← Back to EmotiSense Kids
🛡️ COPPA Compliant
🏳️ CCPA Ready
🇧🇷 LGPD Compliant
1. Introduction
EmotiSense Kids ("the App") is an educational application developed and operated by SMR Tech ("SMR", "we", "us", or "our"). The App is designed to help children with special needs understand emotions, develop communication skills, and build healthy routines through interactive, AI-assisted activities.
We are deeply committed to protecting the privacy of children and their families. This Privacy Policy describes what information we collect, how we use it, how we protect it, and the rights available to you as a parent or legal guardian.
2. Children's Privacy & COPPA Compliance
EmotiSense Kids is directed to children under the age of 13. We comply fully with the Children's Online Privacy Protection Act (COPPA), enforced by the U.S. Federal Trade Commission (FTC).
Our COPPA Commitment: We do not collect, use, or disclose personal information from children under 13 without first obtaining verifiable parental consent. A parent or legal guardian must create the account and provide consent before a child can use the App.
2.1 Verifiable Parental Consent
- Only a parent or legal guardian may create an EmotiSense Kids account.
- Account creation requires the parent's email address and a secure password.
- The parent sets a 4-digit PIN that protects all configuration and monitoring features.
- The child never directly provides personal information to the App.
2.2 What We Do NOT Do
- We do not collect personal information from children without parental consent.
- We do not sell, rent, trade, or share children's personal information with third parties for commercial or advertising purposes.
- We do not condition a child's participation in any activity on the disclosure of more information than is reasonably necessary.
- We do not display behavioral advertising or targeted ads to children.
- The App contains no advertisements of any kind.
2.3 Parental Rights Under COPPA
As a parent or legal guardian, you have the right to:
- Review all personal information collected about your child.
- Request deletion of your child's personal information at any time.
- Refuse further collection by deleting the account or contacting us.
- Revoke consent at any time by emailing cristaury2912@hotmail.com.
We will respond to all parental requests within 48 hours.
3. Information We Collect
| Data Category |
Details |
Purpose |
| Parent Account |
Email address, display name |
Authentication, communication |
| Child Profile |
First name only, age range |
Personalize experience |
| Parental PIN |
4-digit PIN (hashed locally) |
Protect parental settings |
| Usage Data |
Session duration, screens visited, activities completed |
Progress tracking for parents |
| Emotion Logs |
Emotion labels (e.g., "happy", "sad") with timestamps |
Emotional wellness reports |
| Achievement Data |
Coins earned, milestones reached, routine completions |
Motivational rewards system |
3.1 Information We NEVER Collect
- No photos or videos — The camera is used only for real-time, on-device emotion detection. No images are stored, uploaded, or transmitted.
- No audio recordings — Voice interactions are processed locally and are not recorded or stored.
- No location data — We do not access GPS, Wi-Fi, or IP-based geolocation.
- No advertising identifiers — We do not collect IDFA, GAID, or any advertising IDs.
- No contact lists — We do not access the device's contacts, calendar, or SMS.
- No financial data — See Section 6 (Payment Processing).
4. AI Privacy & Moon Mirror Technology
EmotiSense Kids includes a feature called "Moon Mirror" that uses artificial intelligence to detect facial expressions and help children identify their emotions in real time.
Critical Privacy Safeguard: Moon Mirror processes all images entirely on the child's device (on-device inference). No photos, video frames, or biometric data are ever uploaded to our servers, stored in any database, or seen by human eyes — not by SMR Tech staff, not by any third party, not by anyone.
How Moon Mirror Works:
- The device camera captures a live video feed displayed only on-screen.
- A lightweight AI model (TinyFaceDetector + FaceExpressionNet) runs locally in the device's browser/WebView.
- The AI outputs an emotion label (e.g., "happy", "sad", "surprised") as plain text.
- Only the text label is saved to the child's emotion log — never the image.
- When the camera is closed, all video data is immediately discarded from memory.
Technical guarantee: The AI models are loaded from local files bundled with the App. They do not require an internet connection, and no network requests are made during emotion detection. Parents can verify this in the App's network activity.
5. Data Storage, Localization & Security
5.1 Where Your Data is Stored
| Storage Layer |
Location |
Details |
| Local Storage |
Child's device |
Settings, session data, offline cache. Data remains entirely on the device. |
| Cloud Storage |
Google Cloud — São Paulo, Brazil (Region: southamerica-east1) |
Firebase Authentication, Firestore database, and Cloud Functions. All data encrypted at rest (AES-256) and in transit (TLS 1.3). |
Data Localization: Although our primary user base is in the United States, we have chosen to host all cloud data on Google Cloud servers located in São Paulo, Brazil (southamerica-east1). These servers comply with both U.S. and Brazilian data protection standards and use enterprise-grade encryption for data at rest and in transit.
5.2 Security Measures
- Encryption at rest: AES-256 encryption on all cloud-stored data.
- Encryption in transit: TLS 1.3 for all client-server communications.
- Firebase Security Rules: Strict access control — each user can only read/write their own data.
- Parental PIN: 4-digit PIN protects access to all configuration and monitoring features.
- No third-party trackers: The App includes zero advertising SDKs, analytics trackers, or third-party data collection tools.
- Minimal data collection: We follow the principle of data minimization — we only collect what is strictly necessary for the App to function.
5.3 Guest Mode
The "Explore Without an Account" (Guest Mode) stores all data exclusively on the local device. No information is transmitted to any server while in Guest Mode. If the parent later creates an account, they are given the option to migrate local data to the cloud.
6. Payment Processing & Stripe
EmotiSense Kids offers optional premium features through in-app purchases. All payment transactions are processed securely by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.
Important: SMR Tech does not store, process, or have access to your credit card numbers, debit card numbers, bank account details, or any other financial payment data. All financial information is handled exclusively by Stripe's secure infrastructure.
How Payments Work:
- When you make a purchase, you are redirected to a secure Stripe-hosted payment form.
- Your payment details are entered directly into Stripe's PCI-compliant environment.
- SMR Tech only receives a transaction confirmation (success/failure) and a tokenized reference ID — never your actual card number.
- All payment data is encrypted and governed by Stripe's Privacy Policy.
What SMR Stores for Billing:
- Stripe customer ID (a random token, not personally identifiable).
- Subscription status (active/inactive/canceled).
- Purchase date and plan type.
You may manage or cancel your subscription at any time through the App's Parent Dashboard or by contacting us at cristaury2912@hotmail.com.
7. Data Sharing & Third-Party Services
We do not sell, rent, or trade personal information. The only third-party services that interact with user data are:
| Service |
Provider |
Purpose |
Data Shared |
| Authentication |
Firebase Auth (Google) |
Secure login |
Parent email & password (hashed) |
| Database |
Cloud Firestore (Google) |
Data storage |
Child profiles, progress data |
| Payments |
Stripe, Inc. |
Transaction processing |
Payment info (direct to Stripe) |
All third-party providers are contractually bound to protect user data and are compliant with applicable privacy regulations. We do not share data with any other third parties.
8. Your Rights Under CCPA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights:
- Right to Know: You can request a detailed report of the personal information we have collected about you or your child.
- Right to Delete: You can request that we delete all personal information associated with your account.
- Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
- Right to Non-Discrimination: We will not deny services or charge different prices based on your exercise of privacy rights.
To exercise your CCPA rights, email cristaury2912@hotmail.com with the subject line "CCPA Request". We will verify your identity and respond within 45 days.
🇧🇷 9. Direitos sob a LGPD (Usuários Brasileiros)
Seção específica para usuários localizados no Brasil, conforme a Lei Geral de Proteção de Dados (Lei nº 13.709/2018).
9.1 Controlador de Dados
SMR Tech atua como Controlador de Dados Pessoais nos termos da LGPD. Para qualquer solicitação, entre em contato com nosso Encarregado de Proteção de Dados (DPO) pelo e-mail: cristaury2912@hotmail.com.
9.2 Base Legal para Tratamento
- Consentimento do responsável legal (Art. 14): O tratamento de dados pessoais de crianças é realizado exclusivamente com o consentimento específico de um dos pais ou responsável legal, obtido durante a criação da conta.
- Dados Pessoais Sensíveis (Art. 11): Reconhecemos que informações relacionadas à saúde emocional e ao desenvolvimento infantil podem ser classificadas como Dados Pessoais Sensíveis sob a LGPD. Estes dados são tratados com o mais alto nível de proteção e criptografia.
9.3 Seus Direitos (Art. 18 da LGPD)
Como titular de dados ou responsável legal, você tem direito a:
- Confirmação da existência de tratamento de dados pessoais.
- Acesso aos dados pessoais coletados sobre seu filho.
- Correção de dados incompletos, inexatos ou desatualizados.
- Anonimização, bloqueio ou eliminação de dados desnecessários ou tratados em desconformidade.
- Portabilidade dos dados a outro fornecedor (em formato estruturado).
- Eliminação dos dados pessoais tratados com base no consentimento.
- Informação sobre entidades públicas e privadas com as quais compartilhamos dados.
- Revogação do consentimento a qualquer momento.
Dados Pessoais Sensíveis: Os registros emocionais e de desenvolvimento gerados pelo uso da App podem constituir Dados Pessoais Sensíveis conforme definido pela LGPD. Estes dados são armazenados com criptografia AES-256 em servidores localizados em São Paulo, Brasil (southamerica-east1), e são acessíveis exclusivamente pelo responsável legal através do Painel de Pais protegido por PIN.
9.4 Como Exercer Seus Direitos
Envie sua solicitação para cristaury2912@hotmail.com com o assunto "Solicitação LGPD". Responderemos em até 15 dias úteis, conforme estipulado pela legislação.
10. Device Permissions
| Permission |
Used For |
Data Sent to Server? |
| Camera |
Moon Mirror emotion detection (real-time, on-device AI) |
No — processed locally, never uploaded |
| Microphone |
Voice assistant interactions |
No — processed locally, never recorded |
| Notifications |
Screen time alerts, break reminders, medical appointment reminders (set by parent) |
No — notifications are generated locally |
All permissions are optional. The App functions fully without granting camera or microphone access — children can select emotions manually instead of using the AI mirror.
11. Cookies & Local Storage Technologies
EmotiSense Kids does not use cookies, tracking pixels, web beacons, or any third-party analytics tools.
We use the browser's localStorage API solely for:
- Maintaining the parent's login session (so they don't need to re-authenticate each time).
- Storing the child's preferences and progress locally for offline functionality.
- Caching settings configured by the parent (screen time limits, notification preferences).
This data never leaves the device unless the parent has created an account, in which case it is synced to the secure cloud database described in Section 5.
12. Data Retention & Deletion
- Active accounts: Data is retained for as long as the account is active.
- Account deletion: When a parent requests account deletion, all associated data (parent profile, child profiles, progress data, emotion logs, and achievement records) is permanently deleted from our servers within 30 days.
- Guest mode data: Stored only on the local device. Clearing the browser/app data removes it entirely.
- Payment records: Stripe retains transaction records per their retention policy. SMR deletes billing references upon account deletion.
To request complete data deletion, email cristaury2912@hotmail.com with the subject "Delete My Data".
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will notify you via email to the address associated with your account.
- We will display a prominent notice within the App.
- The "Effective Date" at the top of this page will be updated.
We will always obtain fresh parental consent if a policy change involves collecting new categories of children's personal information or materially changes how previously collected information is used.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
| Data Controller |
SMR Tech |
| Privacy Email |
cristaury2912@hotmail.com |
| Subject Lines |
"COPPA Request" — U.S. parental rights
"CCPA Request" — California residents
"Solicitação LGPD" — Brazilian users
"Delete My Data" — Account deletion
|
| Response Time |
Within 48 hours (COPPA), 45 days (CCPA), 15 business days (LGPD) |