Privacy Policy

Section 01

Who We Are and How to Contact Us

Neodera AI Limited (Company Number: 17016204), registered in England and Wales at 45 Chase Court Gardens, Enfield, England EN2 8DJ, United Kingdom, is the data controller for personal data processed through Miokido.

Data Protection contact: info@neodera.com

Section 02

Data We Collect

2.1 Parent / Account Holder Data

• Full name and email address
• Billing and payment details (processed via our PCI-DSS compliant payment provider; card numbers are never stored by us)
• Country of residence and preferred language
• Account deletion requests and preferences (see Section 9)

2.2 Children's Data

• Child's first name or nickname (parent-chosen)
• Child's age or year group (for story personalisation)
• Story preferences and interests (AI personalisation)
• In-app usage and listening history (pseudonymised)

We do NOT collect: full name, school, photograph, precise location, or biometric data relating to children.

2.3 Technical Data (Automatically Collected)

• Device type, OS, and app version
• IP address (anonymised after 90 days)
• Session logs and in-app behaviour (aggregated/pseudonymised)
• Crash reports and performance diagnostics (retained 30 days)

Section 03

Legal Bases for Processing

Section 04

How We Use Your Data

• Create and manage parent and child profiles
• Generate personalised AI-powered stories tailored to the child's age and preferences
• Provide text-to-speech narration and interactive audio content
• Process subscription payments and manage billing
• Provide customer support
• Maintain platform safety and integrity
• Improve the application through pseudonymised analytics
• Comply with legal obligations including the UK Online Safety Act 2023

Section 05

Children's Privacy — Special Protections (ICO Children's Code)

• Verifiable parental consent is required before any child profile is created
• Children cannot create accounts; all accounts are parent-controlled
• No behavioural advertising directed at children
• No sharing of children's data with third parties for commercial purposes
• Profiling limited to story personalisation with explicit parental consent
• Geolocation is off by default and not used in the child interface
• All children's data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Nudge techniques and dark patterns are prohibited in the child interface

Section 06

Data Sharing and Third Parties

• Payment processors (e.g., Stripe): billing only, under strict DPA terms
• Cloud infrastructure (e.g., AWS/GCP): storage under Data Processing Agreements
• AI service providers: pseudonymised data only; not used for third-party model training
• Analytics providers: aggregated, anonymised data only
• Legal/regulatory authorities: where required by law

We do not sell personal data. We do not share children's data with advertisers or data brokers.

Section 07

International Data Transfers

• UK to EEA: adequacy regulations apply
• UK to non-EEA: UK International Data Transfer Agreements (IDTAs) or equivalent safeguards
• EU to non-EEA: EU Standard Contractual Clauses (SCCs) and Transfer Impact Assessments where required

Our EU Representative ([EU Representative Name & Address — required under EU GDPR Art. 27]) can provide further information on transfer safeguards for EU residents.

Section 08

Data Retention

• Active account data: subscription duration + 12 months
• Children's profile data: deleted within 30 days of account closure or parental request
• Payment records: 7 years (HMRC legal obligation)
• Technical logs: 90 days, then anonymised
• Backup copies: automatically purged within 30 days after primary data deletion is confirmed

Section 09

Account and Data Deletion

You may also request deletion by emailing info@neodera.com. We will confirm deletion in writing within 30 days. Backup copies are purged within a further 30 days. Certain data may be retained where required by law (e.g., payment records).

Section 10

Your Rights

• Right of access (Art. 15) — request a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate data
• Right to erasure (Art. 17) — 'right to be forgotten'
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Rights re automated decision-making (Art. 22)

To exercise any right, contact info@neodera.com. We respond within one calendar month. EU residents may also contact our EU Representative.

Section 11

Cookies

See our separate Tracking and Cookies Notice at www.miokido.com/legal/tracking-cookies-notice.html.

Section 12

Security

• TLS 1.3 encryption in transit; AES-256 at rest
• Regular penetration testing and security audits
• Role-based access controls and need-to-know access to personal data
• 72-hour breach notification to the ICO and affected individuals where required
• Full incident response procedures documented in our Data Breach Response Plan

Section 13

Supervisory Authority

UK residents: Information Commissioner's Office (ICO), www.ico.org.uk, 0303 123 1113.

EU residents: your local data protection authority, or contact our EU Representative.

US residents: Federal Trade Commission (FTC), www.ftc.gov. California residents may also contact the California Privacy Protection Agency (CPPA), www.cppa.ca.gov.

Section 14

Changes to This Policy

Material changes will be notified by email or in-app notice at least 30 days before taking effect.

Section 15

US Residents — COPPA Compliance

15.1 Verifiable Parental Consent

Before collecting any personal information from a child under 13, we obtain verifiable parental consent from a parent or legal guardian as required by COPPA. No child profile may be created without this consent.

15.2 What We Collect from Children (COPPA)

• Child's first name or nickname (parent-chosen)
• Child's age or year group
• Story preferences and interests (AI personalisation)
• In-app usage and listening history (pseudonymised)

We do NOT collect: full name, address, telephone number, Social Security number, photograph, geolocation data, or any other information that would permit contact with the child.

15.3 Parental Rights under COPPA

• Review the personal information collected from your child
• Request deletion of your child's personal information
• Refuse further collection or use of your child's information
• Withdraw consent at any time — contact info@neodera.com

To exercise any of these rights, contact us at info@neodera.com. We will respond within 30 days.

15.4 FTC Contact

For more information about COPPA, visit the US Federal Trade Commission at www.ftc.gov.

Section 16

California Residents — CCPA / CPRA Rights

16.1 Your California Rights

• Right to Know: request disclosure of personal information collected, used, disclosed, or sold about you
• Right to Delete: request deletion of personal information we have collected from you
• Right to Correct: request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing: we do not sell or share personal information for cross-context behavioural advertising
• Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond what is necessary for the service
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights

16.2 Do Not Sell or Share My Personal Information

Neodera AI Limited does not sell personal information and does not share personal information for cross-context behavioural advertising purposes. This applies to children's data in particular.

16.3 Exercising Your California Rights

To submit a verifiable consumer request, contact us at info@neodera.com. We will acknowledge receipt within 10 business days and respond within 45 calendar days (extendable by a further 45 days where necessary).

16.4 Authorised Agent

You may designate an authorised agent to submit requests on your behalf. We may require written proof of the agent's authorisation and verification of your identity.

Contact

Get in Touch