🔒 Privacy First, Always!

We protect your privacy so you can focus on creating, teaching, and inspiring

1. Introduction

Welcome to Nookly, operated by Nookly, Inc. (“Nookly,” “we,” “us,” or “our”). At Nookly, we provide an interactive and engaging platform designed to help children, parents, educators, and therapists create personalized, visually engaging learning experiences. We are deeply committed to privacy, security, and ensuring a safe and respectful online experience for all users.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our websites, mobile apps, or any other features and services we offer (collectively, the “Services”). The type of information we collect and how we use it depends on how you interact with Nookly.

Nookly takes special care to protect the privacy of children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and other relevant laws. We strive to minimize data collection and ensure that any information gathered is used solely to enhance the experience of our users while maintaining strict security measures.

By using our Services, you agree to the terms outlined in this Privacy Policy. If you do not agree with our practices, we encourage you to discontinue use of the Services. Read on to learn more about how we handle your information and the choices available to you.

2. Information We Collect and How We Use It

We collect different types of information depending on the user’s age and how they engage with Nookly. Below is a breakdown of the types of data we collect and why we collect it:

Device & Technical Data (Automatically Collected)

  • IP Address & Device Identifiers: Used for security, fraud prevention, and analytics.
  • Browser & Operating System Information: Helps optimize the platform for better user experience.
  • Session Data & Log Files: Tracks usage trends to improve performance.
  • AWS CloudWatch Logs & Alarms: Monitors network activity and backend services to detect anomalies.
  • GitHub Actions Monitoring: Detects deployment failures and tracks version control.

User-Submitted Data

  • Username (required): Used to create and manage the user account.
  • Password (required): Required for secure login.
  • Birthday (required): Ensures appropriate account settings and compliance with age-based privacy regulations.
  • Email Address (if provided): Used for password recovery, security notifications, and customer support.
  • Phone Number (if provided for users 13+): Used for security, account recovery, and optional friend-finding features.
  • User-Generated Content: Includes posts, messages, and other contributions in chats, forums, or personal posts. We moderate this content to ensure safety.
  • Child’s Basic Information: Name, age, gender, and ethnicity (used only for personalization and not shared outside the platform).
  • Child’s Appearance Details: Hair color, hair type, hair length, eye color, skin tone, and body type (used for character personalization).
  • Accessories & Assistive Devices (if provided): Helps create inclusive character representations.
  • Family & Community Information: Primary caregivers, extended family, and community connections (used for story and experience customization).
  • Interests & Preferences: Pets, sports, and other hobbies (used for content personalization).
Using Nookly features

We may use Personal Information when you use certain Nookly features. To provide access to certain features, we may use your email address and other information you provide to us, such as your verified date of birth.

Third-party features such as social media add-ons (users 13 and older)

You can use third-party features like social media widgets, share buttons, and login features. These features may include social plugins from Google, Facebook, X, or other platforms. In these cases, the third party’s terms, conditions and privacy policies apply.

When you use these features:

  • We may be able to access or use information on your social media accounts
  • Information about how you use Nookly may be shared posted on your profile on those platforms

If you use your Nookly ID to sign in to a non-Nookly website or service, and later delete your Nookly account, you may lose access to that website or service.

Voice-based services (users 13 and older)

If you agree to use Nookly’s voice services, we may collect, use, and store your voice-recordings to:

  • enable voice services
  • make our voice-related services safer
  • inform training and product improvement
Location-based Services (users 13 and older)

You can choose to use location-based Services if you’re 13 or older. If you agree, we may collect and track geolocation information so that we can offer Services that depend on us knowing where you are. We collect location at the country or region level; we do not collect precise geolocation data. Examples are check-in, or personalizing content or advertising.

We collect this information by using an identifier on your device or browser so that we can recognize you each time you return. To stop us from collecting your location information, you can update your device settings, stop using the Service, or uninstall our mobile apps.

Camera-enabled features and uploads (users 13 and older)

If you use Nookly features that require the use of your camera or upload content that contains Personal Information, we will collect, process, and store that content only for as long as needed to accomplish the purpose of the feature. 

Contact Importer (users 13 and older)

If you opt-in to the Contact Importer feature, you will share the first and last names and phone numbers of your contacts in your address book on your mobile phone with Nookly. This feature helps connect with your friends on our Service. If you use the feature, we will automatically access and collect information in your address book from time to time in order to sync your contacts. Such information will only be retained in case of matches with existing Nookly users. Our Contact Importer feature is only available if you are 13 or older and may not be available in certain locations.

Third-Party Data & Integrations

  • Third-Party Analytics (e.g., Google Analytics, Mixpanel): Used to analyze usage trends.
  • Hosting & Security Providers: Securely store and process data.
  • Educational Partners (if applicable): For integrated school-based accounts.
  • MongoDB Atlas Security Monitoring: Tracks database performance and security issues.
  • AWS GuardDuty: Provides continuous threat detection.

Special Protections for Users Under 13

  • Parental Email (optional but recommended): Used for account security, parental verification, and notifications.
  • Gender (optional): Used to personalize avatars and content recommendations.
  • Automated & Human Content Moderation: Filters inappropriate material and personal information before it is displayed.

If you’re under 13 years old, we will only ask you to tell us the information we need to set up or protect your account. If you give us more of your Personal Information, we will:

  • Delete any additional Personal Information we’ve collected from you (unless the law requires us to keep it),
  • Cancel your account, or
  • Turn on age-appropriate protections on your account

How We Use This Information

  • Account Management & Personalization: Ensures a customized and secure experience.
  • Platform Security & Compliance: Protects against unauthorized access and ensures adherence to privacy laws.
  • AI & Automation Usage: Used for content moderation and user experience improvements (parents can request a review of automated decisions).
  • Legal & Safety Measures: Prevents fraud, protects user rights, and ensures compliance with applicable regulations.

We do not sell Personal Information

Nookly does not sell Personal Information about you. However, we may share your information for a valid business purpose, as described below.

Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form, and we will not attempt to reidentify the information unless required by law.

3. Parental Controls & Child Privacy Protection

  • Parental Supervision is Required: Nookly is not meant for unsupervised use by children.
  • Review & Modify Data: Parents can review, update, or delete their child’s account information through an in-app privacy dashboard or by contacting support@nookly.com.
  • No Targeted Ads for Children: We do not show behaviorally targeted advertisements to users under 13.
  • Third-Party Compliance: Any third-party services used must comply with COPPA and relevant regulations.

4. Security, Breach Notifications, & Incident Response

  • Access Control:
    • Uses IAM role-based access control (RBAC) to enforce the least privilege principle.
    • Secure VPC configuration with security groups controlling access.
    • MongoDB Atlas roles restrict database access.
  • Data Security:
    • TLS 1.2 enforced for encrypted data transmission.
    • AWS KMS for S3 bucket encryption.
    • HTTPS enforced for backend API endpoints.
  • Incident Response Plan:
    • Maintains an incident response plan and on-call rotation for security events.
    • Customer support channels (Intercom) facilitate issue reporting.
    • Post-incident reviews update security protocols.
  • Disaster Recovery & Backups:
    • AWS Backup ensures data redundancy.
    • MongoDB Atlas backups are tested regularly.
    • GitHub Actions automates recovery environment deployment.

5. Cookies & Tracking Technologies

  • Essential Cookies: Required for login authentication and security.
  • Performance & Analytics Cookies: Helps improve platform functionality.
  • Functional Cookies: Stores user preferences.
  • Marketing Cookies (13+ Only): Used for optional promotions and recommendations.
  • User Control: Users can manage cookie preferences in their browser settings or through a consent management tool.

6. User Rights & Data Retention

User Rights

  • Users may update or delete their personal data via account settings or by contacting support@nookly.com.
  • Parents may request data access or modifications for child accounts.
  • GDPR Compliance: Users in the EU/EEA can request access, correction, portability, or deletion of their personal data.
  • U.S. State Privacy Laws: California (CCPA/CPRA), Virginia, Colorado, and Connecticut residents have additional rights to access, correct, or delete their data.

Data Retention

  • We retain data only as long as necessary for security, compliance, and improving our Services.
  • Data no longer needed is securely deleted or anonymized.

7. Updates to This Policy

  • We may update this Privacy Policy periodically.
  • Significant changes will be communicated via email or in-app notifications.

8. Contact Us

If you have any questions or concerns about this Privacy Policy, contact us at:

Email: support@nookly.com

Parents/Guardians: For child privacy-related inquiries, please reach out to us at the same email.