Mobile App Privacy Policy
Last updated: June 23, 2026 • Effective date: June 23, 2026
My Phoenyx is a language-learning companion for children that is set up and managed by a parent or legal guardian. This Privacy Policy explains how BeSpoke Care Inc. (“My Phoenyx,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information through the My Phoenyx mobile application, our website at www.myphoenyx.com, and related services (collectively, the “App” or “Services”). Data practices for the My Phoenyx plush toy are addressed in the separate My Phoenyx Toy Privacy Policy.
The parent or guardian is the account holder. A child may use the learning features of the app only after a parent sets up the account and provides consent, as described in Section 8.
1. A NOTE TO PARENTS AND GUARDIANS (CHILDREN’S PRIVACY)
Because My Phoenyx is intended for children, this section governs and controls over anything elsewhere in this Policy if there is a conflict. We are committed to protecting children’s privacy and to complying with the Children’s Online Privacy Protection Act (“COPPA”) and its implementing Rule. Please read this section carefully before allowing your child to use the App.
Information we collect from your child. After a parent sets up the account and provides consent, your child’s use of the app may involve:
-
Voice audio (tap-to-talk only): The app uses a tap-to-talk microphone. Audio is captured only while your child actively taps or holds the talk button. The app does not use an open, continuous, or always-on microphone and does not listen in the background. When your child taps to talk, the captured audio is sent to our servers and to our AI provider to be converted to text so the character can respond. It is deleted immediately after transcription and is not used to train AI models.
-
Drawings, stories, words, and other content your child creates in the app.
-
Learning and progress data: lessons attempted, words practiced, level and score records, achievements, journals, practice frequency, and in-app settings, so the character can continue your child’s learning across sessions.
-
Limited, consent-gated analytics identifiers: a children’s-restricted analytics configuration used to understand how the app is used and to fix problems. This configuration does not use an advertising identifier and does not personalize advertising.
How we use your child’s information. We use it solely to operate and improve the core learning experience: to power the character’s conversation, deliver and personalize lessons, transcribe speech and give feedback, save the content your child creates, track learning progress, secure the Services, and provide support. We do not use your child’s voice or personal information to train AI models, for targeted or behavioral advertising, for profiling for advertising, or for sale.
What we do not collect from your child. We do not knowingly collect a child’s precise location, home address, phone number, personal email address, contacts, photos, videos, government identifiers, or biometric identifiers through the child experience. We do not allow children to make their information publicly available.
Your choices and rights as a parent. At any time you may review, correct, or delete your child’s personal information; refuse further collection or use; withdraw consent; or delete the account. See Section 9 for how, and for the limits of each choice.
To exercise any of these rights, contact us at legal@myphoenyx.com. We will verify that you are the child’s parent before acting on the request.
2. INFORMATION WE COLLECT ABOUT THE PARENT OR GUARDIAN
Separately from any data collected from children, we collect information directly from the parent or guardian, including:
-
Account and contact information: name, email address, password and authentication identifiers, and phone number provided at signup.
-
Parent-area gate: parent birth year, which is converted to a one-way hash and used only to gate the parent area and confirm an adult is setting up the account.
-
Consent records: consent status, the date and time, the policy/notice version, and the consent scopes (Section 8).
-
Trial and access timestamps: start, end, and remaining-access status for any promotional or early-bird access period.
-
Purchase information: billing address and payment confirmation. Full payment card numbers are processed by our payment processor and are not stored by us.
-
Order information: mailing/shipping address used to deliver the toy.
-
Support communications: messages you send us.
-
Device, security, and account-activity data needed to operate and protect the parent account.
3. HOW WE COLLECT INFORMATION
We collect information:
-
from the parent when the parent creates and manages the account, creates a child profile, provides consent, makes a purchase, or contacts us;
-
from the child — only after a parent sets up the account and provides consent — when the child uses voice, drawing, story, assessment, game, and progress features;
-
automatically from the app and device, where permitted; and
-
from service providers that support authentication, payment, hosting, storage, speech-to-text, AI generation, analytics, security, and customer support.
Our public marketing website may use essential cookies and privacy-respecting analytics. We do not use third-party advertising technologies or advertising identifiers in the child-facing app.
4. VOICE RECORDINGS AND AI-GENERATED CONTENT
The app uses a tap-to-talk microphone. The microphone activates only while your child is actively pressing the talk button, and audio is captured only during that interaction. The app does not use an open, continuous, or always-on microphone and does not listen in the background.
When a child taps to talk, the device temporarily captures the audio, which is sent to our servers and to our AI provider, OpenAI, L.L.C., to return the requested transcription and feedback.
The audio is used only to return the requested transcription. The temporary recording is deleted from the device after the request, our servers delete temporary audio immediately after transcription, and our provider is contractually prohibited from storing it or using it to train AI models.
Prompts or child-created text may also be sent to OpenAI, L.L.C. to generate learning text or images. We do not send the child’s name or account identifiers with these requests, and the provider is contractually prohibited from using this content to train AI models.
5. ANALYTICS
Analytics is disabled before and unless a parent has set up the account and provided consent. After consent, we use Google Firebase Analytics in a children’s-restricted configuration to understand app performance and feature use. We configure it without advertising personalization, ad storage, ad user data, Google Signals, targeted advertising, or child content in event parameters. Analytics may process device/app identifiers, IP-derived general location, device information, screen views, interactions, and timestamps.
A parent may withdraw consent at any time (Section 9). Withdrawal disables future analytics collection for that child/account.
6. HOW WE SHARE INFORMATION
We share personal information only as described here, and we do not sell personal information.
-
AI processing: a third-party AI provider processes temporary app voice audio, transcripts, and limited prompts/content to provide the transcription or generation a feature requests. It is contractually prohibited from training on this data.
-
Cloud hosting, database, and storage: our cloud infrastructure and database providers store and process parent account data, child profile/progress/content, stored creations, and device identifiers to operate the Services.
-
Analytics: our analytics provider processes consent-gated, children’s-restricted analytics as described in Section 5.
-
Authentication: when a parent chooses a third-party sign-in option, that provider processes the parent’s authentication information.
-
Payment and shipping: our payment processor and shipping vendor process the information needed to complete a purchase and deliver the toy.
-
Legal and safety: where reasonably necessary to comply with law or valid legal process, protect a child or another person, investigate fraud or security incidents, or protect our rights.
-
Business transfers: in connection with a merger, acquisition, or sale of assets, subject to the protections in this Policy.
We require service providers that handle children’s personal information to maintain its confidentiality, security, and integrity, and to use it only to provide the contracted service. We obtain separate parental consent before disclosing a child’s personal information to any third party for any purpose that is not integral to providing the Services. We do not disclose children’s information for targeted advertising. Parents may request the current list of our service providers by contacting legal@myphoenyx.com.
7. INFORMATION WE COLLECT AUTOMATICALLY
We collect limited technical data — such as device type, app version, operating system, and diagnostic and security events — needed to keep the Services working and secure, and the children’s-restricted analytics described in Section 5. In the child-facing app we do not use third-party advertising technologies or advertising identifiers. On the public marketing website we use only essential cookies and privacy-respecting analytics.
8. PARENTAL ACCOUNT SETUP AND CONSENT
My Phoenyx accounts are created and controlled by a parent or legal guardian. Before any child information is collected:
-
The parent creates the account and passes a parent gate by confirming their year of birth (stored only as a one-way hash) to confirm an adult is setting up the account.
-
The parent reviews this Policy and affirmatively confirms, by the consent control in the app, that they are the child’s parent or legal guardian and consent to the collection and use of their child’s personal information as described in this Policy.
We record the consent status, the date and time, the notice/policy version, and the consent scopes. The app does not collect your child’s voice, content, progress, or analytics until a parent has completed account setup and provided this consent.
If account setup and consent are not completed, we delete any preliminary name and contact information collected solely to begin setup within 14 days. Before consent, the child cannot enter the learning experience, use the microphone, upload content, or generate analytics events.
9. PARENT CHOICES AND RIGHTS
A verified parent may at any time:
-
review the categories or specific personal information collected from the child;
-
correct profile information;
-
refuse further collection or use;
-
withdraw consent;
-
consent to collection and use without consenting to a non-integral third-party disclosure;
-
request deletion of the child’s information; and
-
delete the parent account.
Use the in-app path Settings → Parent Area → Privacy & Data, or contact legal@myphoenyx.com. We verify that the requester is the child’s parent before providing access to or deleting child information, using a process that is not unduly burdensome. Withdrawing consent or requesting deletion may require us to disable or terminate features that cannot operate without the information.
Depending on your state of residence, you may also have rights to access, correct, delete, or restrict certain uses of your own personal information, and to appeal a denied request. To exercise these rights, contact legal@myphoenyx.com.
10. DATA RETENTION AND DELETION
We retain children’s personal information only as long as reasonably necessary for the specific purpose below. We do not retain it indefinitely.
-
Preliminary name/contact info used only to begin setup — to complete account setup and consent — deleted after 14 days if setup is not completed.
-
Voice audio (app) — to transcribe the child’s specific request — deleted immediately after transcription; not stored by us; providers prohibited from retaining it or using it for training.
-
Voice transcript — to return feedback — not retained after the feedback is returned.
-
Child profile and learning progress — to personalize learning and restore progress — kept while the profile/account is active; deleted within 30 days of a verified deletion request or account closure.
-
Drawings, stories, and child-created content — to save and display creations — kept until the parent deletes the item/profile/account; complete deletion within 30 days.
-
Consent records — to prove and administer consent and revocation — kept for the life of the account and for a reasonable period afterward as required to demonstrate compliance.
-
Consent-gated analytics — to measure and improve app operation — retained for no longer than 2 months in Firebase.
-
Security and API logs — to detect abuse, investigate incidents, and maintain reliability — kept for 30 days, unless an incident or legal duty requires a documented longer hold; logs do not contain child voice or content.
-
Parent account data — to operate and support the account — kept for the life of the account; deleted within 30 days of closure, except limited records (such as transaction records) we must retain by law.
-
Backups — for disaster recovery — expire and are overwritten within 30 days after deletion from active systems.
A documented legal hold may delay deletion only for the information and period required by law.
11. DATA SECURITY
We maintain a written information-security program with administrative, technical, and physical safeguards appropriate to the sensitivity of children’s information and the size of our operations. Because we handle children’s voice data, these safeguards include encryption of data in transit and at rest, access controls limiting who can reach personal information, authentication and authorization controls, logging restrictions, incident response, deletion procedures, and diligence on the vendors who process data on our behalf. No security system is perfect. Parents may report a suspected privacy or security issue to legal@myphoenyx.com.
12. UNITED STATES ONLY
The Services are offered only in the United States at launch. If you are outside the United States, please do not use the Services.
13. CHANGES TO THIS POLICY
We may update this Policy from time to time. We will post the revised Policy and update the “Last updated” date. Before making a material change to the collection, use, or disclosure practices to which a parent previously consented, we will provide the parent with notice and obtain updated consent where required by law.
14. CONTACT US
For privacy questions or to exercise parental rights:
BeSpoke Care Inc.
800 Third Avenue, FRNT A #1028
New York, NY 10022
Telephone: (646) 827-0563
Email: legal@myphoenyx.com
