Jump to a section
The short version
- We never sell your or your child's data, never show ads, and never track, profile, or target advertising at children.
- Voice recording is optional and off until a parent turns it on. We treat your child's voice as sensitive and use it only to give reading feedback and improve Snappy's listening — never to identify your child to anyone.
- You can turn recording off, delete your child or account, and ask us to access or delete your information — and withdraw consent — at any time.
- Questions or requests? Email hello@snappyreading.com.
This Privacy Policy explains how Synapse Learning Systems (“Snappy”, “we”, “us”) handles personal information across the Snappy family app (at snappyreading.com) and the Snappy for Schools product. Because Snappy is designed for young children, we hold ourselves to the strictest applicable children's-privacy standards worldwide and treat every user under 18 as a child.
1.Who we are
Snappy is operated by Synapse Learning Systems, a sole proprietorship based in New Delhi, India — we are the “data controller” / “Data Fiduciary” responsible for your information. For any privacy question, request, or complaint, email us at hello@snappyreading.com. We handle these ourselves and act as your privacy and grievance contact.
2.Who this policy covers
Snappy has two products with different legal footings:
- Family app — a parent or guardian creates the account and adds their child. The parent provides consent on the child's behalf.
- Snappy for Schools — a school or teacher sets up classes and student logins. Here the school directs the processing and holds the relationship with parents (see Section 14).
3.What we collect
Family app
- Parent account: email address, display name, chosen country, and marketing attribution captured at signup (e.g. which link brought you to us). Sign-in is handled by our authentication provider.
- Child profile: a display name and avatar you choose, plus learning preferences (such as audio sensitivity and voice-coach settings). We do not ask for a child's date of birth, and children have no email or login of their own.
- Learning activity: progress, streaks, words practised, and per-attempt pronunciation analytics (which sound was expected, what was heard, quality scores, clarity, region, and the app/model version that graded it). These analytics are numbers and text only — never audio.
- Voice recordings of your child speaking — only if you turn recording on (see Section 8).
- Billing: subscription status and identifiers from our payment processor. We do not receive or store your card details (see Section 16).
- Approximate country, derived from your network's country signal to set the right currency and support regional accuracy. We do not store your IP address in our database.
Snappy for Schools
- School staff (admins, teachers): name and email.
- Students: a name and class-based login (class code + name + a password managed by the teacher). Students have no email and no date of birth on file, and their learning activity as above.
- Sales enquiries: if you use a “contact us” form, the details you submit (name, email, phone, school, role) are emailed to our team so we can reply.
4.Why we collect it, and our legal bases
| Purpose | Data used | Legal basis (GDPR/UK) & consent (DPDP) |
|---|---|---|
| Provide the reading exercises & save progress | Account, child profile, learning activity | Performance of contract; parental consent for the child |
| Real-time pronunciation feedback | The spoken utterance; per-attempt analytics | Explicit parental consent (voice = sensitive) |
| Improve & train our speech-recognition models | Voice recordings (opt-in only) | Explicit parental consent |
| Billing & subscription management | Billing identifiers | Performance of contract |
| Security, fraud prevention, service reliability | Account & technical data | Legitimate interests (balanced for children) |
| Regional pricing & accuracy | Approximate country | Legitimate interests / contract |
Where we rely on consent, you may withdraw it at any time without affecting processing already carried out. Voice data is treated as sensitive/biometric and processed only on explicit parental consent.
5.What we never do
- We never sell or rent your data, your child's data, or any student's data.
- We never show advertising in Snappy, and we never use children's data for advertising anywhere.
- We never track children across the web, build advertising or behavioural profiles, or run third-party ad or analytics trackers. Our analytics are first-party and used only to teach reading better.
- We never use a child's voice to identify them to third parties, and never sell or profit from voice data.
6.Parental consent
For the family app, a parent or guardian creates and controls the account, adds each child, and agrees to this policy before any child data is collected — this is how we obtain verifiable parental consent for children under 18. You can review your child's information, refuse or stop further collection, and delete it, at any time (see Section 13). If we ever materially change how we handle children's data, we will seek fresh parental consent.
7.Children's data — our defaults
- High privacy by default: voice recording is off until a parent enables it; we collect the minimum needed to teach reading.
- No behavioural profiling or nudging of children, and no location tracking — we only infer approximate country for currency and accuracy.
- Plain language: we write for parents and children in clear terms, and keep a short summary at the top of this page.
8.Voice recordings
Snappy listens to your child speak so it can give reading feedback. Whether a recording of that speech is saved is entirely your choice:
- Off by default, opt-in only. No audio is stored unless a parent (or, for schools, the school) has switched recording on. If consent is missing for any reason, nothing is recorded (“fail-closed”).
- What is captured: the short clip of your child saying a sound or word. Nothing else.
- What we use it for: (a) real-time pronunciation feedback, and (b) improving and training Snappy's speech-recognition models so it hears children more fairly and accurately. We treat voice as sensitive / biometric data.
- How it's stored: recordings are saved under opaque, non-identifying file names (no name, word, or result in the file reference) with strict, least-privilege access.
- Who processes it: our cloud storage provider (Google Cloud), and — when we train models — AWS (see Section 9 and Section 10). We never sell it and never use it for ads.
- Your control: turn recording off at any time in Settings to stop new recordings, and ask us to delete existing recordings. Deleting your child or your account also removes the associated recordings.
9.Who we share data with (our processors)
We share personal data only with the service providers that help us run Snappy, under contracts that require them to protect it and use it only on our instructions. We do not sell data or share it with advertisers.
| Provider | What it helps with | What it receives |
|---|---|---|
| Supabase | Database, sign-in, storage | Account, profile, learning & consent data |
| Google Cloud | App hosting (Mumbai) & voice-recording storage | App traffic; opt-in voice recordings |
| Razorpay | Payments | Payer details & card data (handled by Razorpay, not us) |
| Resend | Account & billing emails | Recipient email + message content |
| Google (Gemini) | Optional voice-coach audio | Curriculum text only — no child data or child audio |
| Cloudflare | Secure delivery & country signal | App traffic; approximate country |
| Amazon Web Services | Speech-model training (when run) | Opt-in voice recordings + learning labels |
10.International data transfers
Snappy's application and database are hosted in India (Google Cloud, Mumbai, and our database provider Supabase). Some processing happens elsewhere — in particular, when we train our speech models, opt-in voice recordings may be processed on AWS in the United States. Where we serve users in the EU, UK, or other regions, cross-border transfers to India and to our service providers rely on recognised safeguards — in particular the Standard Contractual Clauses (and the UK International Data Transfer Agreement) included in our providers' data-processing agreements. Hosting data in India is fully compatible with these rules when such safeguards are in place. You may request details of the safeguards we use.
11.How long we keep data
We keep personal data only as long as needed for the purposes above:
- Account, profile & learning data: kept while your account is active, and deleted when you delete your account or child, or (for schools) when the school requests deletion.
- Voice recordings: kept no longer than necessary and, in any case, no longer than 24 months. When you delete a child or account, or withdraw recording consent, the associated recordings are queued for deletion from storage.
- We do not keep children's personal data indefinitely.
12.How we protect data
- Encryption in transit (HTTPS/secure WebSockets) for all traffic.
- Row-level access controls so each family sees only its own data, and least-privilege separation between everyday and administrative access.
- Opaque, non-identifying storage keys for recordings, and consent checks that fail closed.
- We maintain internal security practices and will notify you and the relevant authority of a personal-data breach where the law requires.
13.Your rights & how to use them
Depending on where you live, you (and, for a child, the parent) have rights to access, correct, delete, and receive a copy of personal data, to object to or restrict processing, to withdraw consent, to limit the use of sensitive data, and to nominate someone to exercise your rights (India). We do not sell or “share” data for advertising, so there is nothing to opt out of there.
- In the app: parents can delete a child, toggle voice-recording consent, correct profile details (such as name and country), and manage the voice coach directly in Settings.
- Voice recordings: recordings are not viewable or editable in the app. You can have them deleted by deleting the child or account, by turning recording off, or by asking us — and you can request a copy by email.
- By email: for full-account deletion, a copy of your data, or any other request, email hello@snappyreading.com. We may verify that you are the account holder before acting, and we respond within the timelines required by law.
- School students: requests are directed through the child's school (see Section 14).
14.Snappy for Schools (student data)
When a school uses Snappy, the school controls the student data and Snappy acts on the school's behalf (as a “school official” providing an educational service). For student data we commit that we:
- use it only for the educational purpose the school authorised;
- do not serve targeted advertising to students, sell student data, or build profiles for non-educational purposes;
- delete student data on the school's request; and
- make a data-processing agreement available to schools.
Student logins are created and managed by teachers (students have no email); parents' access and consent for the school product are handled through the school.
15.Cookies & similar technologies
Snappy uses only what's essential to run — for example, keeping you signed in. We do not use advertising or cross-site tracking cookies, and we do not run third-party ad or analytics trackers.
16.Payments
Subscriptions are processed by Razorpay. Your card details are entered directly with Razorpay and are never received or stored by Snappy. Payment data is not children's data and is never used for profiling.
17.Changes to this policy
We'll update this page when our practices change and revise the “last updated” date. If a change materially affects children's data, we'll seek fresh parental consent before it applies.
18.Contact & complaints
Reach us any time at hello@snappyreading.com — this is also our grievance and complaints contact. You also have the right to complain to a data-protection authority — for example the Data Protection Board of India, your EU supervisory authority, the UK ICO, or the US FTC / your state Attorney General.
Regional annexes
These annexes restate specific disclosures required in particular regions. They add to, and do not replace, the policy above.
United States — COPPA (children under 13)
Snappy is a child-directed service and complies with the Children's Online Privacy Protection Act. We collect from children only the information described above (including, with parental consent, voice recordings, which are personal information under COPPA). We obtain verifiable parental consent before collection, do not condition participation on unnecessary data, and maintain a written data-retention policy (Section 11) with defined deletion — we do not retain indefinitely. Parents may review their child's information, refuse further collection or use, and request deletion by emailing hello@snappyreading.com. We do not disclose children's information to third parties except the service providers in Section 9, and we require written security assurances from them.
EU & UK — GDPR / UK GDPR & the Children's Code
Our legal bases are in Section 4; voice data is special-category data processed on explicit consent. You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent and to lodge a complaint with a supervisory authority. International transfers rely on Standard Contractual Clauses / the UK IDTA (Section 10). We follow high-privacy-by-default, data-minimisation, and no-profiling principles for children (UK Age Appropriate Design Code). As a small sole proprietor, we have not yet appointed a Data Protection Officer or an Article 27 EU/UK representative; we will do so if and when the scale of our processing requires it, and in the meantime you can reach us directly at hello@snappyreading.com.
California — CCPA / CPRA
We collect the categories of personal information described in Section 3, including sensitive personal information (a child's voice recording). We do not sell or share personal information, and we do not use sensitive information for anything beyond providing and improving the service. Consumers have the rights to know, access, correct, delete, and limit the use of sensitive information. For under-16s we do not sell/share at all. Exercise rights at hello@snappyreading.com.
India — Digital Personal Data Protection Act, 2023
Synapse Learning Systems is the Data Fiduciary. We process a child's (under-18) personal data only with verifiable parental consent, and we do not track, behaviourally monitor, or serve targeted advertising to children, nor undertake processing likely to harm a child. You may access, correct, erase, and nominate, and withdraw consent. We act as our own grievance contact (Section 1) and will address complaints; you may also approach the Data Protection Board of India. On request, we will make this notice available in your preferred Indian language.
Schools — FERPA & SOPIPA (US)
For the school product we operate under the school-official exception: the school controls the education records, we use them only for the authorised educational purpose, we do not re-disclose them except to the processors in Section 9, and we delete them on the school's request. We do not use student data for targeted advertising, do not sell it, and do not build non-educational profiles. A data-processing agreement is available to schools.
Canada, Australia & Brazil
Canada (PIPEDA): we obtain meaningful, parental consent for children and honour access rights. Australia: we act in the child's best interests, require parental consent for younger children, obtain consent for any targeted advertising (which we do not do to children), and delete on request. Brazil (LGPD): we process children's data in their best interest with specific parental consent and clear, accessible information. In every case, contact hello@snappyreading.com to exercise your rights.