Privacy Policy

Effective date: April 21, 2026 · Last updated: April 21, 2026

Introduction

What this policy covers and how to reach us with privacy questions.

1. Introduction

Welcome to Kidera ("we," "us," or "our"). Kidera is a private family journaling application that helps parents capture, preserve, and recall their children's most precious memories. We are committed to protecting your privacy and the privacy of your children.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. By using Kidera, you agree to the practices described in this policy.

If you have questions, contact us at help@kidera.co.

2. Who we are

Kidera is operated as a software service accessible at app.kidera.co and kidera.co. Our primary contact for privacy matters is help@kidera.co.

Information we collect

Account details, child profiles, journal content, media, usage, payments, and support messages.

3. Information we collect

3.1 Account information

When you create a Kidera account, we collect:

  • First and last name
  • Email address
  • Authentication method (Google OAuth or email/password via Clerk)
  • Account creation date

3.2 Children's information

When you add a child profile to your journal, we collect:

  • Child's first name
  • Child's date of birth
  • Child's gender (optional)
  • Child's avatar photo (optional)

This information is provided voluntarily by you as the parent or legal guardian. We do not directly collect information from children. All children's data is controlled by the parent or guardian who created the account.

3.3 Journal content

When you use Kidera to journal, we collect and store:

  • Journal entry text written by you
  • Dates of journal entries
  • Tags, mood, activities, locations, and people you associate with entries
  • Milestone classifications
  • AI-generated summaries and descriptions of your entries and photos

3.4 Photos and videos

When you upload media to Kidera, we collect and store:

  • Photos and videos you upload
  • File metadata (size, type, duration for videos)
  • AI-generated descriptions of photos (via OpenAI's GPT-4o Vision API)
  • Thumbnail images generated from your uploads

3.5 Usage data

When you use Kidera, we automatically collect:

  • Device type and operating system
  • Browser type
  • IP address
  • Pages and features accessed
  • Time and date of access
  • Actions taken within the app (entries created, questions asked, etc.)

3.6 Payment information

When you subscribe to Kidera Pro, payment is processed by Lemon Squeezy. We do not store your credit card numbers or full payment details. We receive and store:

  • Subscription status (free, active, cancelled)
  • Subscription plan type (monthly or yearly)
  • Lemon Squeezy customer ID and subscription ID
  • Billing history records

3.7 Communications

If you contact us at help@kidera.co, we collect the contents of your message and your email address to respond to your inquiry.

Use of data & AI

How we use information and how OpenAI, Cohere, and related AI features process your journal.

4. How we use your information

We use the information we collect to:

Provide the service

  • Create and maintain your account
  • Store and display your journal entries, photos, and videos
  • Generate AI-powered descriptions of your photos using OpenAI GPT-4o Vision
  • Power the Ask Your Journal feature using our RAG (Retrieval-Augmented Generation) pipeline
  • Generate and deliver weekly email summaries via Resend
  • Detect and categorize developmental milestones in your entries
  • Display your journal calendar, timeline, and media gallery

Personalize your experience

  • Show age-appropriate context for your children's entries
  • Personalize greetings and journal prompts
  • Remember your preferences and settings

Process payments

  • Manage your subscription through Lemon Squeezy
  • Process upgrades, downgrades, and cancellations
  • Send payment confirmation and receipts

Communicate with you

  • Send weekly summary emails (Pro users, opt-in)
  • Send important account notifications
  • Respond to support requests
  • Send product updates (you may opt out at any time)

Improve the service

  • Analyze usage patterns to improve features
  • Debug technical issues
  • Monitor system performance and security

Legal compliance

  • Comply with applicable laws and regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service

5. AI processing disclosure

Kidera uses artificial intelligence to enhance your journaling experience. We are committed to transparency about how AI processes your data.

5.1 Photo description (GPT-4o Vision)

Photos you upload to Kidera are sent to OpenAI's GPT-4o Vision API to generate automatic text descriptions of what is depicted in the photos. These descriptions are:

  • Stored privately in your journal
  • Used to make your memories searchable
  • Not used to train OpenAI's models (we use the API under terms that prohibit training on API inputs)
  • Only accessible to you and anyone you have invited to your family journal

Important: Photos of children are processed by OpenAI's API. OpenAI's privacy policy governs how they handle API inputs. OpenAI does not retain API inputs beyond what is required to provide the service. Review OpenAI's practices at openai.com/privacy.

5.2 Ask your journal (RAG pipeline)

When you ask questions about your journal, your question and relevant journal entry text are sent to OpenAI's GPT-4o-mini API to generate answers. Your journal content sent to OpenAI is:

  • Limited to the most relevant entries for your question
  • Not used to train AI models
  • Processed under OpenAI's API data processing terms

5.3 Entry metadata extraction

When you save a journal entry, the entry text is sent to OpenAI's GPT-4o-mini API to extract mood, activities, locations, milestones, and tags. This processing happens when you save or update an entry, makes your entries more searchable, and is processed under OpenAI's API terms.

5.4 Text embeddings

Journal entry text is converted into vector embeddings using OpenAI's text-embedding-3-small model. Embeddings are stored in our database and used for semantic search in Ask Your Journal. They are mathematical representations and are not designed to be reverse-engineered into readable text.

5.5 Cohere reranking

Search results in Ask Your Journal may use Cohere's reranking API. Relevant journal text snippets are sent to Cohere. Cohere's privacy policy governs their handling of this data.

Children & sharing

COPPA, parental rights, and when we share data (including our subprocessors).

6. Children's privacy (COPPA compliance)

Kidera is designed for parents and guardians. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA).

6.1 Who creates accounts

Accounts are created by adults (parents or legal guardians) only. We do not knowingly allow children under 13 to create their own accounts. If you believe a child under 13 has created an account without consent, contact help@kidera.co and we will delete the account.

6.2 Parental consent

By creating an account and adding a child profile, you consent to the collection and processing of information about your child as described here. You have full control over your child's data at all times.

6.3 Parental rights

As a parent or guardian, you have the right to:

  • Review all information stored about your child in your journal
  • Request correction of inaccurate information
  • Request deletion of your child's information by deleting their profile or your entire account
  • Refuse further collection by deleting a child's profile
  • Export all data about your child using the Export feature

6.4 AI processing of children's images

As disclosed in section 5.1, photos you upload (which may include children) are processed by OpenAI's API. By uploading, you consent to this processing. We do not use children's photos for any purpose other than generating private journal descriptions for you.

6.5 No advertising to children

We do not serve advertising in Kidera. We do not use children's data for advertising or share it with advertisers or data brokers.

7. How we share your information

We do not sell your personal data. We do not share your data with advertisers. We share information only as described below.

7.1 Service providers

We share data with service providers that help us operate Kidera. They are contractually required to use data only to provide services to us.

Provider Purpose Data shared Privacy policy
Clerk Authentication and user management Email, name, auth tokens clerk.com/privacy
Supabase Database and backend infrastructure User data and journal content as stored in our app supabase.com/privacy
Cloudflare R2 Photo and video object storage Media files cloudflare.com
OpenAI AI descriptions, entry analysis, search Photos, journal text (as described in section 5) openai.com/privacy
Cohere Search result reranking Relevant journal text snippets cohere.com/privacy
Lemon Squeezy Payment processing Email, subscription data lemonsqueezy.com
Resend Email delivery Email address, content of sent emails resend.com
Vercel Application hosting Usage logs, IP addresses vercel.com

7.2 Partner invites

If you invite a partner to your family journal, they can access all entries, photos, videos, and child profiles in that shared journal. Only invite people you trust with your family's data.

7.3 Legal requirements

We may disclose information if required by law or valid process, including court orders, law enforcement, legal proceedings, protection of our rights, and prevention of fraud or harm. We will notify you to the extent permitted by law.

7.4 Business transfers

If Kidera is acquired, merged, or involved in a significant transaction, your data may be transferred. We will notify you by email and/or a prominent notice on our site before your data is governed by a different policy.

7.5 With your consent

We may share your information with third parties when you explicitly agree.

Security & retention

Where data lives, how we protect it, how long we keep it, and what happens when you delete.

8. Data storage and security

8.1 Where we store your data

Your data is stored on infrastructure from our service providers. Journal text, metadata, and account data are in Supabase (PostgreSQL). Photos and videos are in Cloudflare R2. Authentication is handled by Clerk. Infrastructure for our hosting stack operates in the United States as implemented by our providers.

8.2 Security measures

  • TLS/HTTPS for data in transit
  • Encrypted delivery of media via Cloudflare's network
  • Row Level Security (RLS) in the database where applicable
  • Clerk for authentication, including support for multi-factor authentication
  • API keys and secrets in environment configuration, not in public code
  • Regular security review of our codebase and infrastructure

8.3 Data breach notification

In the event of a breach that affects your personal data, we will notify you within 72 hours of becoming aware, to the extent required by law.

8.4 Your responsibility

Keep your credentials secure. Use a strong password. Do not share your account with anyone except a partner you invite through our official feature.

9. Data retention

9.1 Active accounts

We retain your data as long as your account is active and for a reasonable period afterward to allow reactivation where applicable.

9.2 Account deletion

When you delete your account, we permanently delete journal text, media in R2, child profiles, account data, AI descriptions and embeddings, and ask history. Deletion is permanent. Use Export before deleting if you need a copy.

9.3 Deletion timeline

We initiate deletion immediately. Complete removal from all backups may take up to 30 days.

9.4 Legal holds

We may retain certain data longer if required by law or for legitimate legal purposes (e.g., fraud prevention, disputes).

9.5 Payment records

We retain payment transaction records for 7 years as required by financial regulations, even after account deletion.

Your rights & closing

Access, export, deletion, regional rights, cookies, international transfers, updates, and contact.

10. Your rights and choices

10.1 Access

Access your journal data through the Kidera app.

10.2 Export

Export all your data, including photos and videos, from Profile settings. Exports are provided as a ZIP organized by date.

10.3 Correction

Update your account in the app. For data you cannot correct yourself, contact help@kidera.co.

10.4 Deletion

Delete your account and associated data in Profile > Danger Zone. This is permanent and irreversible.

10.5 Opt-out of emails

Opt out of weekly summary and marketing emails in Profile settings or via the unsubscribe link in our emails.

10.6 GDPR (EU users)

If you are in the EU, you may have rights to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent, and the right to lodge a complaint with a supervisory authority. Contact help@kidera.co — we respond within 30 days.

10.7 California (CCPA)

California residents have rights to know, delete, opt out of sale (we do not sell personal information), and non-discrimination. Contact help@kidera.co.

11. Cookies and tracking

11.1 Cookies we use

Cookie Purpose Duration
Authentication (Clerk) Keep you signed in Session / 30 days
Onboarding completion Remember onboarding status 1 year
Pending invite Remember invite during signup 10 minutes
Pending plan Remember selected plan during signup 10 minutes

11.2 No advertising cookies

We do not use advertising cookies, tracking pixels, or third-party ad profiling.

11.3 Analytics

We use Google Analytics to understand how visitors interact with our website. This helps us improve the product experience. Google Analytics collects anonymized usage data such as pages visited and session duration. It does not build ad profiles and we do not use it for advertising purposes. You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

12. Third-party links

Kidera may link to third parties (e.g., Lemon Squeezy for subscription management). We are not responsible for their privacy practices. Please read their policies before providing information.

13. International users

Kidera is operated from the United States. If you use Kidera from outside the U.S., your information is transferred to and processed in the U.S. By using the service, you consent to that transfer. We use appropriate safeguards for international transfers as required by law.

14. Changes to this privacy policy

We may update this policy. For significant changes we will update the "Last updated" date, email you for material changes when appropriate, and may post a notice in the app. Continued use after changes constitutes acceptance of the updated policy.

15. Contact us

For privacy questions or requests:

We will respond to privacy inquiries within 5 business days.