Privacy Policy

This Privacy Policy describes how Clevers Nest LLC ("Clevers Nest," "we," "us," or "our") collects, uses, and shares information about you when you use our mobile applications, websites, and related services (collectively, the "Services"), including Gonit and Chintu.

We are committed to transparency, data minimization, and protecting the privacy of all users — especially children. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

          Our core privacy promise: We collect only what is necessary, we do not sell your personal data, and we take the privacy of children very seriously.
        

1 Who We Are & How to Contact Us

Clevers Nest LLC is a U.S.-registered software development company focused on building educational and productivity mobile applications. We are the data controller for information collected through our Services.

Clevers Nest LLC
United States
Privacy inquiries: [email protected]
General support: [email protected]
Website: cleversnest.com

2 Information We Collect

We collect the minimum information necessary to provide our Services. The information we collect depends on how you interact with us:

A. Information You Provide Directly

Account registration details (e.g., email address, username, password)
Communications you send to us (e.g., support emails)
Payment information — processed by Apple or Google; we do not store full payment card details
Feedback and survey responses

B. Information Collected Automatically

Device information: Device type, operating system version, device identifiers (e.g., IDFA, GAID, where permitted)
Usage data: App features used, session duration, in-app interactions, crash reports, and performance data
Log data: IP address, access timestamps, referring URLs
Analytics data: Aggregated, anonymized usage statistics

C. Information from Third Parties

Authentication data if you sign in via Apple ID or Google account
Purchase verification data from the App Store or Google Play

          For apps directed at children, we collect only the data technically required to operate the app. We do not collect contact details, location data, or behavioral advertising data from children.
        

3 How We Use Your Information

Purpose	Data Used
Provide and operate the Services	Account info, usage data, device info
Process payments & subscriptions	Purchase verification data
Improve and develop our Services	Usage data, crash reports, analytics
Personalize your experience	Usage data, preferences
Send transactional communications	Email address
Send marketing communications (with consent)	Email address
Respond to support requests	Contact details, account info
Comply with legal obligations	Relevant personal data as required by law
Fraud prevention & security	Device info, usage data, IP address

We do not sell your personal information to third parties for their marketing purposes.

4 Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases as required by the GDPR:

Contractual necessity: Processing required to deliver our Services (e.g., account management, in-app purchases).
Legitimate interests: Processing for security, fraud prevention, product improvement, and customer support — balanced against your rights.
Legal obligation: Processing required to comply with applicable law.
Consent: Where you have provided explicit consent (e.g., marketing emails, certain analytics). You may withdraw consent at any time.

5 Sharing of Information

We do not sell, trade, or rent your personal information. We share information only in the following limited circumstances:

Service Providers: We share data with third-party vendors who assist us in operating our Services (e.g., analytics, cloud hosting, crash reporting). These parties are contractually bound to use data only for the specified purpose.
Platform Partners: Apple Inc. and Google LLC in connection with App Store / Play Store operations, purchases, and reviews.
Legal Compliance: When required by law, court order, or government authority, or to protect the rights, property, or safety of Clevers Nest, our users, or the public.
Business Transfers: In connection with a merger, acquisition, or sale of all or part of our business. You will be notified via email or prominent notice within our Services of any such change in ownership.
With Your Consent: For any other purpose with your explicit consent.

6 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law.

Data Type	Retention Period
Account data	For the duration of your account, plus up to 30 days after deletion request
Usage & analytics data	Up to 24 months (anonymized thereafter)
Support communications	Up to 3 years
Purchase & billing records	7 years (tax & legal compliance)
Children's data (anonymous / no account)	Up to 12 months from last app session, then automatically purged
Children's data (account-based)	Duration of account + 30 days after closure; inactive accounts purged after 12 months of inactivity
Children's data — parental deletion request	Completed within 30 days of verified request (target: 10 business days)

To request deletion of your data, contact us at [email protected].

7 Children's Privacy (COPPA & GDPR-K)

Special Notice for Parents & Guardians: Gonit and Chintu are educational apps designed for use by children. We comply with all applicable children's data protection laws globally and take these obligations very seriously.

We comply with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506 and 16 C.F.R. Part 312 (including 2024 amendments); GDPR Article 8 and Recital 38; the UK ICO Age Appropriate Design Code (Children's Code); and equivalent children's privacy protections in other jurisdictions where our apps are available.

7.1 — Applicable Age Thresholds

Different jurisdictions define "children" differently. We apply the applicable threshold based on the user's location:

Jurisdiction	Age Threshold	Legal Basis
United States	Under 13	COPPA (16 C.F.R. Part 312)
EU — default (e.g., Germany, Netherlands, Austria)	Under 16	GDPR Article 8(1)
EU — national derogation (e.g., France, Belgium)	Under 15	GDPR Art. 8 + national law
EU — lower derogation (e.g., Ireland, Sweden, Denmark)	Under 13	GDPR Art. 8 + national law
United Kingdom	Under 13	UK GDPR + ICO Children's Code

Where we cannot determine a user's age with certainty and app content is likely to be accessed by children, we apply children's privacy standards to all users in that context.

7.2 — What Data We Collect from Children

We apply strict data minimization (COPPA §312.3; GDPR Article 5(1)(c)). Here is exactly what we collect and what we do not:

Account-free app experiences (no parental consent required):

Anonymous crash reports and performance data only
Aggregated, non-identifiable usage statistics
No persistent identifiers linked to a specific child

Account-based features (only with prior verified parental consent):

Parent's email address (not the child's)
Username or display name chosen by the parent
App progress and learning data

We explicitly do NOT collect from child users: real name, home address, phone number, child's email address, precise geolocation, photographs, videos, voice recordings, biometric identifiers, social media handles, or any sensitive personal information as defined under COPPA or GDPR.

7.3 — Verifiable Parental Consent

For any data collection beyond anonymous technical data from users below the applicable age threshold, we obtain verifiable parental or guardian consent using COPPA-approved and GDPR Article 8(2)-compliant methods:

Email-plus verification: A parent provides their email address during account setup. We send a verification email requiring an affirmative response. The child's account is not activated until the parent confirms — this meets the FTC's "email plus" standard for apps in the children's educational context.
Platform parental controls: We integrate with and respect Apple Family Sharing and Google Family Link parental consent signals where available.
Records of consent (date, method, and scope) are securely retained for the duration required by applicable law.

          GDPR Article 8(2) Note: We make "reasonable efforts" to verify that consent is given by the holder of parental responsibility, taking into account available technology. For EEA/UK users, the lawful basis for processing a child's data is parental consent under GDPR Article 6(1)(a) in conjunction with Article 8.
        

7.4 — Direct Notice to Parents (COPPA §312.4)

Before or at the time of any personal data collection from a child, we provide a clear and complete direct notice to the parent or guardian that states:

The specific types of personal information we intend to collect from the child
How that information will be used
Whether and to whom the information will be disclosed
A full explanation of parental rights and how to exercise them
A link to this Privacy Policy

This direct notice is separate from this general Privacy Policy and is delivered via in-app screen and/or email at the time of consent.

7.5 — No Conditioning of Participation (COPPA §312.7)

We do not condition a child's participation in any app activity on the collection of more personal information than is reasonably necessary for that activity. Core app functionality (e.g., learning content, games) is always available without requiring personal data beyond what is technically essential.

7.6 — Advertising, Profiling & Commercial Restrictions

We do not engage in behavioral advertising directed at children.
Any advertising within children's apps is contextual only and age-appropriate, in compliance with COPPA, FTC guidelines, and GDPR Recital 38 (which states that personal data of children should not be used for marketing or creating personality or user profiles).
We do not create behavioral profiles of child users for any advertising, commercial, or non-educational analytical purpose.
We do not sell children's personal information to any third party, ever.
We do not use children's data for purposes beyond the specific educational or entertainment purpose of the app in which the data was collected.
We do not disclose children's personal information to third parties for their own commercial purposes.
In-app purchases within children's apps require explicit parental authorization via the device platform (Apple App Store / Google Play billing controls).

7.7 — Third-Party Service Providers & Children's Data

The only third parties that may receive children's data are service providers acting strictly on our behalf (e.g., cloud infrastructure, anonymized analytics). All such providers are contractually required to:

Process children's data only for the specific purpose we have authorized and on our documented instructions
Maintain technical and organizational security measures meeting or exceeding ours
Comply with COPPA and all applicable children's data protection laws
Delete children's data promptly when no longer needed for the authorized purpose
Not re-disclose, sell, or otherwise use children's data for their own purposes

7.8 — UK ICO Age Appropriate Design Code (Children's Code)

For users in the United Kingdom, our children's apps are designed in accordance with the ICO's Age Appropriate Design Code. Key standards we implement include:

Privacy settings are configured to the highest privacy-protective setting by default
We do not use "nudge techniques" or manipulative design to encourage children to share more data or weaken privacy protections
We only collect and retain children's data for as long as strictly necessary
Location tracking is disabled by default and not collected from child users
We do not profile children to deliver targeted content or advertising
Parental controls are supported and respected

7.9 — Children's Data Retention

We retain children's personal data for the minimum time necessary for the stated purpose, in compliance with COPPA §312.10 and GDPR Article 5(1)(e):

Anonymous technical data (crash reports, analytics): Up to 12 months, then automatically deleted
Account data (with parental consent): Duration of account, plus up to 30 days after account closure or parental deletion request
Inactive accounts: Reviewed and deleted after 12 months of inactivity in compliance with 2024 COPPA rule amendments
Upon verified parental deletion request: Deleted within 30 days (we aim for 10 business days)

7.10 — Parental Rights & How to Exercise Them

Parents and legal guardians have the following rights under COPPA, GDPR Article 8, and other applicable laws:

Access: Request a copy of all personal information we hold about their child
Correction: Request correction of inaccurate or outdated information
Deletion: Request that we delete all personal information collected from their child
Refusal: Refuse to permit further collection or use of their child's data
Withdrawal of consent: Withdraw previously given consent at any time, without penalty and without affecting prior lawful processing
Data portability (EEA/UK): Receive the child's data in a structured, commonly used, machine-readable format

How to submit a parental request:
Email: [email protected]
Subject line: "Parental Request – Child Privacy"
Please include: your name, the app name, and (if applicable) the child's username or account email address
We will verify your identity as the parent/guardian and respond within 10 business days. Deletion requests are completed within 30 days (or sooner as required by law).

If we discover we have inadvertently collected personal information from a child without the required parental consent, we will delete that information promptly without requiring a parental request.

8 Your Rights — Global

Regardless of where you are located, you have the following rights regarding your personal data:

🔍

Access

Request a copy of the personal data we hold about you.

✏️

Correction

Request correction of inaccurate or incomplete data.

🗑️

Deletion

Request deletion of your personal data ("right to be forgotten").

🔒

Restriction

Request restriction of processing in certain circumstances.

📦

Portability

Receive your data in a structured, machine-readable format.

🚫

Objection

Object to processing based on legitimate interests.

📧

Opt-Out

Unsubscribe from marketing communications at any time.

↩️

Withdraw Consent

Withdraw consent where processing is based on consent.

To exercise any of these rights, please email [email protected]. We will respond within 30 days (or within the timeframe required by applicable law).

9 EU / EEA & UK User Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have enhanced rights under the General Data Protection Regulation (GDPR) and UK GDPR:

All rights listed in Section 8 above apply to you in full.
You have the right to lodge a complaint with your local data protection authority (DPA). A list of EU DPAs is available at edpb.europa.eu. UK users may contact the Information Commissioner's Office (ICO).
Where we transfer your data outside the EEA or UK, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses approved by the European Commission).
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

EU Representative: As a U.S. company offering services to EEA residents, we are reviewing our obligations under Article 27 GDPR and will appoint an EU Representative if required. For any GDPR-related queries, please contact [email protected].

10 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out: We do not sell personal information. If this changes, we will update this policy and provide an opt-out mechanism.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide our Services.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a verifiable consumer request, contact us at [email protected]. We will respond within 45 days.

Categories of personal information collected (last 12 months): Identifiers (e.g., email, device ID), commercial information (purchases), Internet or other electronic network activity (usage data), and inferences drawn to create a profile.

11 International Data Transfers

Clevers Nest LLC is based in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

Where required by law, we implement appropriate safeguards for international data transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
UK International Data Transfer Agreements (IDTAs) for transfers from the UK.
Other legally recognized transfer mechanisms as applicable.

By using our Services, you understand that your information will be processed in the United States and other countries where our service providers operate.

12 Data Security

We implement and maintain reasonable and appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest where appropriate
Access controls and authentication requirements for our systems
Regular security reviews and vulnerability assessments
Employee training on data protection

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by applicable law.

13 Cookies & Tracking Technologies

Our website (cleversnest.com) may use cookies and similar tracking technologies to enhance your experience. Our apps may use SDKs that perform similar functions.

Type	Purpose	Can You Opt Out?
Essential / Strictly Necessary	Required for the website or app to function	No (required)
Analytics	Help us understand how users interact with our Services	Yes
Functional	Remember your preferences and settings	Yes
Marketing (if applicable)	Deliver relevant content or advertisements	Yes

You can control cookies through your browser settings or device privacy settings. For more information, visit allaboutcookies.org. Note that disabling certain cookies may affect the functionality of our Services.

14 Third-Party Services

Our Services integrate with or link to third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

Apple Inc. (App Store) — apple.com/legal/privacy
Google LLC (Google Play, Analytics, Firebase) — policies.google.com/privacy

We only work with third-party service providers who commit to protecting your data and processing it only on our behalf and according to our instructions.

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Notify you via in-app notification or email (where applicable).
For significant changes, obtain fresh consent where required by law.

We encourage you to review this Policy periodically. Your continued use of the Services after changes become effective constitutes your acceptance of the revised Policy.

16 Contact & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Clevers Nest LLC — Privacy Team
16192 Coastal Hwy, Lewes, DE 19958, United States
Privacy email: [email protected]
General support: [email protected]
Website: cleversnest.com

We aim to respond to all privacy-related requests within 30 days. For GDPR requests, we will respond within the statutory timeframe (typically 30 days, extendable by a further 60 days for complex requests).

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

📋 Table of Contents