Policy and applies to California residents whose personal information is collected by Shoonya outside of a School relationship. When the Service is used through a School, the School — not Shoonya — is the "business" with respect to student personal information, and parent/eligible-pupil rights are exercised through the School as described in Section 4.
9.1 Categories of Personal Information We Have Collected
In the preceding 12 months, Shoonya has collected the following categories of personal information defined by the California Consumer Privacy Act, where applicable to a given user. Sources, business purposes, and recipients for each category are described in Sections 5, 6, and 7.

Identifiers — such as name, email address, school role, school code, username, parent-provided account ID, device-generated app identifier, IP address, Apple transaction ID, and Clever or Google SSO subject ID.
Customer records information (under Cal. Civ. Code § 1798.80(e)) — overlapping with Identifiers, includes name, email, and password (stored as a salted hash).
Protected classification characteristics — we do not collect this category.
Commercial information — subscription status and limited transaction history received from Apple.
Biometric information — we do not collect this category. Voice recordings used for language activities are not used to create biometric templates and are categorized under Sensory information below.
Internet or other electronic network activity information — learning activity (lessons, gameplay, accuracy, time on task), app interactions, device type and OS, language settings, time zone, and crash diagnostics.
Geolocation data — coarse country-level location derived from IP address only. We do not collect precise geolocation.
Sensory information — audio recordings captured during voice-based language activities.
Professional or employment-related information — for teacher and administrator accounts: school role and school affiliation.
Education information — student rosters, class assignments, and learning progress, when received from a School in connection with a school deployment.
Inferences — we do not draw inferences for advertising or profiling. We may compute aggregate, de-identified educational analytics for product improvement.
Sensitive personal information (under Cal. Civ. Code § 1798.140(ae)) — account log-in credentials (passwords, stored only as salted hashes); audio recordings; and personal information of known minors under 16. We use sensitive personal information only for the purposes permitted by Cal. Civ. Code § 1798.121, and we do not use it to infer characteristics about you.

We have not "sold" or "shared" any of these categories of personal information in the preceding 12 months. We retain personal information for the periods described in Section 11.
9.2 Sensitive Personal Information — Right to Limit
California residents have the right to direct us to limit the use and disclosure of sensitive personal information to those purposes that are necessary to perform the Services or that are otherwise permitted by Cal. Civ. Code § 1798.121. Because Shoonya already limits the use of sensitive personal information to those purposes, no additional action is required for this right to be honored. You may still submit a request to confirm our practices by emailing privacy@shoonyadigital.com.
9.3 Your Rights
Subject to verification and applicable exceptions, California residents may:

request to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it;
request that we correct inaccurate personal information;
request that we delete personal information we have collected about you;
opt out of the sale or sharing of personal information (we do not sell or share, but you may submit a request);
limit the use and disclosure of sensitive personal information to the purposes permitted by law; and
be free from unlawful discrimination or retaliation for exercising any of these rights.

To submit a request, email privacy@shoonyadigital.com. We will verify your identity using a method appropriate to the sensitivity of the request. You may use an authorized agent; we will require proof of authorization. We respond within 45 days, with one 45-day extension where reasonably necessary, in accordance with the CCPA.
9.4 Opt-Out Preference Signals
Our website honors valid Global Privacy Control (GPC) signals as a request to opt out of any "sale" or "sharing" of personal information from the browser sending the signal.
9.5 California Age-Appropriate Design Code (AADC)
Shoonya Kids is designed for children. Consistent with the AADC and our COPPA obligations, we apply high-privacy default settings, configure features to act in the best interests of the child, present privacy information in language a child or parent can understand, and complete a Data Protection Impact Assessment for material new features that process child personal information.
9.6 "Shine the Light" (California Civil Code § 1798.83)
We do not disclose personal information to third parties for those parties' own direct-marketing purposes.
9.7 Notice of Financial Incentives
We do not offer financial incentives or price/service differences in exchange for personal information.

10. Choices and Communications Preferences
Adult users may unsubscribe from optional newsletter and marketing emails using the unsubscribe link in each message or by emailing privacy@shoonyadigital.com. You will continue to receive non-marketing service communications (such as billing, security, and policy updates) for as long as you have an account. We do not send marketing communications to children. Push notifications can be disabled in iOS settings on a per-app basis. Microphone access for voice-based activities can be revoked at any time in iOS settings.

11. Data Retention and Deletion
We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, with the following defaults:

Active student/child accounts: for the duration of the School's contract or, for at-home users, for as long as the account is active.
Inactive consumer accounts: deleted or de-identified within 24 months of the last user activity, unless retention is required by law.
Voice recordings: retained only for the period reasonably necessary to provide the activity, generally no longer than 90 days, after which recordings are deleted; transcribed pronunciation feedback features may retain anonymized scoring metadata only.
School data on contract termination: returned and/or deleted within 30 days of the School's written request, and in any event within 90 days of contract termination, with written certification on request.
Backup copies: purged on our standard backup-rotation cycle (currently 35 days) following deletion from production systems.
Legal-hold and audit-trail data: retained as required to comply with law, resolve disputes, and enforce our agreements.

12. Security
We maintain an information security program that includes administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Current measures include encryption in transit (TLS 1.2+) and at rest, role-based access controls and least-privilege principles, multi-factor authentication for administrative access, single-tenant data isolation where required by School contracts, vulnerability management and routine penetration testing, secure software-development practices, vendor security review, and security incident response procedures. No system is perfectly secure; we cannot guarantee absolute security.
Breach notification. In the event of a confirmed security breach affecting personal information, we will notify affected Schools and individuals, and applicable regulators, as required by law and by our contracts. For California Schools, our notification practices satisfy the requirements of California Civil Code § 1798.82 and our contractual commitments under SOPIPA and AB 1584.

13. International Users and Transfers
Shoonya is headquartered in the United States. Personal information we collect may be processed in the United States or in any country where we or our service providers operate. If you access the Services from outside the United States, you understand that your information will be transferred to and processed in the United States, which may have different data-protection rules from your country. We rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) where required by applicable law.

14. Service Providers and Sub-Processors
We use a limited set of vetted service providers to operate the Services. Each is bound by a written agreement that restricts use of personal information to providing the contracted service, prohibits sale or sharing of personal information, and flows down COPPA, FERPA, SOPIPA, AB 1584, and CCPA obligations as applicable.
The categories of sub-processors we currently engage include:

cloud infrastructure and hosting providers;
database and storage providers;
error monitoring and crash reporting providers;
application analytics and product analytics providers;
customer support and helpdesk tooling;
identity and single-sign-on providers used by our school customers, including Clever and Google for Education;
transactional and operational email delivery providers;
the Apple App Store, which processes subscription transactions for at-home users.

We are in the process of compiling a complete, named sub-processor list. We will publish that list on this site when it is finalized and will provide advance notice of material changes to School customers as required by their contracts. In the interim, you may request the current named list at any time by emailing privacy@shoonyadigital.com.

15. User-Generated Content and Community Features
Shoonya Kids does not include public chat, public posting, public profiles, or social-network features. Children cannot send messages, photos, or video to other children or to the public through Shoonya Kids. Teachers and administrators may communicate with each other through the educator portal, but those communications are not visible to children. If we add any community feature in the future, we will update this Policy and obtain any consents required by COPPA before children's personal information is shared through that feature.

16. Cookies, Analytics, and Tracking
Inside the Shoonya Kids app, we do not use third-party advertising trackers, advertising SDKs, or cross-app tracking. On our website, we use a small set of strictly-necessary cookies and, where required by applicable law, request your consent before setting any analytics cookies. You can manage cookies through our website cookie banner and through your browser settings. We honor Global Privacy Control signals as described in Section 9.4.

17. Access, Correction, and Deletion
To review, correct, or delete personal information, contact privacy@shoonyadigital.com. School-managed accounts: please contact your School first; we will support the School in fulfilling the request. Child accounts at home: a verified parent may request review, correction, or deletion at any time, as described in Section 3.4. California-resident requests: see Section 9.3.

18. Changes to This Policy
We will update this Policy from time to time. For material changes, we will provide advance notice by email to account holders and a prominent notice on the Service before the change takes effect. For Schools, we will provide notice as required by the applicable contract. For changes that materially expand the categories or purposes of personal information collected from children, we will obtain new verifiable parental consent (or, in the school context, the School's authorization) before applying the change to previously collected information. Prior versions of this Policy are available on request at privacy@shoonyadigital.com.

19. Contact Us
For privacy questions, parental rights requests, California rights requests, and Schools-related inquiries, contact our Privacy Officer at privacy@shoonyadigital.com.
For general product support, contact support@shoonyadigital.com.

Grade Level

Language

Topic

Curriculum Overview

Privacy Policy

our website at shoonyadigital.com and any successor domains;

the Shoonya Kids iOS application and any other Shoonya mobile or web applications;

our teacher and administrator portal; and

any related products, content, and services that link to this Policy.

No targeted advertising to children or students. We do not use student or child personal information to deliver targeted advertising, and we do not allow third parties to do so on our Services.

No advertising of any kind inside Shoonya Kids. The Shoonya Kids app does not display third-party advertisements.

No selling, leasing, trading, or renting student records. We do not sell, lease, trade, or rent any student personal information for commercial purposes.

No building of non-educational profiles. We do not amass profiles of students for any purpose other than providing and improving the educational Services authorized by the school or parent.

Data minimization. We collect only the personal information reasonably necessary to deliver the Services and operate our business.

Educator and parental control. Schools and parents can review, request deletion of, and request export of personal information we hold about a child or student in their care, as described in this Policy.

Best-interests-of-the-child design. Consistent with the California Age-Appropriate Design Code, our default settings, defaults, and explanations are designed for the age of the children using the Service.

account identifiers (such as a username and a school class code, or, for at-home users, the parent-provided account ID);

limited profile information the parent or school chooses to provide (such as first name or initials, grade level, and language preferences);

learning activity data (lesson progress, gameplay events, accuracy on skill-check games, time on task);

persistent identifiers (such as a device-generated app identifier) used solely to provide internal operations of the Service — for example, to remember progress across sessions, prevent abuse, secure the Service, and analyze and improve the educational features of the Service; and

audio recordings of a child's voice when the child uses speech-based language-learning activities, processed only for the purpose of providing those activities, retained only for the period described in Section 11, and never used to build voiceprints, biometric templates, or advertising profiles.

review the personal information we have collected from their child;

refuse to permit further collection or use of their child's personal information;

request that we delete their child's personal information; and

have us cease use of audio recordings or other previously collected information.

perform an institutional service or function for which the School would otherwise use employees;

are under the direct control of the School with respect to the use and maintenance of education records; and

use the education records only for the educational purposes authorized by the School, and do not re-disclose them to third parties without the School's authorization or as otherwise permitted by FERPA.

4.2 California SOPIPA (Cal. Bus. & Prof. Code §§ 22584–22585) Shoonya is an "operator" subject to California's Student Online Personal Information Protection Act ("SOPIPA"). With respect to "covered information" of K–12 students, we:

do not engage in targeted advertising on the Service or any other site, service, or application based on covered information;

do not use covered information to amass a profile about a K–12 student except in furtherance of K–12 school purposes;

do not sell, rent, or trade student personal information;

do not disclose covered information except as expressly permitted by SOPIPA (e.g., to the School, with parental consent, to comply with law, for legitimate research conducted under SOPIPA's safeguards, or to a service provider bound by equivalent restrictions);

maintain reasonable security procedures and practices appropriate to the nature of the covered information; and

delete covered information at the request of the School within a commercially reasonable period.

Account & contact information — name, email address, school role (student, teacher, administrator, parent), school code, and password (stored only as a salted hash).

Child profile data — first name or initials, grade level, language preferences, and any avatar selection. We do not require last names for child users.

Subscription and billing information — for at-home users, we do not receive credit card or bank account numbers; subscriptions are processed by Apple through the App Store, and we receive only the limited transaction information Apple provides (such as a transaction ID and subscription status).

Communications — information you provide when you contact support, request a quote, or respond to a survey.

5.2 Information We Collect Automatically

Learning activity — lessons started and completed, gameplay events, skill-check accuracy, time on task, and similar in-app interactions.

Device and app information — device type, OS version, app version, language settings, time zone, IP address (used for security and coarse country-level localization only), and crash diagnostics.

Voice recordings — audio captured during voice-based language activities, processed solely to provide the activity.

Cookies and similar technologies on our website — strictly-necessary cookies for site operation, plus, with your consent where required, limited analytics. We do not place advertising cookies.

5.3 Information from Third Parties

Identity providers — if you sign in to the teacher portal using Clever or Google SSO, we receive the limited profile information your administrator authorizes those providers to share (typically a user ID, name, email, role, and school).

Apple App Store — limited transaction and subscription metadata as described above. Apple does not share payment-card information with us.

Schools — student rosters, class assignments, and similar data that the School chooses to provide to set up the Service.

Provide and operate the Services. Authenticate users; deliver lessons; track progress; sync data across the child's sessions and devices; provide voice-based activities; and respond to your support requests.

Educational improvement. Maintain, analyze, and improve the educational features of the Service, including — in aggregated or de-identified form — product research and quality improvement.

Security and integrity. Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms.

Legal and compliance. Comply with applicable law, respond to lawful requests, and enforce our agreements.

Schools and authorized educators. When the Service is used through a School, we share student information with the School and with the educators and administrators that the School authorizes.

Parents and guardians. We share a child's information with a verified parent or guardian on request.

Apple. Apple processes App Store transactions and, where users opt in, Family Sharing membership; we do not control Apple's processing of that information, which is governed by Apple's privacy policy.

Legal disclosures. When required by law, court order, or other valid legal process, or to protect the rights, property, or safety of Shoonya, our users, or the public. Where permitted, we will notify the affected user (or, for student data, the School) before disclosure.

App Tracking Transparency (ATT). We do not use the AppTrackingTransparency framework to request permission to track because we do not track users across apps and websites owned by other companies, and we do not share user data with data brokers.

Family Sharing and "Ask to Buy." When a child uses Shoonya Kids through Family Sharing, the family organizer's "Ask to Buy" controls govern subscription purchases. Apple's Family Sharing privacy practices apply to that relationship.

Identifiers — such as name, email address, school role, school code, username, parent-provided account ID, device-generated app identifier, IP address, Apple transaction ID, and Clever or Google SSO subject ID.

Customer records information (under Cal. Civ. Code § 1798.80(e)) — overlapping with Identifiers, includes name, email, and password (stored as a salted hash).

Protected classification characteristics — we do not collect this category.

Commercial information — subscription status and limited transaction history received from Apple.

Biometric information — we do not collect this category. Voice recordings used for language activities are not used to create biometric templates and are categorized under Sensory information below.

Internet or other electronic network activity information — learning activity (lessons, gameplay, accuracy, time on task), app interactions, device type and OS, language settings, time zone, and crash diagnostics.

Geolocation data — coarse country-level location derived from IP address only. We do not collect precise geolocation.

Sensory information — audio recordings captured during voice-based language activities.

Professional or employment-related information — for teacher and administrator accounts: school role and school affiliation.

Education information — student rosters, class assignments, and learning progress, when received from a School in connection with a school deployment.

Inferences — we do not draw inferences for advertising or profiling. We may compute aggregate, de-identified educational analytics for product improvement.

request to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it;

request that we correct inaccurate personal information;

request that we delete personal information we have collected about you;

opt out of the sale or sharing of personal information (we do not sell or share, but you may submit a request);

limit the use and disclosure of sensitive personal information to the purposes permitted by law; and

be free from unlawful discrimination or retaliation for exercising any of these rights.

Active student/child accounts: for the duration of the School's contract or, for at-home users, for as long as the account is active.

Inactive consumer accounts: deleted or de-identified within 24 months of the last user activity, unless retention is required by law.

Voice recordings: retained only for the period reasonably necessary to provide the activity, generally no longer than 90 days, after which recordings are deleted; transcribed pronunciation feedback features may retain anonymized scoring metadata only.

School data on contract termination: returned and/or deleted within 30 days of the School's written request, and in any event within 90 days of contract termination, with written certification on request.

Backup copies: purged on our standard backup-rotation cycle (currently 35 days) following deletion from production systems.

4.2 California SOPIPA (Cal. Bus. & Prof. Code §§ 22584–22585)
Shoonya is an "operator" subject to California's Student Online Personal Information Protection Act ("SOPIPA"). With respect to "covered information" of K–12 students, we: