Privacy Policy

1. Scope

This Privacy Policy describes how we collect, use, disclose, and protect personal information when families use Daniel's Diaries websites, apps, and related services (collectively, the "Service").

2. Information We Collect

a. Information provided by a parent or guardian

• Account details (name, email address, password, authentication identifiers)
• Billing and subscription details (plan, transaction metadata, payment status)
• Communications (support requests, feedback, survey responses)

b. Child profile information (entered by a parent/guardian)

• Child first name or nickname, age/date of birth, and progress/activity data within modules
• Responses and reflection data used to personalize educational experiences

c. Automatically collected information

• Device/browser details, IP address, general geolocation derived from IP, and app/site usage logs
• Security logs, diagnostics, and fraud-prevention signals

3. How We Use Information

• Provide, maintain, and improve the Service and child learning experience
• Create and manage accounts, subscriptions, and customer support workflows
• Process payments through third-party payment processors
• Monitor safety, prevent abuse, and protect platform integrity
• Comply with legal obligations and enforce our Terms of Service
• Send service-related communications (e.g., account, billing, legal, and security notices)

4. Legal Bases (Where Required)

Where applicable law requires a legal basis, we process personal information on one or more of the following bases:

• Performance of a contract (providing the Service you requested)
• Legitimate interests (security, product improvement, fraud prevention)
• Consent (where obtained and required)
• Legal obligations (tax, accounting, regulatory compliance, law enforcement requests)

5. Children's Privacy and Parental Control

We design the Service for parent-managed family use. A parent or legal guardian is expected to create and control child profiles and consent to data processing. Parents can request access, correction, or deletion of child profile information by contacting us.

We do not knowingly allow children to create unmanaged standalone accounts. If you believe a child has provided personal information without appropriate consent, contact us so we can investigate and take appropriate action.

6. How We Share Information

We do not sell personal information for money. We may share information:

• With service providers that help operate the Service (hosting, payments, analytics, customer support, security)
• With professional advisors (auditors, lawyers, insurers) when necessary
• In connection with a merger, acquisition, financing, or sale of assets
• To comply with law, enforce rights, or protect users and the public
• With your consent or at your direction

7. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including account servicing, legal compliance, dispute resolution, enforcement of agreements, and safety/security monitoring. Retention periods may vary by data type and legal requirements.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

9. International Data Transfers

Your information may be processed in countries other than your own. We use the following third-party service providers, some of which are located outside Australia:

• Supabase (database hosting, authentication) — hosted on Amazon Web Services (AWS). Data may be stored in the United States or other AWS regions. Supabase maintains SOC 2 Type II compliance.
• Stripe (payment processing) — United States. Stripe is PCI-DSS Level 1 certified. We do not store payment card details; Stripe processes and stores all card data.
• Mailchimp / Intuit (email communications, only if you opt in at signup) — United States. Used solely for sending product updates and educational tips.
• Anthropic (AI-assisted educational content generation via Claude API) — United States. No child-identifying information (names, dates of birth, or personal data) is sent to this service. Only educational content parameters (age range, topic, skill category) are transmitted.

Where data is transferred outside Australia, we take reasonable steps to ensure it is protected in accordance with the Australian Privacy Principles, including through contractual obligations with our service providers.

10. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port personal information, and to object to or restrict certain processing. You may also have rights related to targeted advertising, sale/sharing definitions under local law, and non-discrimination for exercising privacy rights.

To submit a request, contact us at privacy@danielsdiaries.com. We may verify your identity and authority before completing requests.

11. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies for authentication, preferences, analytics, and security. You can manage cookie settings through your browser, though some features may not function properly if certain technologies are disabled.

12. Third-Party Links and Services

The Service may contain links to third-party sites or tools. We are not responsible for third-party privacy practices. Review third-party privacy notices before providing personal information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised version with an updated effective date and provide additional notice where legally required.

14. Australian Privacy Law

Daniel's Diaries operates under the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs).

Your rights under the APPs

• Access (APP 12): You may request access to the personal information we hold about you or your child. You can download your data from your profile, or contact us for assistance.
• Correction (APP 13): You may request correction of any personal information that is inaccurate, out of date, incomplete, or misleading.
• Deletion: You may request deletion of your account and all associated data at any time via your profile settings or by contacting us.

Children's information

We recognise that children may lack the capacity to provide informed consent. All child profiles are created and managed by a parent or legal guardian, and we rely on parental consent for the collection and use of children's personal information in accordance with APP 3.

Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us at privacy@danielsdiaries.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.

15. Contact Us

For privacy questions or requests, contact: privacy@danielsdiaries.com.