Privacy Policy | Tunes n Tots

Tunes n Tots

Effective Date: April 28, 2026 Last Updated: April 28, 2026

1. INTRODUCTION AND OVERVIEW

Welcome to Tunes n Tots ("App," "we," "our," or "us"), a children's music education application designed for children ages 2–8. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you or your child uses our App and any related services, features, or content (collectively, the "Service").

We take the privacy of our young users seriously. Tunes n Tots is directed to children under the age of 13, and we comply fully with the Children's Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) where applicable, and all other applicable federal and state privacy laws.

Please read this Privacy Policy carefully. By downloading, accessing, or using the App, the parent or legal guardian of the child user agrees to the terms of this Privacy Policy. If you do not agree, please do not download or use the App.

2. WHO WE ARE AND HOW TO CONTACT US

App Name: Tunes n Tots Operator/Company Name: Tunes-n-Tots LLC Mailing Address: 67 S. Higley Rd. Suite 103-411 Email Address: support@tunesntots.com

For all privacy-related inquiries, concerns, or requests, please contact us at the email or mailing address above. We will respond to all verifiable requests within 30 days.

3. APPLICABILITY AND SCOPE

This Privacy Policy applies to:

Children ages 2–8 who use the App directly;
Parents and legal guardians ("Parents") who create accounts, manage subscriptions, or otherwise interact with the Service on behalf of their child;
Any individual who visits our associated website, contacts our support team, or otherwise interacts with our Service.

This Policy does not apply to third-party websites, applications, or services that may be linked from our App. We encourage Parents to review the privacy practices of any third-party services their children may access.

4. INFORMATION WE COLLECT

We are committed to collecting only the minimum data necessary to provide the Service. We do not sell personal information. Below is a description of what we may collect.

4.1 Information Collected from Parents/Guardians (Account Registration)

When a Parent creates an account or initiates a free trial or subscription, we may collect:

Parent/Guardian name (first and last)
Email address
Billing name and address (collected and processed by our third-party payment processor — we do not store full payment card numbers)
Password (stored in encrypted, hashed form)
State or country of residence (for legal compliance and tax purposes)

4.2 Information Automatically Collected

When the App is used, we or our service providers may automatically collect:

Device identifiers (e.g., device ID, advertising ID — only where permitted by law)
Device type, model, and operating system version
App version
General usage data (features used, screens visited, session duration, game progress)
Crash logs and diagnostic data (for troubleshooting purposes only)
IP address (used for general geolocation at the country or state level only; not stored with child profiles)

We do not collect the following from child users:

Full name
Physical address
Phone number
Photographs, videos, or audio recordings
Social media handles or identifiers
Geolocation beyond country/state level
Behavioral advertising identifiers
Any data that could be used to contact the child directly

4.3 Information the Child Enters in the App

The App is designed as a closed, standalone learning environment. Children are not required or invited to enter personal information. Children interact with music games and educational content only. If a child-facing screen inadvertently requests or receives a name or nickname for personalization purposes, such data is stored only on the device or under the parent's account, is not transmitted to third parties, and is never used for advertising.

4.4 Payment Information

Subscription and in-app purchase payment processing is handled by third-party payment processors (e.g., Apple App Store, Google Play, Stripe). We do not directly collect or store credit card numbers, bank account information, or other full payment credentials. Please review the privacy policies of those processors.

4.5 Sensitive Personal Information

We do not collect sensitive personal information such as precise geolocation, biometric data, or health information.

5. HOW WE USE INFORMATION

We use the information we collect solely for the following purposes:

Purpose

Legal Basis

To provide and operate the App and Service

Contract performance; legitimate interest

To manage Parent/Guardian accounts and subscriptions

Contract performance

To send transactional communications (receipts, password resets)

Contract performance

To send optional marketing communications to Parents (not children)

Consent (opt-in only)

To improve App features, fix bugs, and enhance user experience

Legitimate interest

To comply with legal obligations (COPPA, tax, court orders)

Legal compliance

To detect and prevent fraud or unauthorized access

Legitimate interest / Legal compliance

To respond to Parent inquiries and support requests

Contract performance; legitimate interest

We do not use child data for:

Behavioral advertising or targeted marketing
Profiling or automated decision-making about children
Building data profiles to sell to third parties
Any commercial purpose beyond directly operating the App

6. COPPA COMPLIANCE — CHILDREN UNDER 13

Because our App is directed to children under 13, we comply fully with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC's COPPA Rule, 16 C.F.R. Part 312.

6.1 Verifiable Parental Consent

Before collecting any personal information from a child, we require verifiable parental consent. We obtain this consent through:

Account creation by the Parent, not the child;
The Parent entering their email address, name, and completing payment during registration;
A clear disclosure of our data practices at the point of registration.

We do not allow children to create their own accounts.

We obtain verifiable parental consent through methods consistent with COPPA, including payment verification via app store billing systems and/or email confirmation.

6.2 What We Disclose to Parents

At or before the time of registration, we provide Parents with notice of:

The types of personal information we collect from children;
How we use and disclose such information;
The parent's right to review, correct, and delete their child's information;
The parent's right to refuse further collection or use of their child's information.

6.3 Parental Rights Under COPPA

Parents and legal guardians have the right at any time to:

Review the personal information we have collected from their child;
Request correction of inaccurate personal information;
Request deletion of their child's personal information;
Refuse any further collection or use of their child's information (which may require deletion of the account);
Revoke consent without affecting the lawfulness of prior use.

To exercise any of these rights, contact us at support@tunesntots.com. We will verify your identity as the parent or guardian before processing the request.

7. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

For California residents, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides additional rights.

7.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information (from Parents/Guardians only):

Identifiers: Name, email address, IP address
Commercial information: Subscription and payment records
Internet/electronic activity: App usage data, device identifiers
Inferences: General usage patterns for service improvement only

7.2 Your California Rights

California residents (Parents/Guardians) have the right to:

Know what personal information we collect, use, share, or sell;
Delete personal information we have collected;
Correct inaccurate personal information;
Opt-Out of Sale or Sharing: We do not sell or share personal information as defined under CCPA. California residents may nevertheless submit an opt-out request to support@tunesntots.com;
Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the Service;
Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights.

To submit a verifiable consumer request, contact us at support@tunesntots.com or 67 S. Higley Rd. Suite 103-411. We will respond within 45 days, with a one-time 45-day extension if necessary.

8. INFORMATION SHARING AND DISCLOSURE

We do not sell, rent, or trade personal information — especially children's personal information — to any third party for commercial purposes.

We may share information only in the following limited circumstances:

8.1 Service Providers

We engage carefully vetted third-party vendors who process data strictly on our behalf, under written data processing agreements, and only as necessary to provide the Service. Categories of vendors include:

Cloud hosting and data storage (e.g., servers where app data is stored)
Analytics providers (aggregate, anonymized usage data only — never child-level personal data shared for advertising)
Payment processors (handle billing on behalf of Parents)
Customer support platforms (to respond to Parent inquiries)
Crash reporting tools (for app stability diagnostics only)

All service providers are contractually prohibited from using data for their own commercial purposes or from disclosing it to additional parties. Examples of such providers may include services like Apple Analytics or similar tools configured in child-directed mode.

8.2 Legal Requirements and Safety

We may disclose personal information if required to do so by law, or in response to:

A valid court order, subpoena, or governmental request;
A legal obligation under applicable law;
An emergency situation where disclosure is necessary to protect the safety of a child or other individual.

8.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or similar transaction, personal information may be transferred to the successor entity. We will provide notice to affected users and will require the successor to honor the commitments made in this Privacy Policy. Any transfer of children's data will require prior verifiable parental consent to the extent required by COPPA.

8.4 Aggregate/De-Identified Data

We may share anonymized, aggregated, statistical data (e.g., "X% of users completed Module 2") that cannot reasonably be used to identify any individual. This data is not subject to the restrictions in this Policy.

9. DATA RETENTION

We retain personal information only as long as necessary for the purposes set forth in this Policy, or as required by law.

Data Type

Retention Period

Parent account information

Duration of active account + 2 years after deletion request

Child usage/progress data

Duration of active account; deleted upon account closure

Payment records

7 years (legal/tax requirement)

Support correspondence

3 years

Crash/diagnostic logs

90 days rolling

Anonymized analytics

Indefinitely (no personal identifiers)

Upon receiving a valid deletion request, we will delete or de-identify personal information within 30 days, except where retention is required by law.

10. DATA SECURITY

We implement industry-standard technical and organizational security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security);
Encryption at rest: Personal information stored on our servers is encrypted at rest;
Access controls: Access to personal information is restricted to authorized personnel with a legitimate need to access it;
Password security: Parent/Guardian passwords are stored in hashed form using industry-standard algorithms (e.g., bcrypt);
Regular security assessments: We conduct periodic reviews of our security practices;
Vendor due diligence: Third-party vendors are evaluated for security compliance before engagement.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect personal information, we cannot guarantee absolute security. In the event of a data breach affecting children's personal information, we will notify affected Parents and the FTC as required under applicable law.

11. THIRD-PARTY SDKs, ANALYTICS, AND ADVERTISING

We are committed to a no advertising policy for child users of Tunes n Tots.

We do not display third-party advertisements to children.
We do not use children's data for interest-based or behavioral advertising.
We do not allow third-party ad networks to collect data from child users.
We do not send push notifications to child users.

Any analytics SDKs or tools integrated into the App are configured in a child-directed mode that limits data collection in compliance with COPPA and applicable platform policies (Apple App Store, Google Play). We disable advertising identifiers and limit data collection to aggregate, non-personal diagnostic data when operating in child-directed mode.

12. THIRD-PARTY LINKS AND EXTERNAL CONTENT

The App does not contain links to external websites accessible to child users during gameplay or educational content delivery. Any links to third-party websites (such as a parent newsletter, app store listing, or support page) are accessible only to Parents through account management screens. We are not responsible for the privacy practices of third-party websites and encourage Parents to review their privacy policies.

13. INTERNATIONAL USERS AND DATA TRANSFERS

Tunes n Tots is operated from the United States. If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data in compliance with the GDPR and applicable UK data protection laws. Where required, we rely on appropriate safeguards for international data transfers (such as Standard Contractual Clauses). You may contact us at tunesntotsco@gmail.com for information about our international transfer mechanisms.

EEA/UK residents (Parents/Guardians) have the following additional rights under GDPR:

Right of access (Article 15)
Right to rectification (Article 16)
Right to erasure / "right to be forgotten" (Article 17)
Right to restriction of processing (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)
Right to lodge a complaint with a supervisory authority

14. PLATFORM-SPECIFIC DISCLOSURES

14.1 Apple App Store

If you download the App through the Apple App Store, Apple may collect certain device and account information as governed by Apple's own Privacy Policy. We encourage you to review Apple's privacy practices. We comply with Apple's App Store Review Guidelines for apps directed to children, including participation in Apple's "Kids" category requirements where applicable. Our data practices align with disclosures provided in the Apple App Store and Google Play data safety sections.

14.2 Google Play Store

If you download the App through Google Play, Google may collect certain information as governed by Google's Privacy Policy. We comply with Google Play's Families Policy for apps directed to children.

15. FREEMIUM MODEL AND TRIAL PERIOD

Tunes n Tots offers a 9-day free trial after which a subscription is required for full access. During the free trial:

We collect the same categories of Parent/Guardian information as during a full subscription;

If the Parent does not convert to a paid subscription at the end of the trial, we will retain minimal account information for up to 3 months before deleting the account, unless an earlier deletion request is submitted.

Subscription billing and cancellation terms are set forth in our Terms of Service.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or for other operational reasons. When we make material changes, we will:

Post the updated Policy in the App and on our website with a new "Last Updated" date;
Notify Parents/Guardians via email if the changes affect how we collect or use children's personal information;
Obtain new verifiable parental consent if material changes would apply to children's data in a manner not previously disclosed.

Your continued use of the App after the effective date of the revised Policy constitutes acceptance of those changes. We encourage you to review this Policy periodically.

17. YOUR CHOICES AND OPT-OUT OPTIONS

17.1 Marketing Communications

We may send promotional emails to Parents who have opted in. You may unsubscribe at any time by:

Clicking the "unsubscribe" link in any marketing email; or
Contacting us at support@tunesntots.com.

Opting out of marketing communications does not affect transactional communications (e.g., receipts, account notices).

17.2 Account Deletion

To delete your account and your child's associated data, please contact us at support@tunesntots.com with "Account Deletion Request" in the subject line. We will process verified requests within 30 days and will confirm once your data has been successfully deleted.

17.3 Do Not Track (DNT) Signals

Our App does not engage in cross-site tracking; therefore, Do Not Track signals do not alter our data practices.

18. DISPUTE RESOLUTION

If you have a complaint about our privacy practices that we have not resolved to your satisfaction, you may submit a complaint to:

Federal Trade Commission (FTC): www.ftc.gov (for COPPA-related complaints)
Your state Attorney General's office
Your country's data protection authority (for GDPR-related complaints)

19. ENTIRE AGREEMENT

This Privacy Policy, together with our Terms of Service and any other agreements incorporated by reference, constitutes the entire agreement between you and Tunes n Tots regarding the privacy of your and your child's information. In the event of any conflict between this Privacy Policy and the Terms of Service regarding privacy matters, this Privacy Policy shall control.

20. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Tunes n Tots — Privacy Team Tunes-n-Tots LLC 67 S. Higley Rd. Suite 103-411 Email: support@tunesntots.com

We are committed to responding to all inquiries within 30 days.

This document is provided for informational purposes. It is strongly recommended that you have this Privacy Policy reviewed by a licensed attorney familiar with COPPA, CCPA, GDPR, and applicable state and federal laws before publishing.