Privacy Policy

Effective date: 19 June 2026 · Version 1.2

This Privacy Policy describes how Kid / Mio (“we”, “us”, “our”) collects, uses, stores, and deletes personal data when you use our family mobile application and related services (the “Service”).

1. Data controller

TYK MYK STUDIO LLC (ООО «Тык мык Студио»)
350000, Russia, Krasnodar Region, Krasnodar, Krasnoarmeyskaya St., 64/2, premises 1
INN 2308305256 · KPP 230801001 · OGRN 1262300027208
Privacy contact: privacy@mio.baby
Support: support@mio.baby

2. Who this policy applies to

See also our Children & Family Privacy Notice for parent-specific information about child accounts.

3. Data we collect

CategoryExamplesWho
Account data Email, display name, password (stored as hash), account type, user ID Parent
Child profile Family username, display name, PIN (stored as hash), birth date, age group, gender, avatar, interests (10+) Child (via parent)
Family data Family name, invite code, family rules, membership roles Family
User content Task completion photos, text reports, reward goals, coin transactions Child / parent
Activity & progress Tasks, achievements, MIO pet progress, discoveries, analytics summaries Child
Location (MIO Plus) GPS coordinates, accuracy, battery level (optional), geofence zones and enter/exit events Child (with parent consent)
Family chat (MIO Plus) Text, voice, photo, and video messages between parent and child Parent / child
Device data Push notification token (APNs on iOS, FCM on Android) Parent / child
Technical logs API request metadata, error logs (no advertising IDs) All users

We do not collect contacts or advertising identifiers. We do not use third-party analytics SDKs (e.g. Firebase Analytics) for behavioral advertising. Child location is collected only for MIO Plus families with explicit device permission and parent-enabled sharing.

4. How we use data

We do not sell personal data. We do not use children’s data for behavioral advertising. Marketing emails to parents are sent only with your explicit opt-in consent.

5. Legal bases (EEA/UK GDPR)

6. Children’s privacy (COPPA-aligned practices)

7. Photos

When a parent assigns a photo-based task, the child may upload a photo from the device library to confirm completion. Photos are stored on our servers, visible to parents in the family, and deleted when the account or related data is deleted.

8. Push notifications

If you allow notifications in iOS settings, we store a device token to send alerts (e.g. achievements, reminders). You can disable notifications in iOS Settings at any time.

9. Sharing with third parties

RecipientPurpose
Apple (APNs)Deliver push notifications (iOS)
Google (FCM)Deliver push notifications (Android)
OpenRouterOptional AI helpers for parents (task parsing, text suggestions) — no child photos or location
ElevenLabsOptional voice synthesis and parent voice clone (MIO Plus) — task/reward text and parent audio sample only
Cloud hosting provider (reg.ru VPS, Moscow, RU)Store database and uploaded content
T-Bank (Tinkoff) acquiringProcess MIO Plus payments on our website (parent billing data only)
Tochka Bank (Точка)Process MIO Plus payments on our website (parent billing data only)

We may disclose data if required by law or to protect rights, safety, and security.

10. International transfers

We process data primarily in Russia (Moscow). Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) for transfers from the EEA/UK.

11. Retention

We retain data while your account is active. GPS trail points are automatically deleted after 30 days; the latest location snapshot is kept until you disable sharing or delete the account. When you delete your account or a child account in the app, we permanently delete associated personal data from our production systems, subject to limited backup retention (typically up to 30 days) and legal obligations.

12. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. You may also withdraw consent where processing is consent-based.

13. Security

We use HTTPS, hashed passwords and PINs, JWT authentication, role-based family access controls, and optional protected media URLs that require authentication. Sensitive uploads (task photos, chat media) are not served publicly when protection is enabled. No method of transmission or storage is 100% secure.

14. Family Vault (optional end-to-end encryption)

Families may opt in to Family Vault (vault_e2e mode). When enabled on a family account:

Disabling or not enabling Family Vault keeps the default server-side processing described elsewhere in this policy.

15. Changes

We may update this policy. We will post the new version with an updated effective date. Material changes may be notified via the app or email to parents.

16. Contact

Questions: privacy@mio.baby · Support page