Effective date: April 8, 2026 · Last updated: April 8, 2026
1. Who we are
WanderWords ("we", "us", "our") is a Mandarin literacy service for families. Our app is available at app.wanderwords.co. You can reach us at hello@wanderwords.co.
2. Who this policy covers
This policy applies to parents and guardians ("you") who create WanderWords accounts. Our service is directed at parents — not children. All accounts are created by adults. Children use the app only through a parent-managed learner profile.
Because children's information is processed as part of learner profiles, we comply with the Children's Online Privacy Protection Act (COPPA) and treat all learner data with heightened care.
3. Information we collect
Information you give us directly:
- Account information: your email address, name, and password when you sign up
- Learner profile information: your child's first name, age range, and avatar selection
- Payment information: processed entirely by Stripe — we never see or store your card number
- Communications: if you contact us by email, we keep that correspondence
Information generated by using the service:
- Stories generated for your child's learner profile (content and metadata)
- Reading progress and character learning state per learner profile
- Curriculum assignments and worksheet history
- App usage patterns (pages visited, features used) via server logs
Information we do NOT collect:
- We do not collect information directly from children
- We do not use advertising trackers or third-party analytics pixels
- We do not build advertising profiles
4. How we use your information
- To create and maintain your account and learner profiles
- To generate personalised Mandarin stories tailored to each learner's level
- To track reading progress and character mastery across sessions
- To process payments and manage your subscription via Stripe
- To send transactional emails (receipts, password resets) — no marketing emails without your explicit opt-in
- To diagnose errors, improve reliability, and develop new features
5. Children's privacy (COPPA)
WanderWords accounts are created and managed by parents. We do not knowingly collect personal information directly from children under 13. Learner profiles contain only information a parent provides (first name, age range, avatar) — no email address, no password, no independent account.
If you believe we have inadvertently received personal information from a child under 13 without parental consent, please contact us at hello@wanderwords.co and we will delete it promptly.
Parental rights: As the account holder, you may at any time:
- Review the learner profile information we hold
- Update or correct any learner profile information
- Delete a learner profile — this removes all associated stories, progress, and worksheets
- Delete your entire account — this removes all data for all learner profiles
To exercise these rights, use the Settings page in the app or email us at hello@wanderwords.co.
6. Third-party services
We use a small number of trusted third-party services to operate WanderWords:
- Supabase — database and file storage (EU and US regions). Your data is stored on servers they operate. Supabase Privacy Policy
- Stripe — payment processing. Stripe handles all card data under their PCI-DSS certification. We receive only a customer ID and subscription status. Stripe Privacy Policy
- OpenAI — story generation. Story prompts (learner age range, curriculum level, chosen theme) are sent to OpenAI's API to generate story content. We do not send learner names or account emails to OpenAI. OpenAI Privacy Policy
- Vercel / Render — hosting infrastructure for the app frontend and backend
- Google Fonts — font delivery. Google may log font requests
We do not sell, rent, or share your data with any other third parties.
7. Data retention
We keep your account data for as long as your account is active. If you delete your account, all associated data (user record, learner profiles, stories, progress, billing history) is permanently deleted from our database within 30 days. Stripe retains payment records for their own legal obligations — we cannot delete those on your behalf.
8. Security
We use industry-standard practices to protect your data: all connections are encrypted via HTTPS/TLS, passwords are hashed by Supabase Auth, payment data is handled entirely by Stripe, and row-level security policies restrict database access to authenticated users' own data.
No system is perfectly secure. If you discover a security concern, please contact us at hello@wanderwords.co.
9. Cookies and local storage
WanderWords uses browser localStorage to store your session token and language preference. We do not use third-party advertising cookies. We do not use cross-site tracking.
10. Your rights
Depending on where you live, you may have rights under applicable privacy law (including GDPR if you're in the EEA, UK GDPR, CCPA if you're in California, and COPPA as described above). These rights may include access to your data, correction, deletion, and portability. To exercise any of these rights, contact us at hello@wanderwords.co.
11. Changes to this policy
If we make material changes to this policy, we'll notify you by email or by posting a notice in the app before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.
12. Contact us
Questions about this policy or how we handle your family's data: