We are committed to protecting the privacy and safety of every user โ especially children.
Speechora is an educational app primarily designed for children. Through interactive games, audio-assisted lessons, and a rich library of learning categories โ including animals, fruits, alphabets, numbers, and more โ children can learn English and other languages at their own pace. Parents and guardians have access to a dedicated Parent Dashboardto monitor their child's learning activity, time spent, and performance across different games and categories.
Because our app is intended for children, we comply fully with the Children's Online Privacy Protection Act (COPPA) and, where applicable, the General Data Protection Regulation for children (GDPR-K).
This Privacy Policy applies to:
| Data Field | Purpose |
|---|---|
| First Name & Last Name | Personalise the account and profile display |
| Username | Unique account identifier |
| Email Address | Account login, password recovery, notifications |
| Phone Number | Optional; used for phone-based login (OTP) |
| Age | To verify the account is managed by an adult |
| Gender | Optional profile detail |
| Country | To provide region-appropriate content |
| Profile Photo | Optional; uploaded by user (stored via Cloudinary) |
| Password (Hashed) | Securely hashed using bcrypt; never stored in plain text |
| Authentication Provider | Whether the user registered via email, Google, or phone |
We support multiple sign-in methods:
Email & Password
Passwords are hashed using bcryptjs and never stored in plain text.
Google Sign-In
OAuth 2.0. We receive your name, email, and profile picture. We do not receive your Google password.
Phone / OTP
Uses your phone number to send a one-time verification code.
Firebase Authentication
An additional authentication layer managed by Google Firebase.
Sessions are managed via JSON Web Tokens (JWT). Access tokens expire after 7 days and refresh tokens after 30 days, both stored securely on-device.
As a child uses Speechora, we collect data about their interactions with educational content. This data is linked to the parent's account and is used exclusively for educational progress tracking:
When a subscription is purchased we collect subscription type, start/end dates, price paid, status, and promo code used.
Speechora uses the device's native Text-to-Speech engine to read out learning content aloud. TTS language and voice ID preferences are stored locally on the device only using AsyncStorage and are never sent to our servers.
With your permission, we send push notifications for account events, new content alerts, and subscription reminders. You can manage this permission at any time through your device Settings.
We and our third-party providers (Firebase) automatically collect device type and model, OS version, unique device identifiers, IP address (for security only), and app crash reports. This data is used solely for security, bug fixing, and performance improvement โ not for profiling or advertising.
All data transmitted to our servers is encrypted using HTTPS (TLS 1.2+). Your password is never stored in plain textโit's hashed using bcryptjs before being saved.
| Purpose | Data Used |
|---|---|
| Account creation and authentication | Name, email, phone, password, provider |
| Child learning personalisation | Game results, category progress, TTS preferences |
| Parental progress monitoring | Time spent per game/category, scores, weekly comparisons |
| Subscription management | Subscription status, plan type, payment history |
| Push notifications | User ID, notification type, device permission |
| Content customisation | Custom images, names, audio |
| Security and fraud prevention | Device data, IP address, JWT tokens |
| Performance and bug fixing | Crash reports and technical logs (Firebase) |
| Customer support | Name, email, account details |
We do NOT use your data for:
All accounts on Speechora are created by adults (parents or guardians) only. During registration, the adult must: (1) Accept the parental consent declaration confirming they are at least 18 years old, and (2) Confirm they are the parent or legal guardian of the child using the app. We do not knowingly permit children to register independently. By creating an account and checking the consent box, the registering adult is confirming their age and relationship to the child.
We collect only the minimum data necessary to deliver the educational experience and allow parental monitoring. We collect the child's first name and last name for account personalization and profile identification. We collect an optional phone number for account recovery purposes. A child's activity is tracked solely under the parent's linked account. Game results and time-tracking data are aggregate and educational in nature. Note: The account creator (parent/guardian) must verify they are at least 18 years old during registration.
Speechora does not include chat, messaging, or social networking features; public profiles visible to other users; user-generated content sharing between accounts; or forums or community spaces. Children cannot communicate with anyone else within the app.
We do not display third-party advertisements to children, and we do not use children's data for any advertising, analytics profiling, or data monetisation.
The Parent Dashboard (Activity Log, progress charts, game scores, and weekly performance comparisons) is accessible via the student's profile screen. Access is locked behind a 5-second long-press gesture on the "Switch" button. This deliberate step ensures that detailed reporting is accessed by the parent, not the child.
Parents and guardians have the right to:
Review
Any personal information collected from or about their child (visible in the app's Activity Log via parent dashboard)
Request Deletion
Of all data associated with their child's profile
Control Notifications
Turn off features like notifications in device settings
Cancel Subscriptions
Anytime through Google Play or Apple App Store
Manage Permissions
Revoke access to photos and other data through device settings
We share data only with trusted service providers necessary to operate Speechora. We do not sell your data.
| Service Provider | Purpose |
|---|---|
| Firebase (Google LLC) | Authentication (sign-in) and secure data storage |
| Google Sign-In | Social authentication (name and email only) |
| Google Play Store & Apple App Store | In-app subscription purchases and payment processing |
Password Hashing: Passwords are hashed using bcryptjs and never stored in plain text.
Encrypted Communication: All data transmitted to our servers uses HTTPS encryption (TLS 1.2+).
Firebase Security: Data stored in Firebase is protected by Google's enterprise-grade security.
Access Control: Only authorized Speechora staff can access user information.
Regular Audits: We conduct regular security audits to maintain COPPA and GDPR-K compliance.
When you delete your account:
Firebase Database
Account and educational data stored securely via Google Firebase
On-Device Storage
Session preferences and local app settings
Password Hashing
bcryptjs (never stored in plain text)
HTTPS / TLS Encryption
All data in transit is encrypted (TLS 1.2+)
Input Validation
All data is validated before processing
Access Control
Only authorized staff can access user data
When you delete your account, all personal data is permanently removed within 30 days. Subscription records are retained for 90 days as required by financial regulations.
View and update your profile (name, photo, phone number, gender, country) at any time in the User Profile Screen within the app.
Request deletion of your entire account and all associated data by contacting us. We will process valid deletion requests within 30 days.
Manage, pause, or cancel your subscription through your device's Google Play Store or Apple App Store account settings. Cancellation takes effect at the end of the current billing cycle.
Manage push notification permissions at any time through your device: Settings โ Apps โ Speechora โ Notifications.
Change your voice and language settings at any time from the Voice & Language Settings screen in the app. These settings are local to your device.
The content customisation feature requests access to your device photo library. Revoke this permission at any time through your device's system settings.
Speechora is a mobile application and does not use browser cookies. We use AsyncStorage to store the following data locally on your device:
| Key | Content |
|---|---|
| @auth_user | Cached user profile for offline access |
| @auth_token | JWT access token |
| @auth_refresh_token | JWT refresh token |
| @tts_language | Selected TTS language preference |
| @tts_voice | Selected TTS voice preference |
All local data is cleared when you sign out of the app.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:
Your continued use of Speechora after any update constitutes your acceptance of the revised Privacy Policy.
This Privacy Policy is governed by applicable laws, including:
United States
Children's Online Privacy Protection Act (COPPA), California Consumer Privacy Act (CCPA)
European Union / EEA
General Data Protection Regulation (GDPR), including children's provisions (GDPR-K / Article 8)
United Kingdom
UK GDPR and the Children's Code (Age Appropriate Design Code)
If you have any questions, concerns, or requests โ including data access, correction, or deletion requests โ please contact us:
App Name
Speechora
Developer / Company
Speechora
support@speechora.com
Website
speechora.com
For COPPA-related parental requests (data review or deletion):
Please email us with subject: "COPPA Request โ [Account Email]"
We will respond within 5 business days.
This Privacy Policy has been drafted to comply with the requirements for publishing on the Google Play Store and Apple App Storein the "Kids" and "Education" categories. It reflects the actual data practices of Speechora's back-end (Node.js / Express / PostgreSQL), mobile app (Flutter), and games module (Next.js).
ยฉ 2026 Speechora by Speechora. All rights reserved.