Privacy

What we collect. What we don't.

Short version: the minimum to run the product. No advertising trackers. No selling data. Ever.

Last updated: 24 May 2026

Plain English summary.

To buy Kidley and use it across your devices, we store a small amount about you on our servers: your email, that you paid, your child's first name and age, and the protocols you've saved. We also use two third-party tools to understand how the site is used and which ads bring buyers, the Meta (Facebook) Pixel and Microsoft Clarity. Both are detailed below. We never sell your data to anyone.

1. Who we are

Kidley is operated by the Kidley team. You can reach us at hello@kidley.app (use "Privacy request" as the subject so we route it fast).

2. What we store on our servers

When you buy Kidley and create an account, the following sits in our database (hosted on Netlify, powered by Neon Postgres):

  • Your email address, for login, account recovery, and the Stripe purchase record.
  • A password hash, managed by Netlify Identity. We never see your password in plain text.
  • The fact that you paid, the date, and the Stripe session ID, so we can verify access on every device.
  • Your profile, parent first name, child's first name, child's age, and the goals you set in onboarding. Used to personalise the daily content and the protocol scripts.
  • Your saved library, the protocols, guides, and tools you've tapped "save" on. So your library follows you from your phone to your laptop.

That's the entire schema. We don't ask for your address, phone number, payment card, or anything we don't strictly need.

3. What stays only on your device

  • Notification preferences (browser-native, we don't see them).
  • Cached daily content (so the app works offline and doesn't re-download).
  • Your draft entries in interactive tools, until you save them.

4. Analytics and ad attribution we do use

We use two third-party tools to understand how the site is used and which ads bring buyers. Both are common, both are GDPR-compliant processors, and both can be opted out of via standard browser-level tracking protection (Brave, Firefox Strict, Safari ITP, uBlock, etc.).

  • Meta (Facebook) Pixel. Runs on the marketing site (kidley.app) and fires a single event on the post-purchase page (my.kidley.app/welcome.html). Records: page views, scroll to the pricing section, clicks on "Get Kidley" buttons, and a one-time Purchase event after a successful Stripe payment. We do NOT send your email, name, or any profile data to Meta. Meta sees only your IP address, browser fingerprint (user agent), and the events listed above. We use it to measure which ads convert. Opt out via your Meta ad preferences or via browser tracking protection.
  • Microsoft Clarity (two separate projects, one for the marketing site, one for the app). Records: anonymized mouse movement, clicks, scrolls, and replays of how visitors interact with the page. By default Clarity masks all text input — emails, passwords, payment details, and free-text fields are never recorded in replays or transmitted to Microsoft. We use Clarity to find broken UX (rage-clicks, dead buttons, scroll cliffs) and improve the site, not for behavioural advertising. See Clarity's privacy notice. You can disable it via browser tracking protection.

5. What we do not collect

  • No Google Analytics.
  • No TikTok, Twitter, LinkedIn, Pinterest, or Snap pixels.
  • No behavioural-advertising profiling beyond what Meta and Clarity do (above).
  • No microphone, camera, location, or contacts access.
  • No payment-card details. Stripe handles your card; we only see the email and the fact that the payment succeeded.

6. Who can see your data

  • You, by logging into Kidley.
  • The Kidley team, in the limited cases needed to operate the service (support, billing disputes, debugging). We do not browse user data for any other reason.
  • Our infrastructure providers, as a normal part of hosting:
    • Netlify, hosts the site, the database, and authentication.
    • Neon, the underlying Postgres database engine inside Netlify DB.
    • Stripe, processes payment. Sees your card; we never do.
    • Meta Platforms, processes the Pixel events listed in §4.
    • Microsoft, processes the Clarity session-replay data listed in §4.

We never sell, rent, or share your data with anyone else.

7. Cookies and similar

Kidley sets the following cookies:

  • Functional (always on): a Netlify Identity session cookie that keeps you logged in. Netlify may set small functional cookies for security purposes.
  • Analytics & attribution (set by the third parties above): Meta Pixel sets _fbp and (when arriving from a Meta ad) _fbc, expiring after 90 days. Microsoft Clarity sets _clck, _clsk and related cookies, expiring after up to a year.

You can clear any of these at any time via your browser settings. Disabling them won't affect your access to Kidley.

8. Children

Kidley is built for parents to use. The account holder is always an adult. The information you choose to enter about your child (first name, age) is used only to personalise the content shown to you. We never collect data directly from children.

9. Your rights

  • Access: log in and see everything we hold.
  • Export: email hello@kidley.app with the subject "Data export request" and we'll send you a JSON file of your data within 30 days.
  • Correction: change anything via the Settings page in the app.
  • Deletion: click "Delete my account" in Settings, or email us. We remove your row from the database and the Netlify Identity account within 30 days.

10. Data retention

We keep your data for as long as your account is active. If you delete your account, we delete everything within 30 days, except a minimal record (your email + the fact that a payment was made) which we keep for accounting purposes, as required by tax law.

11. Where your data lives

The database is hosted on Netlify's infrastructure (region typically United States or European Union depending on Netlify routing). Stripe operates globally with their own data-protection commitments. Meta and Microsoft process their respective analytics data in the United States and the European Union. All five — Netlify, Neon, Stripe, Meta, and Microsoft — are GDPR-compliant processors.

12. Changes to this policy

If we change anything material, we'll update the "Last updated" date at the top and surface a notice the next time you open the app.

Questions?

Write to hello@kidley.app with "Privacy request" as the subject.