This Privacy Policy explains how Soundame ("we", "us") collects, uses, and shares personal data when you use Soundame (the "Service"). We are the data controller for the personal data described below. We comply with the EU General Data Protection Regulation (GDPR) and applicable Serbian data-protection law.
1. Data we collect
- Account data: email address, hashed password, account creation date.
- Child profile data (provided by the parent): a first name or nickname and an age. We do not require a child's real name, photograph, or any direct contact information.
- Gameplay data: aggregate counts of sounds heard, sounds answered correctly, and time spent playing.
- Voice input: the child's spoken answers are processed for speech recognition. Audio is processed transiently to produce a text transcript and is not retained after the round ends.
- Billing data: handled by our payment processor Paddle. We receive subscription status, plan, renewal date, and a customer identifier — we do not receive or store card numbers.
- Technical data: IP address, browser/device type, and basic error logs.
- Analytics data: a random device identifier stored on your device (no cookies), the page a visit came from, and whether a device returns to play. We use this only for our own product and marketing analytics — to understand where players come from and whether they come back. It is not linked to a child, never shared with anyone, and never used for advertising.
2. How we use data
- To provide and operate the Service (legal basis: contract).
- To process payments and manage subscriptions (contract).
- To improve the Service and fix bugs (legitimate interest).
- To comply with legal obligations (legal obligation).
- To send essential service emails (e.g., password reset, billing receipts). We do not send marketing email without consent.
3. Children's privacy
Soundame is designed to be set up by a parent. Accounts are created by adults; child profiles contain only a nickname and age. We do not knowingly collect personal data directly from children, and we do not use children's data for advertising or profiling. Parents may review, export, or delete their child's profile at any time from the account page or by emailing info@soundame.com.
4. Sub-processors and third parties
We share personal data only with the following processors:
- Supabase — authentication, database, and backend functions (EU/US data centres).
- Paddle.com Market Limited — payment processing and merchant of record.
- ElevenLabs — text-to-speech generation for dynamic voice prompts. Short text strings are sent; no child personal data.
- Cloudflare — content delivery, DDoS protection, and privacy-friendly web analytics (Cloudflare Web Analytics / RUM). The analytics beacon is cookieless, does not fingerprint visitors, and does not track across sites. It is not loaded for visitors in the EU/EEA.
Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses or adequacy decisions.
5. Data retention
- Account and profile data: retained while your account is active and deleted within 30 days of account closure.
- Voice audio: not retained beyond the gameplay round (transient).
- Billing records: retained for 10 years as required by tax law.
- Server logs: retained for up to 90 days.
6. Your rights
Where the EU GDPR applies to you (e.g., users in the EU/EEA) you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw any consent. Users in Serbia have equivalent rights under the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti). To exercise these rights email info@soundame.com. You may lodge a complaint with the Serbian Commissioner for Information of Public Importance and Personal Data Protection (Poverenik), or with your local supervisory authority.
7. Security
We use industry-standard measures including TLS in transit, encryption at rest for credentials, and least-privilege access controls. No system is perfectly secure; we will notify affected users and authorities of any breach as required by law.
8. Cookies and local storage
We use strictly-necessary local storage for authentication tokens and game progress, plus a random device identifier for our own first-party analytics (see "Analytics data" above) — stored on your device, not a cookie, and not shared with third parties. We do not use advertising cookies or third-party tracking cookies. We use Cloudflare Web Analytics, which is cookieless and aggregates page-view and performance data without identifying individual visitors; it is disabled for visitors in the EU/EEA.
9. Changes to this Policy
We will post any changes on this page and update the "Last updated" date. Material changes will be communicated by email or in-app notice.
10. Contact
Soundame
Email: info@soundame.com