back to home

Privacy Policy

Effective May 14, 2026

👋 For kids

Pixelkids helps you learn and make things with AI. Your parent or guardian creates your account. We use information like your display name, age, interests, chats, and projects so Pixelkids can work and remember your learning.

Do not type your full name, address, school, phone number, passwords, private photos, or secrets into Pixelkids.

Your profile is private by default. We do not sell your information. We do not use your information for ads. Your parent can see, change, export, or delete your information.

AI can make mistakes, so ask a parent or trusted adult before relying on important answers.

Parent summary

Pixelkids is an AI learning and creation product for children. A parent or legal guardian must create the account and consent to each child profile.

We collect parent account data, child profile data, child chats/prompts, generated content, AI memory notes, safety and usage information, and technical/security data. We use this data to provide Pixelkids, personalise the child's learning experience, support parent controls, maintain safety, secure the service, process billing, and comply with law.

We do not sell Child Data. We do not use Child Data for targeted advertising. We do not make child profiles public by default. We do not request identifiable photos of real children, precise location, phone numbers, home addresses, school records, or government identity documents for normal use.

1. Who we are

Pixelkids operates the Pixelkids AI learning product. For privacy purposes, Pixelkids is generally the organisation/controller responsible for personal data collected through the parent account, child profiles, website, and product.

If we later provide Pixelkids through schools or institutions under a separate school agreement, different controller/processor terms may apply.

2. Scope

This Privacy Policy applies to:

  • the Pixelkids website;
  • the Pixelkids app/product;
  • parent accounts;
  • child profiles;
  • AI coach conversations;
  • generated content tools;
  • parent dashboards;
  • emails and support interactions; and
  • related services.

Third-party websites, app stores, payment processors, and vendors may have their own privacy policies, which apply to your interactions with those services.

3. Important definitions

Parent means the parent or legal guardian account holder.

Child means a user under 18 using a child profile.

Child Data means personal data about a child, including profile data, chats, prompts, generated content, activity data, memory notes, safety flags, and related technical data.

User Content means prompts, chats, generated assets, uploads, projects, game code, images, video, music, documents, and related content created or submitted through Pixelkids.

Personal data means information that identifies or can reasonably identify an individual.

4. Parent accounts and parental consent

A parent or legal guardian must create the Pixelkids account and authorise each child profile.

When you create a child profile, you consent to Pixelkids collecting, using, disclosing, transferring, and storing Child Data as described in this Privacy Policy.

For jurisdictions that require verified parental consent — including the United States for children under 13 — we may use additional verification methods. These may include email verification, payment card verification, signed consent forms, video confirmation, identity verification, or other legally permitted methods.

We keep records of parental consent, including account details, date and time, consent version, country, verification method, and relevant technical logs.

If we learn that a child profile was created without valid parent or guardian consent, we may suspend or delete the child profile and associated Child Data.

5. Data we collect

5.1 Data from the parent

We may collect:

  • name;
  • email address;
  • country / region;
  • login / authentication information handled by our authentication provider;
  • subscription plan and billing status;
  • payment information handled by our payment processor (we do not store full card numbers ourselves);
  • marketing preferences;
  • how you heard about Pixelkids;
  • parent dashboard settings;
  • consent records;
  • support messages and attachments;
  • deletion / export / correction requests; and
  • communications with us.

We do not intentionally collect child phone numbers or home addresses for normal product use.

5.2 Data about the child profile

We may collect:

  • display name or nickname;
  • age or age range;
  • child profile settings;
  • 4-digit child passcode stored as a one-way hash;
  • pronouns, interests, goals, and learning preferences if provided;
  • onboarding answers;
  • parent-selected safety settings;
  • progress or activity information; and
  • profile metadata needed to operate Pixelkids.

Parents should not enter a child's full legal name unless necessary.

5.3 Child chats, prompts, generated content, and projects

We collect and store:

  • AI coach messages;
  • child prompts and questions;
  • generated images, videos, code, music, games, documents, or other outputs;
  • revisions and project history;
  • files or text the child submits;
  • safety classifications and moderation decisions; and
  • technical metadata needed to resume sessions and sync across devices.

Pixelkids may process User Content through AI model providers to generate responses and outputs.

5.4 AI memory

Pixelkids may create short memory notes to help the AI coach provide a more continuous learning experience. Examples include “likes dinosaurs,” “is learning loops,” or “prefers step-by-step hints.”

AI memory is used only within the relevant child profile unless we disclose otherwise and obtain required consent.

Parents can view and delete AI memory items from the dashboard or by contacting us.

AI memory is not used for targeted advertising, sale of data, credit decisions, eligibility decisions, or decisions with legal or similarly significant effects.

5.5 Safety data

We may collect safety-related data, including:

  • blocked prompts;
  • moderation results;
  • safety flags;
  • parent alerts;
  • suspected policy violations;
  • abuse-prevention signals;
  • account suspension records; and
  • reports or escalations.

We use safety data to protect children, enforce rules, improve safety systems, notify parents, comply with law, and respond to serious harm.

5.6 Technical and automatic data

We may collect:

  • IP address;
  • device type;
  • browser type;
  • operating system;
  • session identifiers;
  • authentication logs;
  • server logs and error logs;
  • API endpoint usage;
  • approximate location inferred from IP address (country or region);
  • security events and rate-limit information;
  • cookie / session data; and
  • performance data.

We do not collect GPS or precise geolocation for normal use.

5.7 Marketing website and forms

If you use our marketing website, waitlist, beta form, survey, or support form, we may collect the information you submit, such as name, email address, parent status, child age range, feedback, and preferences.

Marketing analytics are not used inside the child product. Inside the child product we only use cookies and storage necessary for login, safety, security, and product functionality.

6. Data we do not intentionally collect from children

For normal Pixelkids use, we do not intentionally collect:

  • home address;
  • phone number;
  • precise GPS location;
  • school records or grades;
  • government identity numbers;
  • payment card details from children;
  • biometric identifiers;
  • real child photos or videos;
  • health records;
  • private messages with other children;
  • advertising identifiers for targeted advertising; or
  • data for sale or cross-context behavioural advertising.

Children and parents should not submit these categories unless we specifically request them for a lawful, disclosed, and necessary purpose.

If a child enters sensitive information into a chat, prompt, or project, we may process it to provide the service, moderate safety, respond to the parent, comply with law, or delete it.

7. How we use data

We use personal data to:

  • create and manage parent accounts;
  • verify parent consent;
  • create and manage child profiles;
  • provide the AI coach and creative tools;
  • save chats, projects, generated assets, and progress;
  • personalise the child's learning experience;
  • maintain AI memory for the child profile;
  • provide parent dashboards, exports, deletion tools, and activity summaries;
  • send account, security, billing, safety, and product notices;
  • process subscriptions and payments;
  • provide customer support;
  • detect, prevent, and respond to abuse, unsafe content, fraud, and security issues;
  • comply with legal obligations;
  • enforce our Terms;
  • debug, secure, and improve Pixelkids;
  • analyse aggregate usage trends; and
  • send parent marketing emails only where allowed and with opt-out rights.

We do not use Child Data for targeted advertising. We do not sell Child Data.

8. AI processing

Pixelkids uses AI providers to process prompts, chats, context, profile settings, and generated content as needed to provide AI coaching and creative features.

Depending on the feature, data may be sent to providers for:

  • text coaching;
  • code generation;
  • image generation;
  • video generation;
  • text-to-speech;
  • moderation; and
  • safety classification.

We require AI providers that process Child Data for us to process it only for authorised service purposes, protect it appropriately, and not use it for targeted advertising or general model training, unless we clearly disclose otherwise and obtain any required consent.

Pixelkids does not use Child Data to train general-purpose foundation models.

We may use aggregated or de-identified information to understand product performance, safety trends, feature usage, and reliability, provided it does not identify a child.

9. Vendors and service providers

Pixelkids uses service providers to operate the product. Current providers and the data each one processes:

  • Clerk — authentication and account login. Handles parent email, authentication metadata, and password / OAuth data.
  • Supabase (Singapore region) — database for parent profiles, child profiles, chat metadata, memory, settings, and content metadata.
  • Vercel — hosting and asset storage for the website / app and generated assets, plus operational logs.
  • Anthropic — AI coach / text model inference. Receives prompts, messages, and the context needed for AI responses.
  • Google (Gemini / Imagen) — image generation and tutor illustrations. Receives prompts, generation requests, and outputs.
  • BytePlus (Seedance) — video generation. Receives prompts and generation requests; returns video outputs.
  • ElevenLabs — text-to-speech (paid voices). Receives text to be converted into speech.
  • OpenAI — gpt-4o-mini-tts text-to-speech (the default tutor voice). Receives text to be converted into speech.
  • Replicate — pixel-art sprite generation for the world-engine feature.
  • Resend — transactional email (account notifications, billing receipts, safety alerts, activity digests). Processes the email address and message contents at send time only.
  • ImprovMX — inbound email forwarding for our @pixelkids.co addresses, so support / contact emails reach our team.
  • Tally— the beta-signup form embedded on our marketing pages, and the in-product feedback button available to logged-in parents / kids. Tally collects the form fields you submit (free-text message, optional email, and an advisory "source" tag indicating which page the feedback came from). No persistent identifiers (kid ID, parent ID, Clerk user ID) are attached.
  • Stripe — subscription billing. Receives payment information directly from your browser; we never see your full card number.
  • Sentry — error tracking. Receives error messages, stack traces, and minimal context to help us debug crashes.

Each of these vendors has its own privacy policy. We have signed data processing agreements (or equivalent contractual terms) where applicable. None of these vendors trains AI models on your kid's data.

We may update our provider list from time to time. We remain responsible for using appropriate vendors and contractual safeguards.

10. When we disclose data

We may disclose personal data:

  • to service providers that help operate Pixelkids;
  • to AI providers that provide model inference or generation features;
  • to payment processors for billing;
  • to email providers for account, billing, safety, and product messages;
  • to hosting and database providers;
  • to professional advisers (lawyers, accountants, auditors, insurers);
  • to regulators, law enforcement, courts, child-safety organisations, or authorities where required or appropriate;
  • to protect a child, parent, user, Pixelkids, or the public;
  • in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards; and
  • with your consent or at your direction.

We do not disclose Child Data to third parties for targeted advertising.

We do not make child profiles public by default.

11. Parent controls and rights

Parents can request to:

  • view Child Data;
  • access child profile information;
  • view AI memory items;
  • correct inaccurate data;
  • delete AI memory items;
  • delete generated content;
  • delete a child profile;
  • export data;
  • withdraw consent;
  • close the parent account;
  • unsubscribe from marketing emails; and
  • ask questions or complain about privacy practices.

Some data may need to be retained where required by law, for security, billing, fraud prevention, dispute resolution, or child-safety reasons.

We may need to verify that the requester is the parent or legal guardian before acting on a request.

12. Children's rights

Where children have their own privacy rights under applicable law, we will support those rights in a child-appropriate way and, where appropriate, involve the parent or legal guardian.

For younger children, parent requests will usually be handled through the parent account.

For older children in jurisdictions where they have independent rights, we may respond directly or involve the parent depending on law, maturity, safety, and the type of request.

13. US COPPA parent notice

This section applies where the US Children's Online Privacy Protection Act (COPPA) applies to a child under 13 in the United States.

Pixelkids collects personal information from children only with parent consent, except for limited information permitted by COPPA to provide notice, obtain consent, support internal operations, protect safety, or comply with law.

We may collect the following from or about a child:

  • display name or nickname;
  • age;
  • profile settings;
  • interests and learning preferences;
  • chats, prompts, and AI interactions;
  • generated content and projects;
  • AI memory notes;
  • safety and moderation data;
  • usage and progress data;
  • device, IP, logs, and security data; and
  • parent-provided child information.

We use this data to provide Pixelkids, personalise learning, maintain safety, save progress, provide parent controls, and operate the service.

We disclose child personal information only to service providers, AI providers, hosting providers, security providers, email providers, and other vendors that help us operate Pixelkids, or where required for safety or law.

Parents may review, delete, or refuse further collection or use of their child's personal information by using the dashboard or contacting privacy@pixelkids.co.

If you do not provide required consent within a reasonable time, we will delete the parent / child contact information collected for consent purposes unless retention is legally required.

14. EEA / UK privacy rights and legal bases

Where the EU General Data Protection Regulation (GDPR) or UK GDPR applies, our legal bases for processing may include:

  • Parent account, subscription, support: contract with parent.
  • Child profile and AI service: parent consent, contract with parent, legitimate interests, or other lawful basis depending on jurisdiction and feature.
  • Safety monitoring and abuse prevention: legitimate interests, vital interests, legal obligation.
  • Billing and tax: contract, legal obligation.
  • Security logs: legitimate interests, legal obligation.
  • Marketing to parents: consent or legitimate interests where allowed, with opt-out.
  • Legal compliance: legal obligation.
  • Optional features: consent where required.

EEA / UK users may have rights to access, correct, delete, restrict, object, port data, withdraw consent, and complain to a supervisory authority.

If we actively offer Pixelkids to EEA / UK children, we will assess whether we need an EU / UK representative, DPO arrangements, data transfer safeguards, and additional country-specific notices.

15. California notice

We do not sell Child Data.

We do not share Child Data for cross-context behavioural advertising.

California residents may have rights to know, access, delete, correct, opt out of sale / share, limit certain sensitive personal information uses, and not be discriminated against for exercising rights.

Parents or authorised agents may contact privacy@pixelkids.co to exercise rights. We may verify identity and authority before responding.

16. Singapore PDPA rights

Singapore users may request access to and correction of personal data, ask questions, make complaints, or withdraw consent by contacting our Data Protection Officer at privacy@pixelkids.co.

If consent is withdrawn for data needed to provide Pixelkids, we may need to delete the relevant child profile or stop providing affected features.

We will respond to requests in accordance with applicable law.

17. Australia, Canada, and other regions

Where local law gives additional privacy rights, we will honour those rights.

For Australia, we are monitoring the Children's Online Privacy Code and will update practices as needed.

For Canada, we aim to use meaningful consent, child-appropriate explanations, and data minimisation.

For Québec, we require parent / legal guardian consent for child profiles and use high privacy defaults.

18. Cookies and analytics

Pixelkids may use cookies, local storage, and similar technologies for:

  • login;
  • session security;
  • preferences;
  • fraud prevention;
  • performance;
  • debugging;
  • analytics; and
  • consent management.

The child product uses only necessary and privacy-protective analytics. We do not use child-product cookies for targeted advertising.

Marketing pages may use analytics or advertising cookies only where disclosed and legally permitted. If we use such tools, we will provide appropriate cookie notices and controls.

19. Marketing

We may send product, onboarding, account, safety, billing, and service emails to parents.

We may send marketing emails to parents only where allowed by law and with an unsubscribe option.

We do not send marketing emails to children.

We do not use Child Data for parent marketing segmentation beyond product-related safety, onboarding, account, or usage communications.

20. International transfers

Pixelkids is based in Singapore. Our vendors may process personal data in Singapore, the United States, the European Economic Area, the United Kingdom, or other countries.

Where we transfer personal data internationally, we use appropriate safeguards, which may include contractual protections, data processing agreements, standard contractual clauses, transfer impact assessments, vendor security reviews, and other lawful mechanisms. Singapore's PDPA Transfer Limitation Obligation requires comparable protection by overseas recipients, and our vendor agreements are designed to meet that standard.

21. Security

We use administrative, technical, and organisational safeguards designed to protect personal data, especially Child Data. These include:

  • access controls and least-privilege permissions;
  • admin multi-factor authentication;
  • encryption in transit;
  • encryption at rest where supported;
  • logging and monitoring;
  • vendor security review;
  • password / passcode protections;
  • backup and recovery controls;
  • vulnerability management;
  • incident response procedures; and
  • staff / contractor confidentiality obligations.

No system is perfectly secure. Parents should use strong passwords and keep account credentials private.

22. Data retention

We keep personal data only as long as reasonably needed for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Our retention schedule:

  • Parent account data: while the account is active, then deleted or anonymised within 30 days after account deletion, unless retained for legal / security / billing reasons.
  • Child profile data: while the child profile is active, then deleted or anonymised within 30 days after deletion.
  • Chats, prompts, generated assets: until parent deletes them, the child profile is deleted, or the account is deleted, subject to backups and legal exceptions.
  • AI memory: until parent deletes the memory item, child profile is deleted, or memory is no longer needed.
  • Safety flags: as long as needed for child safety, legal compliance, dispute resolution, and abuse prevention.
  • Consent records: as long as needed to demonstrate consent and comply with law.
  • Billing records: as required by tax, accounting, and legal obligations.
  • Security logs:usually 12–24 months unless needed longer for investigation or security.
  • Backups: deleted or overwritten on a rolling schedule, usually within 90 days.

23. Account and child profile deletion

Parents may delete a child profile or account through the dashboard or by contacting us.

Deletion is intended to be irreversible once completed.

We may retain limited information where needed to:

  • comply with law;
  • resolve disputes;
  • enforce Terms;
  • prevent fraud or abuse;
  • protect child safety;
  • maintain security; or
  • keep billing / tax records.

24. Data breach notice

If we identify a data breach involving personal data, we will investigate and respond according to our incident-response process. Singapore PDPA generally requires notification of notifiable breaches to the PDPC within 3 calendar days.

Where required by law, we will notify regulators, affected individuals, and / or parents / legal guardians.

If a breach affects Child Data and we have parent contact details, we will generally notify the parent or legal guardian where notification is required or appropriate.

25. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

For material changes, we will provide reasonable notice, such as email, dashboard notice, or in-product notice. If required by law, we will obtain new consent.

Continued use after the effective date means the updated policy applies.

26. Contact

Privacy questions, access requests, deletion requests, complaints, or consent withdrawal:
privacy@pixelkids.co

General contact:
hello@pixelkids.co

Company: Pixelkids, Singapore.

General questions: hello@pixelkids.co · Privacy: privacy@pixelkids.co