KoalityKidsBack to Home

Privacy Policy

Last updated: 13 April 2026

1. Introduction

Koality Pty Ltd (ABN pending) ("KoalityKids", "we", "us", or "our") is committed to protecting the privacy of children and their families. This Privacy Policy explains how we collect, use, disclose, store, and safeguard personal information when you access or use our mobile application, website, and related services (collectively, the "Service").

KoalityKids is headquartered on the Sunshine Coast, Queensland, Australia. We provide our Service to users worldwide and are committed to complying with applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the UK GDPR, and the U.S. Children's Online Privacy Protection Act (COPPA).

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Scope & Applicability

This Privacy Policy applies to all users of the Service, including:

  • Children — individuals under the age of 16 who use the KoalityKids app.
  • Parents & Guardians — adults who create and manage accounts on behalf of their children.
  • Educators & Schools — teachers, administrators, and educational institutions that use KoalityKids Enterprise.
  • Website Visitors — individuals who visit our website without creating an account.

This policy does not apply to third-party websites, applications, or services linked from our Service. We encourage you to review the privacy policies of any third-party services you access.

3. Information We Collect

3.1 Information You Provide

  • Account registration: parent/guardian email address, password, child's display name, and age range.
  • Profile information: optional avatar, interests, and preferences.
  • User content: photos, observations, journal entries, and other content created within the app.
  • Communications: messages you send to us via email or in-app support.
  • Payment information: subscription and billing details, processed securely by our third-party payment providers (e.g., Apple App Store, Google Play). We do not store credit card numbers.

3.2 Information Collected Automatically

  • Device information: device type, operating system, unique device identifiers, and app version.
  • Usage data: features accessed, time spent in the app, interactions, and crash reports.
  • Location data: approximate location (if permitted) to tag observations. We do not track precise real-time location. Location permissions can be revoked at any time.
  • Log data: IP address, browser type, referring/exit pages, and timestamps.

3.3 Information from Third Parties

We may receive limited information from third-party authentication providers (e.g., Sign in with Apple, Google Sign-In) if you choose to use them. This is limited to your name and email address.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: deliver AI-powered identification, maintain journals, track badges, and enable social features.
  • Personalisation: tailor content, challenges, and recommendations to each child's interests and progress.
  • Safety & moderation: monitor for inappropriate content and ensure a safe environment for children.
  • Improvement & research: analyse usage patterns to improve features, fix bugs, and develop new functionality.
  • Communications: send service-related notifications, updates, and (with consent) promotional materials to parents.
  • Legal compliance: comply with legal obligations, enforce our terms, and protect our rights.
  • Customer support: respond to enquiries, troubleshoot issues, and provide assistance.

5. Legal Bases for Processing (EEA, UK & International Users)

Where applicable under the GDPR or similar legislation, we rely on the following legal bases:

  • Consent: where you (or a parent/guardian on behalf of a child) have given explicit consent, such as for location data or marketing communications.
  • Contract: processing necessary to provide the Service you have requested.
  • Legitimate interests: improving and securing our Service, provided these interests are not overridden by your rights.
  • Legal obligation: processing required to comply with applicable laws.

6. Children's Privacy

Protecting children's privacy is central to everything we do. KoalityKids is designed as a child-safe platform from the ground up.

6.1 Parental Consent

We require verifiable parental or guardian consent before collecting any personal information from a child. Child accounts can only be created by an authenticated parent or guardian. We comply with COPPA (for users in the United States) and the GDPR's provisions for children's data (for users in the EEA/UK).

6.2 What We Collect from Children

We limit the data we collect from children to what is strictly necessary:

  • Display name (not required to be a real name)
  • Age range (not date of birth)
  • Photos and observations created within the app
  • Badge and challenge progress
  • App usage data for service improvement

6.3 What We Do NOT Do

  • We do not sell children's personal information. Ever.
  • We do not serve behavioural or targeted advertising to children.
  • We do not use children's data for profiling or automated decision-making.
  • We do not require children to disclose more information than is necessary.
  • We do not allow children to make their profiles publicly searchable.

6.4 Parental Rights

Parents and guardians have the right to:

  • Review all personal information collected from their child.
  • Request correction or deletion of their child's data.
  • Withdraw consent and have their child's account deleted.
  • Manage privacy settings, content visibility, and social features through the Parent Portal.

To exercise these rights, use the Parent Portal within the app or contact us at hello@koalitytech.com.

7. AI & Identification Features

KoalityKids uses child-safe artificial intelligence to power identification features. When a child takes a photo within the app:

  • The image is processed by our AI systems to provide identification and educational content.
  • Images may be stored to improve identification accuracy over time, but are never linked to a child's identity for any purpose other than their personal journal.
  • We do not use facial recognition technology.
  • AI-generated responses are designed to be age-appropriate and are reviewed for safety.
  • No personal data from children is used to train third-party AI models.

8. Data Sharing & Disclosure

We do not sell, rent, or trade personal information. We may share data only in the following limited circumstances:

8.1 Service Providers

We engage trusted third-party providers to help operate and improve the Service (e.g., cloud hosting, analytics, payment processing, customer support). These providers are contractually bound to use personal information only as necessary to perform services on our behalf and are required to maintain appropriate security measures.

8.2 Schools & Educators (Enterprise)

For Enterprise accounts, limited child data (display name, observations, and progress) may be shared with authorised educators at the institution that manages the account. Schools act as data controllers for their students' information.

8.3 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the safety of any person, prevent fraud, or protect our legal rights.

8.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.

9. Cookies & Tracking Technologies

Our website may use cookies and similar technologies for the following purposes:

  • Essential cookies: required for the website to function properly (e.g., session management).
  • Analytics cookies: help us understand how visitors interact with our website so we can improve it.

We do not use cookies for advertising or behavioural tracking. We do not use cookies within the child-facing app. You can manage cookie preferences through your browser settings.

10. International Data Transfers

KoalityKids is based in Australia and our primary data storage is in Australia. However, some of our service providers may process data in other jurisdictions. Where personal information is transferred outside of your country of residence, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all third-party providers.
  • Compliance with the Australian Privacy Principles regarding cross-border disclosure.

11. Data Security

We take the security of your information seriously and implement a range of technical and organisational measures, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256).
  • Secure authentication and access controls.
  • Regular security assessments and vulnerability testing.
  • Employee access to personal data is restricted on a need-to-know basis.
  • Incident response procedures to address any data breach promptly.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Data Retention & Deletion

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Specifically:

  • Active accounts: data is retained for the duration of the account's active use.
  • Inactive accounts: accounts inactive for 24 months may be flagged for deletion, with prior notice to the account holder.
  • Deleted accounts: upon account deletion, personal data is permanently removed within 30 days, except where retention is required by law.
  • Aggregated data: anonymised, aggregated data that cannot identify any individual may be retained indefinitely for research and improvement purposes.

You can delete your account and all associated data at any time through the Parent Portal or by contacting us at hello@koalitytech.com.

13. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you or your child.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request restriction of processing in certain circumstances.
  • Data portability: request a copy of your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at hello@koalitytech.com. We will respond to your request within 30 days (or sooner where required by law). You also have the right to lodge a complaint with your local data protection authority.

Australian Users

Under the Australian Privacy Act 1988, you have the right to access and correct your personal information. If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

EEA & UK Users

You have rights under the GDPR/UK GDPR as outlined above. You may contact your local supervisory authority if you have concerns about how we process your data.

14. Third-Party Links & Services

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you visit. KoalityKids does not share children's personal information with third parties for their own marketing purposes.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page, updating the "Last updated" date at the top, and (where appropriate) sending a notification via email or in-app alert. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For enquiries specifically related to children's data, please include "Children's Privacy" in the subject line so we can prioritise your request.