Privacy Policy

1. What we collect

We collect information you provide directly: your name, email address, center information, and content you create within the platform (parent reports, lesson plans, etc.).

For children enrolled at your center, we collect only first names. We do not store children's last names, dates of birth, addresses, or any other personally identifiable information about minors.

2. How we use your information

We use your information to provide and improve Zomimo, process payments, send product communications, and provide customer support.

We use children's first names solely to personalise the AI-generated content you create. First names are never sold, shared with third parties, or used for any purpose outside of your center's account.

3. AI and data processing

When you generate content using Zomimo's AI features, we send the information you provide (notes, center name, framework, child first names) to our AI provider (Anthropic) to generate the requested output. We do not send full child names, dates of birth, parent contact information, or sensitive medical information to any AI service.

Generated outputs are stored in your account and subject to your data retention settings.

4. COPPA compliance

Zomimo is designed with COPPA compliance in mind. We are not directed at children under 13, and we take special care with children's data:

• We store only first names for children in our system • We never send children's personal information to AI services beyond first names • We never use children's information for advertising • We never sell children's data

5. Data sharing

We do not sell your personal information. We share data only with:

• Service providers who help us operate the platform (Supabase for database hosting, Stripe for payments, Resend for email) • Anthropic for AI generation (limited to what you provide in generation requests) • Legal authorities if required by law

6. Data retention

Your account data is retained while your account is active. Upon cancellation, data is available for 30 days, after which it is permanently deleted.

You can request deletion of your account and all associated data at any time by contacting [email protected].

7. Security

We use industry-standard security measures including TLS encryption for data in transit, encrypted storage, and row-level security on our database. Access to production data is limited to authorised personnel only.

8. Your rights

You have the right to access, correct, or delete your personal information at any time. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Contact

If you have questions about this privacy policy, please contact us at [email protected].