Privacy Policy
This Privacy Policy describes how Kid / Mio (“we”, “us”, “our”) collects, uses, stores, and deletes personal data when you use our family mobile application and related services (the “Service”).
1. Data controller
Individual Entrepreneur Endreev Konstantin Andreevich (ИП Эндреев Константин Андреевич)
385638, Russia, Republic of Adygea, Giaginsky District, Tambovsky khutor, Partizanskaya St., 48
Privacy contact: privacy@mio.baby
Support: support@mio.baby
2. Who this policy applies to
- Parents/guardians who register and manage a family account.
- Children whose accounts are created by a parent (children do not self-register).
- Second parents who join an existing family by invite code.
See also our Children & Family Privacy Notice for parent-specific information about child accounts.
3. Data we collect
| Category | Examples | Who |
|---|---|---|
| Account data | Email, display name, password (stored as hash), account type, user ID | Parent |
| Child profile | Family username, display name, PIN (stored as hash), birth date, age group, gender, avatar, interests (10+) | Child (via parent) |
| Family data | Family name, invite code, family rules, membership roles | Family |
| User content | Task completion photos, text reports, reward goals, coin transactions | Child / parent |
| Activity & progress | Tasks, achievements, MIO pet progress, discoveries, analytics summaries | Child |
| Device data | Push notification token (APNs) | Parent / child |
| Technical logs | API request metadata, error logs (no advertising IDs) | All users |
We do not collect precise location, contacts, or advertising identifiers. We do not use third-party analytics SDKs (e.g. Firebase Analytics) for behavioral advertising.
4. How we use data
- Provide and operate the Service (tasks, rewards, family dashboard, MIO).
- Authenticate users and secure accounts.
- Send push notifications you opt into (task reminders, achievements).
- Generate in-app progress summaries for parents and children.
- Process MIO Plus plans purchased on our website and unlock paid features on linked accounts.
- Comply with law and respond to support requests.
We do not sell personal data. We do not use children’s data for behavioral advertising. Marketing emails to parents are sent only with your explicit opt-in consent.
5. Legal bases (EEA/UK GDPR)
- Contract — to provide the Service to parents.
- Legitimate interests — security, fraud prevention, product improvement (balanced against your rights).
- Consent — push notifications (via iOS permission prompt).
- Parental authority — child account data is provided under a parent’s direction when they create and manage the child profile.
6. Children’s privacy (COPPA-aligned practices)
- Children cannot create accounts independently; a parent must create the child account.
- Parents can view and manage child activity within the family.
- Parents can delete a child account in the app (Profile → Delete child), which permanently removes the child’s data.
- We collect only data necessary for the Service’s family features.
7. Photos
When a parent assigns a photo-based task, the child may upload a photo from the device library to confirm completion. Photos are stored on our servers, visible to parents in the family, and deleted when the account or related data is deleted.
8. Push notifications
If you allow notifications in iOS settings, we store a device token to send alerts (e.g. achievements, reminders). You can disable notifications in iOS Settings at any time.
9. Sharing with third parties
| Recipient | Purpose |
|---|---|
| Apple (APNs) | Deliver push notifications |
| Cloud hosting provider (reg.ru VPS, Moscow, RU) | Store database and uploaded content |
| T-Bank (Tinkoff) acquiring | Process MIO Plus payments on our website (parent billing data only) |
We may disclose data if required by law or to protect rights, safety, and security.
10. International transfers
We process data primarily in Russia (Moscow). Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) for transfers from the EEA/UK.
11. Retention
We retain data while your account is active. When you delete your account or a child account in the app, we permanently delete associated personal data from our production systems, subject to limited backup retention (typically up to 30 days) and legal obligations.
12. Your rights
Depending on your location, you may have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. You may also withdraw consent where processing is consent-based.
- In-app deletion: Family tab → Delete account; child profile → Delete child.
- Email: privacy@mio.baby
- EEA/UK: You may lodge a complaint with your local supervisory authority.
- Russia: If applicable, you may contact Roskomnadzor regarding processing of personal data of Russian citizens.
13. Security
We use HTTPS, hashed passwords, access controls, and role-based permissions. No method of transmission or storage is 100% secure.
14. Changes
We may update this policy. We will post the new version with an updated effective date. Material changes may be notified via the app or email to parents.
15. Contact
Questions: privacy@mio.baby · Support page