What ages is CalmKids Academy for?

Children ages 2 through 8. Content is tiered by developmental stage and covers phonics, early math, mindfulness, and social-emotional learning.

Is CalmKids Academy really ad-free?

Yes. No banner ads, no video pre-rolls, no sponsored content, no affiliate links, no upsells shown to the child. Only the parent dashboard ever mentions the subscription.

Is CalmKids Academy COPPA-compliant?

Yes. CalmKids Academy collects no personally identifiable information on children, no behavioral tracking, no device fingerprinting, and no third-party analytics on child-facing screens.

How long are the daily sessions?

Sessions are 15 minutes by default and auto-end when the timer runs out. Parents can extend in 5-minute increments from the dashboard.

What is included in the Lifetime plan?

The $199 Lifetime plan is a one-time payment that includes all current and future content, up to 4 child profiles, and a 30-day money-back guarantee.

Privacy Policy

Last updated: April 26, 2026

COPPA Operator Notice — for parents of children ages 2–8

CalmKids Academy is operated for children ages 2–8 and is fully subject to the Children's Online Privacy Protection Act (COPPA, 16 CFR Part 312). This policy is the direct notice and online notice required by §312.4(d). Read sections 4–8 for the child-specific disclosures.

Operator: No Ad Apps · noadappsutah.com · Utah, USA. Contact for all parental-rights requests: hello@noadappsutah.com.

1. Who is this policy for

This policy describes how CalmKids Academy handles information from parents who hold the account, and from children ages 2–8 who use the app under that account. The two are treated very differently — see sections 2 (parents) and 4–8 (children).

2. Information we collect from parents

When a parent creates an account, we collect: email address, full name, hashed password (we never see the plain password), Stripe customer ID, subscription plan and status, and standard request metadata (IP-derived country, user agent) for fraud prevention. Card numbers are processed by Stripe directly — we never see, store, or transmit them.

3. How we use parent information

Parent data is used only to (a) deliver the service the parent paid for, (b) send transactional email about that service (receipts, billing updates, password resets), and (c) detect fraud. We do not sell parent data, do not run ads, and do not share parent data with third parties beyond the operators listed in section 8.

4. Information we collect FROM CHILDREN — required COPPA disclosure

We collect only the minimum necessary to deliver the activities:

Child's first name (chosen by the parent during setup — may be a nickname).
Child's age (2–8) — used to pick age-appropriate phonics cards and story vocabulary.
Activity completion records — which letter, which breathing exercise, which kindness story, and the timestamp.

We do not collect last name, address, phone number, email, school, photo, voice recording, geolocation, contacts, IP address, device identifier, or any persistent identifier from a child.

5. How we use information from children

Child information is used only to (a) deliver the daily 15-minute session, (b) pick age-appropriate phonics and story content, and (c) show the parent a session history on the parent dashboard. We do not use child information for advertising, marketing, profiling, retargeting, or to train any AI model. We do not disclose child information to anyone outside the operators listed in section 8.

6. Verifiable parental consent (§312.5)

Before any child information is collected, the parent must complete the verifiable parental consent flow. We use the credit-card transaction method permitted by §312.5(b)(2)(ii): the parent provides a payment method to start the 14-day trial or paid subscription, and Stripe sends the cardholder a confirmation of each discrete transaction. A parent who does not complete this step cannot create a child profile.

If you wish to revoke consent at any time, see section 9.

7. What we never do — for kids OR parents

No advertising shown to children — ever.
No third-party tracking pixels, fingerprinting, or ad-tech SDKs.
No selling, renting, or sharing of personal information with data brokers.
No conditioning a child's participation in any activity on collecting more info than necessary (§312.7).
No microphone, camera, contacts, location, or device-fingerprint access.
No behavioral profiling of children.
No use of any child information to train AI.

8. Third-party operators we share information with

A short list. We disclose only what each operator needs:

Supabase (database + parent auth) — receives parent email + password hash + the child's first name + age + activity records. Hosted in the United States.
Stripe (payment processor) — receives the parent's card details, name, billing email. Stripe never receives any child information.
Anthropic (AI provider for the kindness story) — when generating each daily story we send the child's first name and age to Claude Haiku, which returns a story. Anthropic does not train its models on this content (per their API zero-retention policy). No other child data is sent.
Resend (transactional email provider) — receives the parent's email and email content. No child information is sent.
Google Cloud Run (hosting) — sees encrypted HTTPS traffic but does not receive or store application payload data beyond standard request logs.
GoHighLevel (parent CRM) — when a parent signs up, we send their email and name so we can send service updates. No child data is sent.

We do not share child information with any third party other than Supabase (database) and Anthropic (AI story generation, first name + age only).

9. Parental rights — review, delete, refuse further collection (§312.6)

You have the right at any time, free of charge, to:

Review the personal information we have about you and your child.
Delete any specific child profile (along with all associated session and activity records). From the parent dashboard, open the child profile and tap Delete this child.
Permanently delete your entire account (parent + all children + all activity records). Email us at the address below or use the Delete my account button on the dashboard.
Refuse further collection from your child by deleting the child profile. The session activity will stop the moment the profile is deleted.

Requests submitted to hello@noadappsutah.com are honored within 30 days. We confirm the requester is the parent of record (verified via the email on file) before acting.

10. Data security

All data is encrypted in transit using TLS 1.3 and at rest using Supabase's AES-256 disk encryption. Database access uses Postgres row-level security so each parent account can only read its own data. Payments are processed by Stripe (PCI DSS Level 1).

11. Data retention

Activity records are kept for 90 days, then automatically purged. Parent account data is kept while the subscription is active and for 30 days after cancellation, after which the account and all child profiles are deleted. You may request immediate deletion at any time (section 9).

12. Changes to this policy

If we update this privacy policy, we will email all active parent account holders at least 14 days before the changes take effect. Material changes affecting how we handle information from or about children will always be sent in advance, and a renewed parental consent will be requested if §312.4 requires it.

13. Contact

Questions, parental-rights requests, or data deletion requests: hello@noadappsutah.com. Operator: No Ad Apps, Utah, USA. We respond to every parent inquiry within 2 business days.

Compliance: this policy is written to satisfy COPPA (16 CFR Part 312, including §312.4 direct/online notice and §312.5 verifiable parental consent), the Google Play Designed for Families and Families Self-Certified Ads SDKs policies, and the Apple App Store Kids Category requirements. CalmKids Academy is published by No Ad Apps.