PRIVACY POLICY – KIDZZZ
Data Controller: ZAZABEE OÜ
Version 1.0 – Last Updated: December 1, 2025
This Privacy Policy explains how Zazabee OÜ, a company registered in Estonia, collects, uses, stores, shares, and protects personal data of users of the Kidzzz application, including both the Parent/Guardian version and the Child/Dependent version.
By using Kidzzz, you confirm that you have read and understood this Privacy Policy.


 
1. WHO WE ARE
Zazabee OÜ is the data controller responsible for processing personal data related to the use of the Kidzzz application.
Data Controller:
Zazabee OÜ
Address: Harju County, Tallinn, Lasnamäe District, Sepapaja Street No. 6, Postal Code 15551, Estonia
Privacy contact (DPO): support@kidzzz.io
 
2. IMPORTANT DEFINITIONS

• Parent/Guardian User – the legal guardian who installs and manages Kidzzz.

• Child/Dependent User – the minor whose device is monitored.

• Personal Data – any information that identifies or can identify an individual.

• Sensitive Data – location data, biometric data, voice, photos, videos, and similar information.

• Processing – any operation performed on data, such as collection, storage, analysis, or transmission.

• Platform – the Kidzzz applications, APIs, servers, and related services.

 
3. DATA WE COLLECT
We collect only the data strictly necessary for the safe and effective operation of Kidzzz.
Data is categorized according to international best practices.
 
3.1. Data Provided by the Parent/Guardian

• Name

• Email address

• Phone number

• Login credentials

• Usage preferences

• Confirmation of legal responsibility for the minor

 
3.2. Data from the Child/Dependent
Collected solely for legitimate parental control purposes, with the consent of the Parent/Guardian:

• Real-time and historical location data

• App usage statistics

• List of installed applications

• Indicators of potentially inappropriate content identified by AI

• Incoming and outgoing call metadata (phone numbers only, no call recordings)

• Photos, videos, or audio captured at the request of the Parent/Guardian (if the feature is enabled)

• Device navigation and usage events

• Granted permissions
   

⚠ Artificial Intelligence does not make decisions; it only generates alerts and may produce false positives.
⚠ These indicators are informational only and do not constitute definitive or conclusive analysis.

Audio or environmental sound capture, when enabled, operates exclusively as a one-way monitoring feature initiated by the Parent/Guardian.
The Child/Dependent cannot communicate with other users through audio, voice messages, or calls within the application.
This feature does not constitute user-to-user communication or social interaction.

 
3.3. Technical Device Data

• Device model and manufacturer

• Operating system and version

• Battery status, storage, and connectivity

• IP address, country, and language

• Internal identifiers generated by the application

 
3.4. Payment Data (Premium Version)
Collected and processed by external payment providers (Google, Apple, or authorized payment partners):

• Cardholder name

• Partial and tokenized card information

• Billing history

• Country and currency

We never store full credit card details.
 
3.5. Usage and Telemetry Data

• Pages and features accessed

• Time spent using the application

• Error events and diagnostic logs

• Operational logs

• Anonymized data for internal statistics and performance analysis

 
4. PURPOSES OF DATA PROCESSING
We process personal data to:

• ✔ Provide the contracted services

• ✔ Synchronize devices, display location data, block apps, and send alerts

• ✔ Fulfill child safety and parental monitoring purposes

• ✔ Validate the identity of the Parent/Guardian

• ✔ Generate reports and insights for parents

• ✔ Improve the application (R&D, AI, analytics, performance)

• ✔ Comply with legal and regulatory obligations

• ✔ Process payments and subscriptions

• ✔ Send important communications, alerts, and service-related messages

 
5. LEGAL BASES FOR PROCESSING
Personal data is processed based on:

• Consent of the Parent/Guardian (minors) – in accordance with COPPA, LGPD, and GDPR

• Performance of a contract (use of the application)

• Legitimate interests (security, service improvement, fraud prevention)

• Compliance with legal obligations (court orders, investigations)

 
6. CHILDREN’S DATA AND PARENTAL CONSENT
This is a legal requirement and a Google Play policy requirement.
Kidzzz:

• may only be configured by a responsible adult;

• requires the Parent/Guardian to declare legal responsibility for the child;

• does not allow monitoring of third parties without legal authorization;

• processes children’s data exclusively for parental protection and supervision;

applies enhanced security measures to sensitive data.

We do not collect or process any personal data from children without verifiable parental consent.Such consent is obtained during the Parent/Guardian account creation and device pairing process, where the adult explicitly confirms legal responsibility and authorizes data processing for parental control purposes.
 
If misuse is suspected, the account may be immediately suspended.
 
Kidzzz is not a service directed to children as end users.
The application is designed exclusively for use by Parents or Legal Guardians, who configure, manage, and control the service on behalf of their children.
Children do not create accounts, accept terms, or interact independently with the platform.

 
7. DEVICE PERMISSIONS (Android and iOS)
Kidzzz requests permissions only when necessary for functionality, including:

• Location access (including background access)

• Installed applications list

• Notification access

• Screen overlay permissions (usage control)

• Microphone (for enabled features only)

• Camera (QR code pairing and validation)

• Photos and media access (content analysis features)

• Call metadata (incoming/outgoing calls)

• Auto-start permissions

• Device data access

Each permission is used exclusively for its declared purpose.
 
8. DATA SHARING
We share data only with essential partners:

• ✔ Infrastructure providers (AWS, Google Cloud, and similar)

• ✔ Payment platforms (Google Play, Apple, Stripe, acquiring institutions)

• ✔ Mapping and location services

• ✔ Technical support providers, when requested by the user

• ✔ Legal authorities, only when required by law

• ✔ Analytics partners, using anonymized data

We do not sell user data.
 
9. INTERNATIONAL DATA TRANSFERS
As an Estonian company operating a global platform, personal data may be processed in:

• Estonia

• Brazil

• United States

• Other countries where cloud service providers operate

All international transfers comply with GDPR, LGPD, and international security standards.
We apply encryption and data minimization whenever possible.
When required, we use EU-approved Standard Contractual Clauses (SCCs).
 
10. INFORMATION SECURITY
We implement modern security measures, including:

• Encryption at rest and in transit

• Restricted access controls

• Security monitoring and logging

• Data anonymization where applicable

• Firewalls, IAM policies, backups, and redundancy

• Continuous security testing and updates

Despite best practices, no system is completely secure.

Access to children’s data is strictly limited to the authorized Parent/Guardian associated with the account.

 
11. DATA RETENTION AND DELETION
We retain personal data:

• for as long as necessary to provide the services;

• while the account remains active;

• for legally required periods, when applicable.

Users may request:

• Access to their personal data

• Correction of incomplete or inaccurate data

• Deletion of personal data, where legally permitted

• Anonymization of unnecessary or excessive data

• Data portability, when technically feasible

• Information about data sharing with third parties

• Withdrawal of consent

• Clarification regarding AI usage

Data related to the Parent/Guardian account and the child’s device may be permanently deleted, except where legal obligations or lawful authority requests require retention.
Portability will be provided in a secure and interoperable format whenever technically possible.
Requests may be sent to: support@kidzzz.io
 
Withdrawal of Parental Consent
Parents or Guardians may revoke their consent at any time by:
(a) removing the child device from the Parent account;
(b) uninstalling the application from the child device; or
(c) contacting our support team at support@kidzzz.io.

Upon revocation, data collection from the child device will cease immediately.
Associated personal data will be deleted or anonymized within a reasonable timeframe, unless retention is required by law.
 

To delete your account

To request deletion of your account and all personal data associated with it, users can use the account deletion feature available in the app. If access to the app is not available, users may submit a deletion request via the account deletion form provided on our website (kidzzz.io). After email verification, the account and personal data will be deleted within up to 30 days, except where retention is required by law.
 

This deletion includes all personal data associated with that account, including family members and linked devices.
 

We will retain certain personal data if required by law (for example, for tax, legal compliance, or fraud prevention), and such retention may extend beyond the deletion of an account.

12. COOKIES AND SIMILAR TECHNOLOGIES
On our website, we use cookies to:

• maintain active login sessions

• remember user preferences

• improve performance

• measure internal metrics

• personalize the user experience

Third-party cookies may be used for analytics (e.g., Google, Meta).
In the mobile application, we do not use cookies.
Instead, we rely on equivalent technologies such as secure storage, tokens, and device identifiers.
For more information, please review our Cookie Policy at:
kidzzz.io/privacy-policy
 
13. USER RIGHTS (LGPD / GDPR)
Data subjects have the right to:

• confirm whether processing is occurring;

• access their personal data;

• correct incomplete or outdated information;

• request deletion where legally permitted;

• withdraw consent;

• request data portability, when technically feasible;

• obtain information about data sharing with third parties.

Automated Decision-Making
Kidzzz does not perform solely automated decisions that produce legal or significant effects.
AI-generated insights and alerts are informational only and require analysis and action by the Parent/Guardian.
Parents and guardians always retain full control and final authority over actions taken on the monitored device.
 
14. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically.
The current version will always be available on the app and/or website.
Continued use after updates constitutes acceptance of the revised Policy.
 
15. DATA CONTROLLER CONTACT
If you have questions, requests, or complaints, contact us at:
📧 support@kidzzz.io
Data Controller: Zazabee OÜ