Privacy Policy

Effective Date: 1 January 2026 · Last Updated: March 2026

At MightyMinds, we believe every child deserves a safe, nurturing digital space. This Privacy Policy explains how we collect, use, and protect information when you use MightyMinds, our Montessori-inspired educational app for children aged 1–10. We are committed to full compliance with the UK GDPR, the EU GDPR, COPPA (US), and all applicable children's privacy laws.

1. About Us

MightyMinds ("MightyMinds", "we", "us", "our") is the company behind MightyMinds, an interactive educational iOS and Android app. We are a small, passionate team dedicated to creating safe, creative, and educational games for children. We believe play is the purest form of learning, and that every child deserves to feel capable, curious, and confident.

For any privacy-related queries, you can contact us at: privacy@mightymindsgame.com or by writing to MightyMinds, 66 Paul Street, London, EC2A 4NA, United Kingdom.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Parents and guardians who create accounts and manage the app on behalf of their children.
  • Children aged 1–10 years who use the MightyMinds app under parental supervision.

Important: MightyMinds is designed for use by children under direct parental supervision. We do not knowingly collect personal information directly from children under 13 without verified parental consent, in accordance with COPPA and the UK/EU GDPR.

3. Information We Collect

3.1 Information You Provide (Parent/Guardian)

  • Payment information: If you purchase a subscription, payment is processed by our third-party payment provider (e.g. Apple App Store / Google Play). We do not store your full card details.

3.2 Information Collected Automatically

  • Usage data: Activities completed, games played, time spent in app, and progress within learning modules.
  • Device information: Device type, operating system version, and app version for technical support and optimisation.
  • Crash and diagnostic data: Anonymous error logs to help us fix bugs and improve stability.

3.3 Information We Do NOT Collect

We are committed to collecting the minimum data necessary. We do not collect:

  • Voice recordings or audio from your child.
  • Photos or camera access.
  • Precise geolocation data.
  • Behavioural advertising profiles.
  • Contact lists or social data.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To operate, maintain, and personalise MightyMinds for your child.
  • Progress Tracking: To show parents/guardians how their child is progressing through learning activities.
  • Safety & Security: To detect and prevent fraud, abuse, or technical issues.
  • App Improvement: To analyse usage patterns (in aggregate/anonymised form) to improve features and content.
  • Communications: To send you important notices about your account, subscription, or changes to this policy (we will never send unsolicited marketing without your consent).
  • Legal Compliance: To comply with our legal obligations under UK GDPR, EU GDPR, and COPPA.

We will never use your child's data for advertising, profiling, or sale to third parties.

5. Our Legal Basis for Processing (UK/EU GDPR)

Under UK/EU GDPR, we rely on the following legal bases:

  • Contract performance: To deliver the MightyMinds service you have subscribed to.
  • Parental consent: For processing children's personal data (parents/guardians provide consent on behalf of their child).
  • Legitimate interests: For app security, fraud prevention, and aggregate analytics, where these do not override your rights.
  • Legal obligation: Where we are required to comply with applicable law.

6. How We Share Your Information

We do not sell your personal data. We only share information in the following limited circumstances:

  • Service providers: Trusted third-party providers who help us operate the app (e.g. cloud hosting, crash analytics). These providers are contractually bound to protect your data and cannot use it for any other purpose.
  • Payment processors: Apple App Store and Google Play handle in-app payments and have their own privacy policies.
  • Legal requirements: If required by law, court order, or to protect the rights and safety of users or others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data will be transferred subject to the same privacy protections. We will notify you in advance.

7. Data Retention

We retain personal data only for as long as necessary:

  • Account data is kept for as long as you maintain an active account, plus up to 30 days after account deletion for backup purposes.
  • Child progress data is deleted upon your request or within 90 days of account closure.
  • Anonymised/aggregated analytics may be retained indefinitely as they cannot identify you or your child.

8. Your Rights

As a parent or guardian, you have the following rights regarding your data and your child's data:

  • Access: Request a copy of the personal data we hold about you or your child.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Request deletion of your or your child's personal data (right to be forgotten).
  • Withdrawal of Consent: Withdraw consent for data processing at any time (this will not affect prior lawful processing).
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • COPPA Rights (US Users): Parents may review, request deletion of, and refuse further collection of their child's personal information by contacting us at privacy@mightymindsgame.com.

To exercise any of these rights, please contact us at privacy@mightymindsgame.com. We will respond within 30 days.

9. Children's Privacy — Our Commitment

Protecting children's privacy is at the heart of everything we do. Specifically:

  • MightyMinds contains no advertising of any kind.
  • We do not use behavioural tracking or targeted marketing on children.
  • We do not allow children to communicate with strangers or share content publicly.
  • All child-facing features are designed with age-appropriateness and safety as the primary considerations.
  • We comply with the Children's Online Privacy Protection Act (COPPA), the UK Age Appropriate Design Code, and the EU GDPR requirements for processing children's personal data.

10. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/HTTPS), encrypted storage, restricted access controls, and regular security reviews. In the unlikely event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by law.

11. International Data Transfers

MightyMinds is based in the United Kingdom. If we transfer your data outside the UK or European Economic Area (EEA), we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in accordance with UK GDPR and EU GDPR requirements.

12. Third-Party Links & Services

MightyMinds does not contain links to external websites or third-party services accessible to children. Our app is a fully self-contained, safe environment. Any third-party providers we use (e.g. for cloud hosting) are vetted and bound by data processing agreements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or an in-app notice at least 14 days before the changes take effect. The updated policy will always be available at mightyminds.com/privacy. Your continued use of MightyMinds after changes take effect constitutes your acceptance of the updated policy.

14. Contact Us & Complaints

If you have any questions, concerns, or wish to exercise your rights, please contact our Privacy Team:

If you are located in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your local EU Data Protection Authority.

Because every child deserves a safe space to grow, explore, and learn.