Last Updated: 25.06.2025

Welcome to Bimi Boo Kids! At Bimi Boo Kids Inc. (“Bimi Boo Kids,” “we,” “us,” or “our”), we are dedicated to inspiring, educating, and entertaining young children globally through our thoughtfully designed and safe educational apps, toys, and media. We understand the deep importance you place on the privacy and security of personal information, especially concerning your child, and we are firmly committed to protecting it.

This Privacy Policy (“Policy”) explains in clear and straightforward language how Bimi Boo Kids Inc. collects, uses, shares, and protects Personal Information (as defined below) when you and your child interact with our various offerings. This includes:

• Our mobile applications (the “Apps”)
• Our physical toys (the “Toys”)
• Our official website, www.bimiboo.com (the “Site”)
• Our cartoons, songs, and other digital media content (collectively with the Apps, Toys, and Site, our “Services”).

This Policy also describes your rights regarding your Personal Information and how you can exercise them. We encourage you, as a parent or guardian, to read this Policy carefully to understand our practices. By accessing or using any of our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your Personal Information as described in this Policy and our Terms of Service.

Policy Updates: The digital world and privacy laws are constantly evolving. We may revise this Policy from time to time to reflect changes in our data practices, our Services, or applicable legal requirements. If we make material changes to this Policy, particularly regarding how we collect, use, or share children’s Personal Information, we will provide prominent notice. This may include posting the updated Policy on our Site with a new “Last Updated” date at the top of this page, and/or providing other forms of notice as required by applicable law (such as direct communication if you have provided us with contact information). We encourage you to review this Policy periodically to stay informed about our privacy practices. 

TABLE OF CONTENTS

1. WHO IS YOUR DATA CONTROLLER?
2. HOW WE COLLECT PERSONAL INFORMATION
3. INFORMATION WE COLLECT
4. HOW WE USE YOUR PERSONAL DATA
5. LEGAL BASIS FOR PROCESSING YOUR DATA
6. WHO MAY ACCESS YOUR DATA
7. PROMOTIONAL COMMUNICATIONS
8. DATA RETENTION PERIODS
9. YOUR PRIVACY RIGHTS & HOW TO USE THEM
10. PROTECTING YOUR CHILD’S PRIVACY
11. BROWSER “DO NOT TRACK” REQUESTS
12. COOKIES AND TRACKING TECHNOLOGIES

1. WHO IS YOUR DATA CONTROLLER?

Bimi Boo Kids Inc. is the legal entity responsible for the collection, use, and protection of your Personal Information (as described in this Policy) when you interact with our Site, Apps, Toys, and other Services. In legal terms, this means Bimi Boo Kids Inc. acts as the “data controller.” As the data controller, we determine the purposes for which and the means by which your Personal Information is processed.

Our Contact Information for Privacy Matters:

If you have any questions about this Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:

Bimi Boo Kids Inc. 

410 Hauser Blvd, Apt 4 

Los Angeles, CA, 90036 

United States of America

Email: [email protected]

Please include “Privacy Inquiry” in the subject line of your email to help us direct your query appropriately. 

2. HOW WE COLLECT PERSONAL INFORMATION

We collect Personal Information about you and your child in several ways when you interact with our Services. The types of Personal Information we collect depend on your interaction with us. We strive for transparency and aim to provide parents and guardians with control over their child’s information.

Personal Information You Provide Directly to Us

The Personal Information you might provide includes, but is not limited to: 

• Contact Information: Such as your name, email address, and postal address. 
• Account Information: Such as a username and password (if applicable). 
• Payment Information: Such as payment card details or other financial account information. Please note that this information is collected and processed directly by our third-party payment processors, and we generally only receive confirmation of payment and limited details like the last four digits of your card. 
• Communication Content: Such as the content of your inquiries to customer support.

This may occur when you:

• Create an account on our Site, Bimi Boo ID or within our Apps. 
• Register a Toy for warranty purposes. 
• Subscribe to our newsletters, marketing communications, or other services. 
• Make a purchase or conduct a transaction through our Services (e.g., for an App subscription or a Toy). 
• Contact our customer support team for assistance or to provide feedback. 
• Participate in surveys, contests, or promotions we may offer. 
• Otherwise communicate with us.

Personal Information Collected Automatically

When you or your child access or use our Site or Apps, we and our third-party service providers may automatically collect certain technical and usage information. This information helps us operate, maintain, secure, personalize, and improve our Services, understand user preferences, and for analytics. This information may include device details, IP address, cookies, game progress, and app interaction data.

Personal Information We Receive from Our Data Processors

Occasionally, we may receive basic information about you from trusted partners (such as app stores, analytics providers, or payment processors) in order to process purchases, handle subscriptions, or analyze service usage as outlined in this policy. 

3. INFORMATION WE COLLECT

Important Notice: At Bimi Boo Kids, we are deeply committed to children’s privacy and practice data minimization. This means we only collect Personal Information that is necessary to provide and improve our educational Services, enhance your experience, communicate with you, and ensure the safety and security of our users. The specific Personal Information we collect depends on how you and your child interact with our Services.

Please note that the specific Personal Information collected will vary depending on the particular Bimi Boo Service you or your child are using and its specific features.

1. When You Use Our “Bimi Boo Kids Learning Academy” App 

The Bimi Boo Kids Learning Academy is designed to provide a comprehensive learning experience. To manage your account and personalize this experience, we collect the following: 

i. Parent’s Identifiers and Login Credentials:

Information Collected: Your email address and password. 

Source: Provided directly by you during account creation. 

Purpose & Basis: Essential for creating and securing your parent account, allowing you to manage subscriptions, and enabling multi-device access to the Academy. We process this to fulfill our service agreement with you and for security purposes.

ii. Child’s Profile Information (Optional and Voluntary):

Information Collected: Your child’s first name (or a nickname), gender, and date of birth or age. 

Source: Provided directly by you (the Parent or Guardian) during child profile setup within your account. 

Purpose & Basis: Used to personalize the educational content, tailor activities to your child’s developmental stage, and manage individual learning profiles. Providing this information is optional, and your consent is the basis for processing these details.

iii. Commercial Information (Subscription & Purchase Data):

Information Collected: Subscription status (e.g., active, expired), subscription history, and information about the payment platform used (e.g.,Amazon or our website). Note: actual payment card details are processed by third-party payment processors, not by us directly.  Source: Generated from your app store purchases, subscriptions made via our website, and your account activity. 

Purpose & Basis: To manage your subscription, deliver the purchased services, provide access to premium features, and for our financial record-keeping. This is necessary for fulfilling our service agreement and meeting legal obligations. 

iv. Usage Data (Child’s Interaction with the Academy): 

Information Collected: History of games completed, learning achievements and milestones, patterns of interaction with educational content (e.g., modules accessed, time spent). 

Source: Collected automatically as your child uses the Bimi Boo Kids Learning Academy app. 

Purpose & Basis: To provide the core educational experience, track progress, personalize future content recommendations, and for our legitimate interest in understanding how the Academy is used so we can improve its effectiveness and user experience.

v. Technical Device Information:

Information Collected: Device identifier (e.g., IDFVs), platform type (e.g., iOS, Android), device name/model, session information (e.g., login times, duration), and IP address (for general location and security). 

Source: Collected automatically from the device running the Academy app. 

Purpose & Basis: Essential for ensuring the app functions correctly on different devices, providing technical support, maintaining security, enabling multi-device access for your account, and for our legitimate interest in service optimization.

2. When You Use Our Other Bimi Boo Apps

For our standalone Bimi Boo apps that are not part of the full Learning Academy subscription, we collect information focused on app functionality, performance, and basic personalization if offered:

i. Technical Device Information:

Information Collected: Device identifiers (e.g., IDFV), platform type (e.g., iOS, Android), device model and brand, operating system and version, general hardware specifications, and network connection status (e.g., Wi-Fi, cellular). 

Source: Collected automatically from the device running the app. 

Purpose & Basis: To ensure the app functions correctly on your device, maintain technical compatibility, optimize performance, and for our legitimate interest in service security and improvement. 

ii. App Performance Data:

Information Collected: App version, error logs, crash reports, general performance metrics, and session information (e.g., how long the app is used). 

Source: Collected automatically as the app is used. 

Purpose & Basis: For our legitimate interest in monitoring app stability, identifying and fixing bugs, and improving overall app performance and user experience. 

iii. Usage Information:

Information Collected: Game progress, general interaction patterns (e.g., features used), in-app purchase events (e.g., unlocking content, processed by app stores), and status as a new or established user. 

Source: Collected automatically as the app is used. 

Purpose & Basis: For our legitimate interest in understanding app usage to optimize the user experience, provide basic service localization (like language), and potentially for regional feature optimization. In child-directed apps, this data is used to support internal operations. 

iv. Child’s Age or Birth Year (Optional, in some Apps):

Information Collected: Your child’s age or birth year. 

Source: If requested by an app for content personalization, it is provided directly by you (the Parent). 

Purpose & Basis: To tailor content to be age-appropriate for your child. Providing this is optional, and your consent is the basis for processing.

None that certain educational activities may ask to use your device’s:

• Camera
• Microphone
• Photo library

IMPORTANT: No images, recordings, or media files are uploaded to our servers. All captured content stays exclusively on your device. These features are optional and only enhance gameplay

3. When You Visit Our Website (www.bimiboo.com ) and Bimi Boo ID Portal

1) When You Browse Our General Website (www.bimiboo.com )

i. Technical Information:

Information Collected: IP address, browser type and version, device information (e.g., operating system, screen resolution), and information collected through cookies and similar technologies (see Section 12: “COOKIES AND TRACKING TECHNOLOGIES” for details). 

Source: Collected automatically when you browse our Site or ID Portal. 

Purpose & Basis: To ensure website functionality, security, and for our legitimate interest in understanding how our website is used to improve it. For non-essential cookies, we rely on your consent. 

ii. Contact Information (if you provide it):

Information Collected: Your name and email address.

Source: Provided directly by you when you fill out a contact form for support, subscribe to newsletters, or engage in other direct communication via the website. 

Purpose & Basis: To respond to your inquiries, provide customer support (fulfilling our service commitment or based on legitimate interest), or send you marketing communications if you have consented to receive them. 

2) When You Create or Use Your Bimi Boo ID Account

Your Bimi Boo ID is a central account system that facilitates a unified experience across various Bimi Boo Services.

i. User Account and Profile Information (Bimi Boo ID):

Information Collected: Parent/User: Your name, email address, password, birthdate (for account verification/recovery), profile icon/avatar, newsletter and push notification preferences, and records of consent to terms and policies.

Child Profiles (created by Parent under their Bimi Boo ID): Child’s name or nickname, birthdate or age, and avatar.

Source: Provided directly by you (the Parent/User) during Bimi Boo ID account creation or when managing your profile and child profiles through the portal or connected apps.

Purpose & Basis: Parent/User: Essential for user authentication, personalizing your experience across Services, managing your account, facilitating communication (transactional and, if consented, marketing), ensuring legal compliance, and security. Processed to fulfill our service agreement and for legitimate interests in security and service provision. Child Profiles: To deliver age-appropriate content, personalize the learning experience across connected Services (like the Academy), and track individual learning progress. Processed based on your consent as a Parent.

ii. Device and Session Information (Bimi Boo ID):

Information Collected: App version, bundle ID (identifies the specific app), platform (e.g., iOS, Android, Amazon), push notification token (if notifications are enabled), session ID, login/logout timestamps, and authentication token.

Source: Collected from device telemetry when you log into or use Services connected to your Bimi Boo ID.

Purpose & Basis: For device authorization, managing app updates, delivering push notifications (if consented), ensuring session continuity across devices, detecting suspicious or unauthorized account activity, and maintaining the security of your Bimi Boo ID. Processed for our legitimate interests in security and service functionality.

iii. Physical Product Support Information (Bimi Boo ID – if applicable):

Information Collected: Product name or ID (for physical products like wooden toys), warranty registration date, claim status, notes related to claims, and any photos or videos you upload as part of a warranty claim.

Source: Provided directly by you if you register a physical product or submit a warranty claim through the Bimi Boo ID portal or a connected service.

Purpose & Basis: To validate product ownership, manage warranty registrations, and process and handle warranty support requests. Processed to fulfill our service commitments or based on legitimate interest in customer support.

iv. In-App Purchases and Subscription Data (Managed via Bimi Boo ID):

Information Collected: Product identifiers (SKUs for digital goods/subscriptions), purchase dates, subscription status (e.g., active, cancelled, trial), trial period details, sandbox mode indicators (for testing), latest purchase receipts (from app stores), subscription lifecycle data (e.g., renewal dates, cancellations), and details of promotional offers applied (e.g., offer ID, creation/expiration timestamps). Details of billing events (types, timestamps, metadata).

Source: Collected from platform SDKs (e.g., Apple App Store, Google Play, Amazon Appstore) when purchases are made and linked to your Bimi Boo ID, or from our internal systems if purchased directly via our website (e.g., through Stripe).

Purpose & Basis: To manage your access to premium content and subscriptions across Services, track entitlements, resolve payment disputes, apply promotions and discounts, fraud prevention, analytics, and customer support. Processed to fulfill our service agreement, for legal compliance (financial records), and for legitimate interests in service management and fraud prevention.

v. Stripe-Specific Payment Details (for subscriptions via Bimi Boo Website/ID Portal):

Information Collected: If a subscription is purchased directly via our website using Stripe and managed through your Bimi Boo ID: card brand (e.g., Visa), issuing country of the card, last 4 digits of the card number, purchase price, billing interval, and trial duration. Stripe payment intent metadata (e.g., invoice ID, card info for confirmation).

Source: Received from Stripe (our third-party payment processor).

Purpose & Basis: To present billing information to you within your Bimi Boo ID account, detect fraud, resolve billing issues, and for payment confirmation and invoice tracking. Processed for our legitimate interest in managing payments and for service fulfillment. 

Note: We do not store full payment card numbers or CVV codes. These are handled securely by Stripe.

vi. Gameplay and Learning Data (Synced via Bimi Boo ID):

Information Collected: Saved files or game states (including file names, sizes, sync timestamps, hash values for integrity checking). For the “Bimi Boo Kids Learning Academy” and similar comprehensive services: history of completed games, learning paths, current story IDs, achievements, and interaction patterns.

Source: Generated from your or your child’s activity within Apps connected to your Bimi Boo ID.

Purpose & Basis: To sync game progress and learning data across multiple devices, support multi-device continuity, tailor learning experiences, and track progress centrally. Processed to fulfill our service agreement (providing a continuous experience) and for our legitimate interest in enhancing the educational service.

vii. Advertising Attribution (Bimi Boo ID Context):

Information Collected: If you installed one of our apps after clicking an ad (e.g., Apple Search Ads): attribution token, device ID (as provided by the ad platform, e.g., IDFA if consent is given, or aggregated/anonymized data), app ID, country, product price of initial purchase (if any), and currency.

Source: Received from advertising platforms (e.g., Apple Search Ads) and linked via Bimi Boo ID upon account creation or first launch.

Purpose & Basis: For our legitimate interest in measuring the effectiveness of our advertising campaigns, understanding which campaigns lead to app installs or subscriptions, and optimizing our marketing spend. This is not used for behavioral advertising targeting individuals, especially children.

viii. Customer Support Interactions via Bimi Boo ID Portal:

Information Collected: Data from live chat widgets (if used on the ID portal), email correspondence related to your Bimi Boo ID.

Source: Provided by you or generated during your interaction with our support channels accessed through or relating to your Bimi Boo ID.

Purpose & Basis: To provide customer service and technical support. Processed based on fulfilling our service commitment or legitimate interest in assisting users.

4. HOW WE USE YOUR PERSONAL DATA

We use the Personal Information we collect (as detailed in Section 3: “INFORMATION WE COLLECT”) for specific, legitimate, and transparent purposes. Our primary goal is to provide a safe, engaging, and effective educational experience for children while offering clear communication and control to Parents. We are committed to using Personal Information responsibly and in accordance with applicable privacy laws. 

The primary purposes for which we use your and your child’s Personal Information include:

To Provide, Maintain, and Operate Our Services:

We use Personal Information to deliver the core functionalities of our Apps, Site, Toys, Bimi Boo ID portal, and other Services. This includes:

• Enabling account access and synchronization across devices
• Delivering age-appropriate educational content based on child profiles
• Saving learning progress and achievements
• Processing and managing subscriptions
• Providing customer support when you contact us
• Fulfilling orders for physical Toys and managing warranty claims.

To Improve Our Products

We analyze usage patterns and technical data to enhance our offerings:

• Identify and fix bugs or performance issues
• Develop new educational features and games
• Optimize content based on how children learn best
• Ensure compatibility with new devices and operating systems
• Monitor app stability and prevent crashes

To Personalize the Learning Experience

Where Parents voluntarily provide information (such as Child Profile Details described in Section 3), or where interaction data allows, we use this information to tailor the learning experience within our Services. We:

• Adapt difficulty levels to match your child’s age and progress
• Recommend age-appropriate educational activities
• Track learning milestones and achievements
• Create a customized learning journey for each child profile

To Communicate with You

We may use contact information to:

• Send important service updates or changes
• Respond to your support inquiries and feedback
• Provide account-related notifications
• Share marketing communications (only with your consent)
• Deliver subscription confirmations and renewals

To Ensure Safety and Security

We process certain data to:

• Detect, prevent, and respond to fraudulent activity, unauthorized access, or other misuse of our Services.
• Maintain the security of user accounts and protect the confidentiality of your login credentials.
• Prevent unauthorized access to subscriptions
• Comply with age-appropriate content regulations
• Enforce our terms of service
• Protect the rights, property, or safety of Bimi Boo Kids, our users, or the public as required or permitted by law.

To Comply with Legal and Regulatory Obligations

In some cases, we must use data to:

• Comply with applicable laws and regulations
• Respond to valid legal requests from authorities
• Maintain necessary business and tax records
• Fulfill our obligations under consumer protection laws

5. LEGAL BASIS FOR PROCESSING YOUR DATA

We are committed to processing your and your child’s Personal Information lawfully, fairly, and transparently. For individuals in regions like the European Economic Area (EEA), United Kingdom (UK), and other jurisdictions with similar data protection laws (such as the General Data Protection Regulation – GDPR), we rely on specific legal bases for our processing activities, as detailed below and in Section 3 (“INFORMATION WE COLLECT”). For users in the United States, the Child Online Privacy Protection Act (COPPA) heavily governs our collection and use of children’s Personal Information, primarily through verifiable parental consent.

The primary legal bases we rely upon are: 

Performance of a Contract: We process Personal Information when it is necessary to enter into or perform a contract with you. This applies when you create an account, subscribe to our Services, or purchase our Toys, and we need to process your information to provide these Services to you (e.g., managing your account, delivering content, processing payments).

Consent: We rely on your consent (or verifiable parental consent for children, where required by applicable law like COPPA or GDPR) for certain processing activities. This includes, for example:

• Collecting optional information you choose to provide for your child’s profile (like name, age, gender) to personalize their experience.
• Sending you direct marketing communications (you can withdraw your consent at any time).
• Using non-essential cookies or similar tracking technologies on our Site.

Legitimate Interests: We may process Personal Information based on our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms, particularly when it comes to children’s data. Our legitimate interests include:

• Providing, maintaining, and improving our Services, including ensuring their security and functionality.
• Developing new educational products and features.
• Understanding how our Services are used to enhance user experience (through aggregated or de-identified analytics).
• Communicating with you (Parents/Guardians) about important service updates or responding to your inquiries.
• Protecting our legal rights, preventing fraud, and ensuring the safety of our users.
• When we process Personal Information from children under the legal basis of legitimate interest (e.g., for internal operations like app stability), we ensure this processing is strictly necessary for the service and is conducted with the highest regard for child privacy.

Legal Obligation: We may process Personal Information when it is necessary to comply with a legal or regulatory obligation to which we are subject (e.g., maintaining financial records for tax purposes, responding to lawful requests from authorities)

The table below explains our legal basis for each type of processing activity:

What We Process	Legal Basis	Explanation
Account Creation & Management
• Email address and password	Performance of a Contract	Necessary to create and maintain your account as requested
• Subscription information	Performance of a Contract	Required to deliver the subscription services you purchased
Children’s Educational Services
• Child’s first name	Consent	Optional information you choose to provide
• Child’s age/birthdate	Consent	Ensuring age-appropriate content delivery and child safety
• Child’s gender	Consent	Optional personalization you can choose to provide
• Learning progress & achievements	Performance of a Contract	Essential for delivering the educational service you subscribed to
Customer Support & Warranty
• Support inquiries and correspondence	Performance of a ContractLegitimate Interests	Necessary to respond to your requests and improve our services
• Physical toy warranty claims	Performance of a Contract	Required to fulfill our warranty obligations
Technical & Security Data
• Device information & IP addresses	Legitimate Interests	Ensuring app functionality, security, and preventing fraud
• App crash reports & performance data	Legitimate Interests	Maintaining and improving app stability and user experience
Marketing Communications
• Newsletter subscriptions	Consent	Only sent with your explicit opt-in consent
• Service updates & important notices	Legitimate InterestsPerformance of a Contract	Keeping you informed about important changes to services you use
Legal & Compliance
• Records for tax/accounting	Legal Obligation	Required by tax and financial regulations
• Data for legal claims	Legitimate Interests	Protecting our legal rights and interests
Analytics & Service Improvements
• Aggregated usage statistics	Legitimate Interests	Understanding how to improve our educational content
• Anonymous analytics data	Legitimate Interests	General service improvements without identifying individuals

Our Legitimate Interests Assessment

When we rely on “legitimate interests” as our legal basis, we carefully balance our business needs against your privacy rights. Our legitimate interests include:

• Child Safety: Ensuring our apps are safe and age-appropriate
• Service Security: Protecting against fraud and unauthorized access
• Service Improvement: Enhancing educational value and fixing technical issues
• Customer Communication: Providing important service updates and support
• Business Operations & Legal Protection: Conducting our business efficiently, managing our resources, and defending our legal rights.

Special Considerations for Children’s Data

For children under 16 (or applicable age of consent in your country):

• We rely on parental consent for any optional data collection
• We ensure processing is necessary for the educational service
• We apply the highest privacy standards regardless of legal basis
• Parents can withdraw consent at any time without affecting service access

For questions about our legal basis for processing, please contact our privacy team at [email protected] . 

6. WHO MAY ACCESS YOUR DATA

We are committed to protecting your and your child’s Personal Information and strictly limit who has access to it. We never sell or rent your Personal Information to third parties for their marketing purposes or any other purpose. We only share Personal Information in the limited circumstances described below, and always with appropriate safeguards in place

a. Our Internal Team (Bimi Boo Kids Employees and Authorized Contractors): Access to Personal Information within Bimi Boo Kids is restricted on a “need-to-know” basis to authorized employees and contractors who require access to perform their job functions. For example, our customer support team may access your account information and support inquiries to assist you, and our technical team may access data to maintain and improve our Services. All such individuals are bound by confidentiality obligations.

b. Third-Party Service Providers (Data Processors): We engage trusted third-party companies and individuals to perform services on our behalf and help us operate, provide, improve, understand, customize, support, and market our Services. These Service Providers act as “data processors” and are only permitted to process your Personal Information on our behalf and in accordance with our explicit instructions and this Privacy Policy. We diligently vet our Service Providers and require them to enter into Data Processing Agreements (DPAs) that mandate strict confidentiality, security measures, and compliance with applicable privacy laws.

The categories of Service Providers we use and examples of providers include:

i. Cloud Hosting, Infrastructure, and Data Synchronization Providers: To securely store data (including Bimi Boo ID account data, child profiles, learning progress, gameplay data, and subscription information) and ensure the functionality, availability, and data synchronization (e.g., for cross-device progress) of our Apps, Site, and Bimi Boo ID portal.

Examples: Amazon Web Services (AWS), Google Cloud Platform (GCP) 

Safeguards: Comprehensive DPAs, robust security certifications, data encryption. 

ii. Analytics, App Performance Monitoring, and Advertising Attribution Providers:To help us understand how our Services (including our Apps, Site, and Bimi Boo ID portal) are used, identify and fix bugs, monitor app stability, track app installations (for internal analytics and advertising attribution), and improve our offerings. This category also includes partners who help us measure the effectiveness of our advertising campaigns on other platforms.

Examples: Firebase (for app performance, crash reports, usage statistics), AppsFlyer (for de-identified app installation data and attribution analytics), Unity Cloud (for app performance and analytics in Unity-based apps), advertising platforms like Apple Search Ads (for attribution data relating to our campaigns on their platforms). 

Safeguards: Data minimization (e.g., use of device identifiers only where necessary and in compliance with platform policies for children’s apps), pseudonymization or aggregation where possible, DPAs, adherence to platform terms for attribution data. For children-directed services, analytics are limited to supporting internal operations.

iii. Payment Processors (for Direct Purchases and Subscriptions):

To securely process payments for subscriptions or other purchases made directly through our Site or Bimi Boo ID portal.

Example: Stripe.

Safeguards: PCI-DSS compliance by the processor, tokenization (we do not store full payment card details), DPAs, secure transaction protocols. (Note: In-app purchases within mobile apps are typically processed by the respective app store platforms like Apple, Google, or Amazon, governed by their terms).

iv. Customer Support and Communication Tools: To facilitate communication with you, manage support inquiries, and deliver essential service notifications. 

Examples: Text, Inc. (or similar for live chat/support messaging platforms). 

Safeguards: DPAs, encrypted communications, access restricted to support purposes. 

v. Marketing and Newsletter Platforms (for Parent Communications): To manage and send newsletters or marketing communications to Parents who have explicitly consented to receive them. 

Example: Mailchimp 

Safeguards: Consent-based processing, easy opt-out/unsubscribe mechanisms, DPAs. 

vi. Website Security and Content Delivery Networks (CDNs): To protect our Site and Bimi Boo ID portal from malicious attacks and ensure fast and reliable delivery of website content globally.  

Example: Cloudflare 

Safeguards: Security-focused processing, data minimization (e.g., processing IP addresses for security), DPAs.

vii. E-commerce Platform Support (for Physical Toys): We sell physical toys through platforms like Amazon. When you purchase a toy via Amazon and contact us through Amazon’s messaging system regarding product issues or warranty, Amazon shares necessary customer details (like order information, contact name) with us to enable support. Amazon’s handling of your data when you use their platform is governed by their privacy policy. 

vii. E-commerce Platform Support (for Physical Toys): We sell physical toys through platforms like Amazon. When you purchase a toy via Amazon and contact us through Amazon’s messaging system regarding product issues or warranty, Amazon shares necessary customer details (like order information, contact name) with us to enable support. Amazon’s handling of your data when you use their platform is governed by their privacy policy. 

We may use tools like Helium 10 (or similar) for analytics related to our Amazon sales and to manage automated communications regarding orders (e.g., shipping, delivery, review requests, return follow-ups for purchases made on Amazon). This processing is based on data provided by Amazon and is for our legitimate interest in managing our e-commerce operations effectively. Access to any underlying personal data via such tools is strictly controlled. 

viii. Video Hosting Platforms (for our Public Content): To make our educational video content (e.g., Bimi Boo cartoons, songs, and series) widely accessible, we distribute it through various third-party platforms. When you or your child view our content on these platforms, the respective platform operator collects and processes Personal Information according to its own privacy policy and terms of service. We do not control their data collection practices but encourage you to review their policies.

Platforms Include:

•     YouTube: We host content on YouTube. We configure our children’s content with available safety settings (e.g., marking as “made for kids,” which limits certain data collection and ad features by YouTube).
• Amazon Prime Video: Our content may be available for streaming on Amazon Prime Video. Your interaction and viewing on this service are governed by Amazon’s privacy policies.

Data Typically Collected by These Platforms: This may include your viewing history, device information, IP address, account information (if logged into their service), and data collected through cookies or similar technologies, all as detailed in their respective privacy policies.

Information We Receive: We generally do not receive Personal Information about individual viewers from these platforms. We may receive aggregated and anonymized analytics reports regarding content performance (e.g., total views, watch time).

Legal Disclosures and Protection of Rights: 

We may disclose Personal Information if we believe in good faith that such disclosure is necessary to: 

• Comply with applicable laws, regulations, court orders, subpoenas, or other valid legal processes from government authorities or law enforcement.
• Protect the rights, property, or safety of Bimi Boo Kids Inc., our users (including you and your child), or the public, as required or permitted by law. 
• Detect, prevent, or otherwise address fraud, security, or technical issues. 
• Enforce our Terms of Service or other applicable agreements or policies. 

Our Protection Standards

All external parties who access your data must:

• Sign comprehensive data protection agreements
• Meet strict security and privacy standards
• Use data only for specifically authorized purposes
• Implement appropriate technical safeguards
• Allow us to audit their privacy practices

What We Never Do:

• Sell your data to advertisers or marketers
• Share children’s information for commercial purposes
• Allow unauthorized access to personal information
• Use your data for purposes you haven’t agreed to

Business Transfers: In the event that Bimi Boo Kids Inc. is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Information may be shared or transferred as part of such a transaction, subject to standard confidentiality agreements and as permitted by law. We will notify you (e.g., via a prominent notice on our Site or by email if we have your contact information) of any such deal and outline your choices in that event.

7. PROMOTIONAL COMMUNICATIONS

With your permission, we may contact you via email to share:

• Information about new educational apps and features
• Limited-time offers and family discounts
• Announcements about upcoming learning content
• Helpful tips for educational activities at home
• Monthly newsletters with parenting insights

From time to time, we may recommend products or services from other companies that align with our educational mission and might benefit your family.

Your Privacy Protected: We never sell, rent, or share your email address with other companies. Any recommendations we make come directly from us, and we maintain full control over your contact information.

Managing Your Communication Preferences

You have complete control over the messages you receive:

• Use the “unsubscribe” link found at the bottom of every promotional email
• Contact our privacy team directly at [email protected] to update your preferences
• Visit your account settings to modify communication options

No Penalties: Opting out of promotional messages will never affect your access to our educational services or customer support.

Commitment to Children’s Privacy in Marketing: We do not send marketing communications directly to children. We do not use Personal Information collected from or about children for marketing purposes targeted at children. All marketing communications from Bimi Boo Kids are directed to Parents or Guardians.

8. DATA RETENTION PERIODS

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Providing you with our services and products
• Meeting our legal, accounting, or reporting requirements
• Resolving disputes, enforcing our agreements, and protecting our legal rights

We use the following criteria to determine the appropriate retention period:

• The amount, nature, and sensitivity of the data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process your data and whether those purposes can be achieved by other means
• Applicable legal requirements

9. YOUR PRIVACY RIGHTS & HOW TO USE THEM

Core Privacy Rights

i. Right to Access Your Information (Right to Know)

You have the right to request details about the Personal Information we hold about you and your child. This includes the right to know:

• The categories of Personal Information we have collected.
• The sources from which the Personal Information was collected.
• The business or commercial purposes for collecting, (and if applicable, selling or sharing) your Personal Information.
• The categories of third parties to whom we disclose Personal Information.
• The specific pieces of Personal Information we have collected about you and your child.

    You can also ask for an explanation of any information we have disclosed for a business purpose (e.g., to our Service Providers as detailed in Section 6). 

As stated throughout this Policy, we DO NOT sell or trade your Personal Information.

ii. Right to Delete Your Information (Right to Erasure):

You have the right to request that we delete Personal Information that we have collected from or about you or your child, subject to certain exceptions (e.g., where the information is necessary to complete a transaction, detect security incidents, comply with a legal obligation, or for other internal and lawful uses).

iii. Right to Correct Inaccurate Information (Right to Rectification):

You have the right to request that we correct any inaccurate Personal Information we maintain about you or your child. We will evaluate each request based on the nature of the information and our purposes for processing it.

iv. Right to Non-Discrimination (Equal Treatment Guarantee):

    We will not discriminate against you for exercising any of your privacy rights. This means we will not:

• Deny you access to our Services.
• Charge you different prices or rates for Services, including through granting discounts or other benefits, or imposing penalties.
• Provide you with a different level or quality of Services. 

However, we may offer you certain financial incentives permitted by applicable law (e.g., promotional pricing or enhanced services) that can reasonably relate to the value of your Personal Information.

v.  Right to Opt-Out of Sale or Sharing (Not Currently Applicable but a Future Right):

Bimi Boo Kids DOES NOT currently sell your Personal Information or share it to third parties (as defined under laws like the CCPA/CPRA). Should our practices change in the future in a way that constitutes a “sale” or “sharing” under applicable law, you would have the right to opt-out of such activities.

vi. Right to Limit Use and Disclosure of Sensitive Personal Information (if applicable):

If we collect “sensitive personal information” (as defined by applicable law, e.g., CPRA), you may have the right to direct us to limit its use and disclosure to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer, or for other permitted purposes. We currently do not believe we collect sensitive personal information that would trigger this specific right beyond what is essential for service delivery for which consent is obtained where necessary.

Additional Rights for Users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland (under GDPR and similar laws):

If you are located in the EEA, UK, or Switzerland, you have the following additional rights: 

i.  Right to Data Portability:

You have the right to receive the Personal Information you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data directly to another controller (service provider) where technically feasible. This right applies where our processing is based on your consent or on a contract, and the processing is carried out by automated means.

ii. Right to Restrict Processing:

You can ask us to restrict (i.e., store but not further process) your Personal Information when:

• You contest the accuracy of the Personal Information (for a period enabling us to verify its accuracy).
• The processing is unlawful, but you oppose erasure and request restriction instead.
• We no longer need the Personal Information for the purposes of our processing, but you require it for the establishment, exercise, or defense of legal claims.
• You have objected to processing based on our legitimate interests (pursuant to Article 21(1) of GDPR), pending verification of whether our legitimate grounds override your interests.

iii. Right to Object to Processing:

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Information which is based on our legitimate interests. We will no longer process the Personal Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

    You always have an absolute right to object to the processing of your Personal Information for direct marketing purposes.

iv. Right to Withdraw Consent:

    Where our processing of your Personal Information is based on your consent, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

v.  Information on International Data Transfers:

Your Personal Information may be transferred to, and processed in, countries outside of the EEA, UK, or Switzerland, including the United States, where data protection laws may differ from those in your jurisdiction.

When we transfer Personal Information outside these regions, we take steps to ensure that appropriate safeguards are in place to protect your Personal Information. These safeguards typically include:

• Utilizing Standard Contractual Clauses (SCCs) approved by the European Commission (or UK equivalent) for transfers to our Service Providers (e.g., with Amazon Web Services and Google Cloud).
• Relying on adequacy decisions adopted by the European Commission (or UK government) where applicable, which recognize that certain countries provide an adequate level of data protection.

For more specific details about the safeguards we use for international data transfers, please contact us at [email protected].

vi. Right to Lodge a Complaint with a Supervisory Authority:

If you believe that our processing of your Personal Information infringes applicable data protection laws, you have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

Our Policy on Automated Decision-Making and Profiling:

We use content personalization solely to enhance educational experiences by adjusting difficulty levels and content recommendations based on age and progress. This personalization does not involve profiling for marketing purposes, targeted advertising, or any decisions that produce legal or similarly significant effects.

How to Exercise Your Rights:

To exercise any of the rights described above, please submit a verifiable request to us by:

• Emailing us at: [email protected]

When contacting us, please:

1. Clearly state which privacy right(s) you wish to exercise.
2. Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative (this is crucial to protect your privacy and security). We may need to request additional information from you to verify your identity.
3. Describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We will respond to your verifiable request within the timeframes required by applicable law (e.g., typically within 30-45 days, extendable in certain circumstances). We will inform you if we require an extension and the reason for it. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

If you have any questions or concerns about your privacy rights or how to exercise them, please do not hesitate to contact us at [email protected] . 

10. PROTECTING YOUR CHILD’S PRIVACY

Creating safe educational experiences for children is our top priority. We strictly follow the Children’s Online Privacy Protection Act (COPPA) and implement enhanced protections specifically designed for young learners.

NOTE: We never sell or share children’s personal information for third-party marketing or advertising purposes.

What Information We Gather About Children

Profile Information (Always Optional):

• Child’s first name – only if you choose to provide it during setup
• Child’s gender – helps us personalize content appropriately
• Child’s birth date or age – ensures age-appropriate educational materials

Learning and Progress Data:

• Educational game achievements and milestones
• Learning progress across different subjects
• Content interaction patterns to improve educational value

Technical Information & Persistent Identifiers:

• Device details necessary for app functionality (e.g. type of device, operating system version)
• Session data to enable progress saving across devices
• Persistent Identifiers such as IP address, unique device identifiers, or other identifiers. These are collected solely for the purpose of providing and supporting the internal operations of our Services

How We Use Children’s Information:

• Customize educational content to match developmental stages
• Save learning progress so children can continue where they left off
• Improve our educational games based on how children learn best
• Ensure our apps work properly on different devices
• Maintain security and prevent unauthorized access

Privacy Protections: Children cannot make any personal information public through our services. All data remains completely private and secure.

Your Parental Authority

As a Parent or guardian, you have the following rights regarding your Child’s Personal Information collected through our Services:

• Right to Review: You can review all Personal Information we have collected about your Child.
• Right to Delete: You can request the deletion of your Child’s Personal Information. Please note that deleting certain information may impact your Child’s ability to use some features of our Services (e.g., learning progress will be lost if progress data is deleted).
• Right to Revoke Consent and Prevent Further Collection or Use: You can, at any time, instruct us to stop collecting or using your Child’s Personal Information.
• Right to Amend: You can request modification or correction of any optional information you previously provided about your Child.
• Right to Data Portability: You can request copies of your Child’s learning progress and achievements.

To exercise any of these rights, please contact us at [email protected] with “Child Privacy Request” in the subject line. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may require you to verify your identity as the Parent before processing your request. 

Obtaining Verifiable Parental Consent (VPC)

We never collect children’s personal information without proper adult authorization:

Account Creation Method

• Parents must create accounts using adult email addresses
• Children cannot register independently for our services

Purchase Verification

• App store transactions require adult payment credentials
• Subscription purchases involve adult verification processes

Safety Gates

• Mathematical challenges prevent children from accessing areas requiring parental consent
• Age-verification questions block inappropriate access to data collection features

Direct Child Protection

• We never ask children to provide personal information directly
• All data entry requires parent or guardian involvement

Data Minimization and Purpose Limitation

Essential vs. Optional Information: We clearly distinguish between information required for basic App functionality and optional details that enhance the experience. Your Child can fully enjoy our core educational content even if you choose not to provide optional information.

No Unnecessary Collection: We only collect Personal Information from Children that is reasonably necessary for them to participate in the educational activities offered through our Services. Access to games and learning features is never conditioned on a Child disclosing more Personal Information than is reasonably necessary.

Enhanced Security for Children’s Data

Technical Safeguards:

• Advanced encryption protects all children’s information during transmission and storage
• Regular security audits ensure continued protection
• Multi-layer authentication prevents unauthorized access
• Automated systems monitor for potential security threats

Operational Protections:

• Staff receive specialized training on children’s privacy laws
• Strict internal policies govern access to children’s information
• Regular compliance reviews ensure ongoing COPPA adherence
• Data minimization practices automatically remove unnecessary information

Service-Provider Oversight:

• Service providers handling children’s data must meet enhanced security standards
• Additional contractual protections specifically address children’s information
• Regular audits verify that partners maintain appropriate safeguards

Commitment Promise: We will never sell, trade, or share your child’s personal information for commercial purposes. Your child’s privacy and safety are non-negotiable priorities in everything we do. 

11. BROWSER “DO NOT TRACK” REQUESTS

How We Handle DNT Signals

When you visit our website, your browser may send a “Do Not Track” signal – a privacy setting that asks websites not to track your online activity. Currently, our website doesn’t automatically respond to these browser signals.

What is “Do Not Track”? DNT is a privacy feature available in many web browsers that lets users request that websites avoid tracking their browsing behavior across different sites.

Your Privacy Control Options

Even though we don’t automatically respond to DNT signals, you have other ways to manage your privacy:

Browser-Level Controls:

• Modify your browser’s cookie and tracking settings
• Use private or incognito browsing modes
• Install privacy-focused browser extensions
• Adjust individual website permissions

Direct Communication: Contact us at [email protected] to:

• Opt out of specific data collection practices
• Exercise your privacy rights as outlined in YOUR PRIVACY RIGHTS & HOW TO USE THEM
• Request changes to how we handle your information

Important Assurance: 

• We never engage in behavioral advertising targeting children
• Children are not tracked for advertising or marketing purposes
• All data collection follows children’s privacy protection laws
• Educational content personalization is purely for learning enhancement, not commercial targeting

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies on our website to enhance your browsing experience, analyze site usage, and provide essential functionality.

What This Means for You

First Visit: When you visit our website for the first time, you’ll be asked to accept or decline non-essential cookies through our cookie banner.

Your Control: You can manage your cookie preferences at any time through your browser settings or our cookie preference center.

Detailed Information

For comprehensive information about:

• Specific types of cookies we use
• How long cookies remain on your device
• Third-party cookies and tracking

Please refer to our complete Cookie Policy, which provides detailed explanations of all tracking technologies used on our website.