Is PocketPals COPPA compliant?

Yes. PocketPals was built COPPA-compliant from the very first line of code. We do not collect personal information from children under 13 without verifiable parental consent. Parents create the account and consent on behalf of the child during onboarding.

What data does PocketPals collect from my child?

We collect only what is needed to run the service: first name, age range (not exact birthdate), and text transcripts of conversations. We do NOT collect location, real name, phone number, photos, or any behavioral advertising data. Voice audio is processed in real time and not stored.

How do I request deletion of my child's data?

Email coppa@pocketpals.app with subject line 'Data Deletion Request' and your account email. We will delete all data associated with your child's account within 30 days and confirm by email.

COPPA Compliance Notice

What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that protects the privacy of children under 13. It requires operators of websites and apps directed to children to obtain verifiable parental consent before collecting personal information from children.

PocketPals is an app designed for children ages 3–12. We take COPPA seriously — not as a compliance checkbox, but as a core design principle. Children's privacy is baked into every feature we build.

How PocketPals Complies with COPPA

The parent (not the child) creates the account and provides consent
Children cannot create accounts independently
No personal information is collected from children without parental consent
Parents have full visibility into all conversations and activity via the dashboard
Parental consent can be withdrawn at any time, triggering data deletion
All child data is accessible for review, correction, and deletion upon request

What We Do NOT Collect from Children

Identity

Full name
Exact birthdate
Photo or video
Physical address

Contact

Phone number
Email address
Social media handles
School name

Behavioral

Location data
Behavioral ad profiles
Cross-app tracking data
Stored voice audio

We collect only: first name, age range (3–4, 5–7, or 8–12), conversation transcripts (text only), and learning progress. Voice audio is processed in real time and never stored.

Subprocessors — Who We Share Data With

PocketPals is built by NuStack Digital Ventures LLC (Wyoming). To operate the service, your child's data passes through the following subprocessors. Each has a signed Data Processing Agreement (DPA) with us requiring COPPA-compliant handling:

Subprocessor	Purpose	Child Data
Anthropic, PBC	Buddy LLM responses (Claude)	Yes — conversation text. Does not train on PocketPals data.
OpenAI, LLC	Speech-to-text (Whisper STT)	Yes — voice audio chunks, immediately discarded post-transcription
ElevenLabs, Inc.	Buddy voice synthesis (TTS)	Indirect — Buddy reply text only, no child voice input
Supabase, Inc.	Database + storage (us-east-1)	Yes — profiles, transcripts, memory facts
Vercel, Inc.	Application hosting, edge compute	In transit only
Stripe, Inc.	Web pathway parent payment + COPPA verification	No child data — parent billing only
RevenueCat, Inc.	Native pathway subscription management	No child data — parent subscription only
Apple Inc.	iOS in-app billing	No child data — parent App Store account only
Google LLC	Android in-app billing	No child data — parent Play Store account only
Resend	Transactional email (parents)	Indirect — parent email + child first name in digest only
PostHog Inc.	Product analytics	Yes — UUID + event names only. Never first names or transcripts.
Sentry, Inc.	Error monitoring	Indirect — scrubbed payloads only, no child PII
Clerk, Inc.	Operator surface authentication	No child data at launch — ops surface only
Inngest, Inc.	Background job processing	Yes — UUIDs and operation types only
Doppler, Inc.	Secrets management	No user data
Cloudflare, Inc.	DNS, edge security	In transit only

AI Safeguards (Anthropic)

PocketPals uses Anthropic's Claude model to power Buddy's responses. The following safeguards are in place per our agreement with Anthropic:

Age verification — the system prompt is calibrated to the child's declared age band (3–4, 5–7, or 8–12)
Content filtering — Buddy's responses are constrained to age-appropriate language and topics; sensitive topics trigger safety deflection
Monitoring systems — all conversations are available for parental review via the dashboard; flagged content triggers parent notification
AI disclosure — children are informed they are speaking with an AI character, not a human

Data Retention

Voice transcripts are retained for 90 days, then converted to summaries. Summaries are retained while the account is active plus 30 days. Moderation and safety events are retained for 24 months. Parental consent records are retained for 7 years. Audit logs are retained indefinitely. Upon account deletion, all child data is deleted within 30 days and you will receive a confirmation email with a deletion certificate ID.

Your Rights as a Parent

Review all personal information collected about your child
Correct inaccurate information about your child
Request complete deletion of your child's data
Withdraw consent at any time without penalty
Refuse further collection while retaining access to the service (free tier)

How to Exercise Your Rights

You can exercise any of the rights above by:

Using Parent Settings in the PocketPals app (PIN-protected)
Emailing coppa@pocketpals.app — we respond within 30 days

We will confirm the action by email and complete it within 30 days of receiving your request.

Data Deletion Requests

To request deletion of all data associated with your child's account:

Request Data Deletion →

Include your account email in the message. We will complete deletion within 14 days and send a confirmation email with a deletion certificate ID. What is preserved: parental consent records (7-year legal hold) and anonymized aggregate statistics (no child PII). What is deleted: all transcripts, summaries, memory facts, child profile, and usage data.

Questions about our COPPA compliance?

coppa@pocketpals.app

Read our full Privacy Policy →

NuStack Digital Ventures LLC · Wyoming · We respond within 30 days.

COPPA Compliance Notice v3 — 2026-04-25 · NuStack Digital Ventures LLC · Wyoming