Privacy Policy

Effective Date: February 10, 2026

1. Who We Are

ThinkaBit ("the App") is operated by BCI Consulting ("we", "us", or "our"), accessible at bci-consulting.eu.

Address: Januaristraat 72, 1335AH Almere, Netherlands

ThinkaBit is an educational app designed for children ages 7-12 that teaches AI literacy through interactive lessons, games, and creative activities. We take children's privacy extremely seriously and have designed the App to comply with the Children's Online Privacy Protection Act (COPPA) and applicable international children's privacy laws.

2. Information We Collect

2a. Information Collected from Parents/Guardians

When a parent or guardian creates an account, we collect:

  • Email address — for account login, communication, and verifiable parental consent
  • Display name — how you appear in the Parent Dashboard
  • Hashed PIN — for secure access to the Parent Dashboard (we never store the actual PIN; it is one-way hashed with SHA-256 and a unique salt)
  • Subscription status — managed through Apple App Store or Google Play (we do not process payments directly)

2b. Information Collected from Children

With verifiable parental consent, we collect the following from child users:

  • Display name — a nickname chosen by the parent (not the child's real name)
  • Age — used solely for content calibration; we do not store birthdate or exact date of birth
  • Learning progress — lesson completions, quiz answers, and world progress
  • Sparky Scores — aggregated skill scores across 5 categories
  • Inventory & creations — digital items earned and creative projects made in the Workshop
  • Streak data — daily login streaks for engagement purposes

2c. Information We Do NOT Collect

ThinkaBit is designed with data minimization. We do not collect:

  • Real names of children
  • Birthdates or exact date of birth
  • Physical location or GPS data
  • IP addresses (beyond what's necessary for basic server communication)
  • Device identifiers or advertising IDs
  • Photos, videos, or audio recordings
  • Biometric data
  • Contact lists or social connections
  • Behavioral advertising data or tracking cookies
  • Any data for targeted advertising purposes

3. How We Use Information

We use collected information solely for:

  • Providing the App — delivering lessons, tracking progress, and personalizing the learning experience based on age and skill level
  • Parent Dashboard — showing parents their child's learning progress, scores, and activity
  • App functionality — syncing data across devices, maintaining streaks, and managing inventory
  • Account management — authentication, password resets, and subscription management
  • Communication — sending essential account-related emails to parents only (never to children)

We do not use children's data for marketing, advertising, or any purpose unrelated to the educational service.

4. COPPA Compliance

ThinkaBit complies with the Children's Online Privacy Protection Act (COPPA):

  • Verifiable parental consent — We require parental consent before collecting any data from children. Parents must create the account, verify their identity, and explicitly consent to their child's participation.
  • No more than necessary — We collect only the minimum data needed to provide the educational service.
  • No third-party advertising — The App contains no ads, and we never share children's data with advertisers.
  • Parental rights — Parents can at any time:
    • Review all data collected about their child
    • Request deletion of their child's data
    • Withdraw consent and have data deleted
    • Refuse further collection while still accessing previously collected data
  • Secure storage — All data is encrypted in transit (TLS) and at rest, with Row Level Security (RLS) policies ensuring users can only access their own data.

5. Third-Party Services

We use a limited number of trusted third-party services:

  • Supabase — database hosting and authentication. Supabase stores all user data with encryption at rest and in transit. Supabase Privacy Policy
  • RevenueCat — subscription management. RevenueCat processes subscription data from parents only (not children). RevenueCat Privacy Policy
  • Apple App Store / Google Play — app distribution and payment processing. Subscription payments are handled entirely by Apple/Google.

We do not use analytics, tracking, or advertising SDKs. We do not share, sell, or rent any user data to third parties.

6. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit using TLS 1.2+
  • All data encrypted at rest in our database
  • Row Level Security (RLS) policies ensuring strict data isolation between users
  • Parent PINs are one-way hashed using SHA-256 with unique salts (never stored in plain text)
  • Regular security reviews and updates
  • Minimal attack surface — no social features, no user-to-user communication, no file uploads

7. Data Retention & Deletion

  • We retain user data only as long as the account is active
  • Parents can delete their child's profile and all associated data at any time through the Parent Dashboard
  • Parents can delete their entire account and all data by contacting us or using the in-app account deletion feature
  • Upon account deletion, all data is permanently removed within 30 days
  • We do not retain data for marketing purposes after account deletion

8. International Users

ThinkaBit is primarily designed for users in the United States and European Union. If you are accessing the App from outside these regions, please be aware that your data may be transferred to and processed in the regions where our servers are located. We comply with applicable data protection laws including COPPA (US) and GDPR (EU) as they relate to children's data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify parents of material changes via email and will update the "Effective Date" at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your parental rights, contact us at: