The Data a Children's Education App Should Never Collect
Precise location, contacts, ad identifiers, behavioural profiles for advertising — the data a children's education app should never collect, and how to check.
Start From Never, Not From Maybe
There is a simple truth about the data a children's education app collects: the safest record is the one that was never created. Data that does not exist cannot leak, cannot be breached, cannot be subpoenaed, cannot be quietly repurposed three years later under a new owner with new incentives.
So before asking what a product does with data, ask a sharper question: what does it refuse to collect in the first place? For a product whose users are children, we think some answers are not judgment calls. They are nevers.
The Never List
Precise location. No lesson requires knowing which street corner your child is standing on. A country or a city may serve a legitimate purpose — language, syllabus, law. Coordinates never do.
Contacts. An education app that asks to read the address book is not building a classroom; it is building a growth channel out of your child's friendships. Advertising identifiers. These exist for exactly one purpose — to recognise a person across apps and follow them — and that purpose has no defensible version when the person is nine years old.
And behavioural profiles built for advertising. A learning product must model what a child understands; that is the job. A profile of what a child can be persuaded to want is a different artefact with a different customer, and it should never be assembled from a classroom. OpenKids collects none of the above, and there are no ads anywhere in the product for such a profile to serve.
Data Minimisation Is a Design Principle, Not a Policy
Minimisation cannot live only in a legal document; it has to shape the product itself. In ours it looks like this: children sign in with a kid-code, not an email address. We store a birth year, because age-appropriate teaching needs it — not a birthday, because nothing does. A photo sent to ask a question is used to answer it and never stored.
And when a member of our team views a child's messages during a safety review, that view itself is written to an audit log. The habit we are trying to build is the same at every layer: collect the minimum, keep it no longer than needed, and leave a trace whenever a human looks.
Why “We Don't Sell Data” Is a Low Bar
Almost every privacy policy on earth now says “we do not sell your data,” and parents are meant to relax when they read it. Do not relax yet. Selling is only one exit. Data can be shared with “trusted partners,” used in-house to target advertising, handed to a parent company, retained indefinitely against future plans, or transferred wholesale when the startup is acquired. Every one of those fits comfortably behind “we don't sell.”
The honest bar is higher and simpler: do not collect what the teaching does not need, do not keep it longer than the teaching requires, and do not use it for any purpose the parent did not sign up for. A company that clears that bar will usually say so plainly — specifics are easy when there is nothing to blur.
How to Read a Privacy Policy in Five Minutes
You do not need a law degree — you need a search box. Open the policy and search for “location,” “contacts,” “advertising,” and “identifier”: anything on the never list should be absent or explicitly ruled out. Search for “partners” and “third parties” and see whether the sentence around them is specific or foggy. Look for a retention period stated in numbers, and for a way to delete your child's data that does not require a lawyer's letter.
Then notice the tone. A company that is proud of its data practices writes about them the way a chef describes ingredients — precisely, at length, unprompted. A company that is not writes in fog. Five minutes with the search box tells you which one you are reading.