Privacy Policy

1. Introduction

Welcome to Qurio. Qurio is an AI-powered curiosity and learning companion designed for children aged 7 to 12. We help children explore the world through questions, in a safe, age-appropriate environment that parents can see and control.

This Privacy Policy explains, in plain language, what information we collect, why we collect it, how we protect it, and the rights you and your child have over it. It applies to the Qurio mobile application available on the Apple App Store and Google Play Store, and the supporting parent dashboard (collectively, the "Service").

Qurio is operated by Dhammachintak Neel and Ashutosh Vikram, individuals jointly operating the Qurio application ("Qurio", "we", "us", or "our"), with a correspondence address at A106, Ushodaya Aqua, Hosa Road, Choodasandra, Bengaluru, Karnataka — 560035, India.

We have written this policy to comply with:

India's Digital Personal Data Protection (DPDP) Act, 2023, including its provisions on the personal data of children and parental consent;
the Apple App Store Review Guidelines, including Guideline 1.3 (Kids Category) and Guideline 5.1 (Privacy);
the Google Play Families Policy and Designed for Families programme requirements; and
the core principles of the U.S. Children's Online Privacy Protection Act (COPPA), which we apply globally as a baseline standard for children's products.

If anything in this policy is unclear, please contact us at hello@qurioapp.com before letting your child use Qurio.

2. Quick Summary for Parents

We know parents are short on time. Here is the short version. The rest of this document explains each point in detail.

We collect the minimum information needed to run Qurio safely.
From your child, we collect only their first name, age band, and what they say or type into the app.
We never sell your or your child's data. We do not show advertising in the app. There are no advertising trackers or third-party advertising SDKs in the mobile app.
Voice recordings are transcribed and automatically deleted within 5 minutes of upload. Voice is never used to train AI models.
All data is encrypted and stored on servers located in India (Mumbai region).
Your child's data is processed by trusted AI providers (Anthropic and OpenAI) only to generate answers and safety checks — these providers do not use your child's inputs to train their AI models.
You can review every conversation your child has had, and you can delete your child's data or your entire account at any time. Deletion happens within 60 seconds of your request.
A verified parent must register and provide consent before any child profile can be created.

3. Who This Policy Applies To

Qurio is built for two types of users:

Parents and legal guardians ("Parents"), who create and manage the account, give consent, and oversee usage; and
Children aged 7 to 12 ("Children"), who use the in-app experience under their Parent's supervision.

Children cannot sign up for Qurio on their own. Every child profile must be created and authorised by a Parent. If you are under 18 and do not have a parent or guardian who has set up an account for you, please stop using the Service.

4. Information We Collect

We practice strict data minimisation. We only collect what we actually need to run the Service safely and to keep Parents informed.

4.1 Information We Collect From Parents

When you create a parent account, we collect:

Email address — used for sign-in, account recovery, safety alerts, and (if you opt in) weekly summaries.
Phone number — used for one-time-password (OTP) sign-in via Firebase Authentication.
WhatsApp number (optional) — used only to send urgent safety alerts about your child if you opt in.
Consent records — including the date, time, version of this policy you agreed to, and the specific consents you provided. These records are required by law and to demonstrate compliance.
Notification preferences — for example, whether you want weekly summary emails or safety digest emails.

4.2 Information We Collect From Children

When you set up your child's profile, you (the Parent) provide, and we collect:

First name only — used so Qurio can greet your child by name. We do not collect or store last names, surnames, or family names.
Age and age band — either 7–9 or 10–12. This determines the reading level, vocabulary, and safety thresholds Qurio uses.

When your child uses the app, we collect:

Text questions that your child types.
Voice audio inputs when your child uses push-to-talk. These are converted to text and the audio is auto-deleted (see Section 6).

4.3 Information Generated By The Service

As your child uses Qurio, the Service automatically generates:

Chat transcripts — the text of questions asked and answers given.
Topic and safety metadata — for example, what topic cluster a question belongs to, whether a safety check was triggered, and at what risk level.
Learning profile — a short descriptive label (e.g. "Science Explorer") and the top topic clusters from the last 30 days, regenerated weekly.
Session data — session durations, total number of questions, and (if you set them) topic restrictions and time limits.
Audit events — internal records of what happened during each turn (using a hashed reference to your child, not their name) for safety and debugging purposes.

4.4 Information We Do NOT Collect

To be explicit, Qurio does not collect:

Last names, surnames, or family names.
Precise location data (no GPS, no fine location).
Advertising identifiers (IDFA on iOS, AAID on Android).
Biometric data (no face scans, no fingerprints, no voice biometrics).
Contacts, photos, calendar, microphone access beyond active push-to-talk, or other device data beyond what is strictly required to run the app.
Social media logins for child accounts.
Behavioural tracking data for advertising purposes.

There are no advertising SDKs, no behavioural analytics SDKs, and no third-party trackers embedded in the Qurio mobile app. All analytics happen on our own servers, using hashed identifiers (see Section 8).

5. How We Use Information

We use the information described above only for the following purposes:

Purpose	Examples
Providing the Service	Generating answers to your child's questions, converting voice to text, generating spoken responses, fetching educational images.
Keeping your child safe	Running input and output safety checks, detecting crisis signals, applying age-appropriate content rules.
Notifying you	Sending urgent safety alerts, weekly summary emails (if opted in), and safety flag digests (if opted in).
Letting you supervise	Powering the Parent Dashboard so you can review transcripts, safety flags, and your child's learning profile.
Improving safety	Reviewing flagged conversations (with appropriate access controls) to refine our safety systems. We do not use children's data to train AI models.
Legal compliance	Maintaining consent records and audit logs as required by the DPDP Act and other applicable laws.

We will not use your or your child's personal data for advertising, profiling for marketing, or any purpose not listed here, without obtaining fresh consent.

6. Voice Audio: A Special Note

We know voice recordings of children are particularly sensitive, and we treat them accordingly.

When your child uses push-to-talk, the audio is uploaded to a private, access-controlled cloud bucket hosted in India.
The audio is transcribed to text using Google Cloud Speech-to-Text.
A strict lifecycle policy automatically deletes the audio file within 5 minutes of upload. This deletion is enforced at the infrastructure level, not just at the application level.
The audio is never used to train any AI model — not by us, and not by our service providers.
The transcribed text is then processed like any other text input through our safety pipeline.

7. How We Store and Protect Data

7.1 Data Localisation

All Qurio data is stored on Google Cloud Platform servers located in the asia-south1 region (Mumbai, India). This is consistent with the DPDP Act's principles and our commitment to keeping Indian children's data in India.

7.2 Encryption

At rest: All data is encrypted using industry-standard encryption (AES-256 or equivalent) managed by Google Cloud Platform.
In transit: All communication between the Qurio app, our servers, and our service providers is encrypted using TLS 1.2 or higher.

7.3 Access Controls

API keys and credentials are stored in Google Cloud Secret Manager and are never embedded in the app or source code.
Authentication uses Firebase Authentication with OTP-based parent sign-in.
Cross-account access is technically prevented: every request is verified to ensure a Parent can only access their own child's data.
Employee access to production data is limited to a small number of authorised personnel, used only for safety review, debugging, and support, and is logged.

7.4 Data Minimisation Inside Our Systems

Within our own systems, we further minimise exposure of child personal information:

External systems (such as our server-side analytics) receive a hashed child identifier — never your child's first name or any other identifying detail.
Internal audit logs record a SHA-256 hash of input text rather than the plaintext, except where the full text is needed for safety review.

8. Third-Party Service Providers

Qurio uses a small set of carefully selected service providers to deliver the Service. We share only the data each provider needs to perform its function. None of these providers are permitted to use your child's data for their own purposes or to train AI models on it.

8.1 AI and Safety Providers

Provider	Purpose	What They Receive	Training Use
Anthropic (Claude)	Generating answers to questions	The child's question text and minimal context	Not used to train foundation models under our enterprise terms
OpenAI (Moderation API only)	Pre- and post-generation safety checks	The text being checked	Not used to train models. Retained by OpenAI for a maximum of 30 days solely for abuse and misuse monitoring, after which it is deleted under OpenAI's Moderation API terms

We do not use OpenAI's chat or generative models — only its Moderation API for safety classification.

8.2 Infrastructure Providers

Provider	Purpose
Google Cloud Platform (Firestore, Cloud Storage, Cloud Run, Cloud Vision SafeSearch, Cloud Text-to-Speech, Cloud Speech-to-Text)	Hosting, database, storage, image safety, and voice processing — all in the asia-south1 (Mumbai) region
Firebase Authentication (Google)	Secure parent sign-in via OTP

8.3 Communications Providers

Provider	Purpose
Gupshup	Sending WhatsApp safety alerts to Parents (only if you opt in and provide a WhatsApp number)
SendGrid (Twilio)	Sending transactional emails such as crisis alerts, weekly summaries, and safety digests

8.4 Analytics

Provider	Purpose
PostHog	Aggregate, server-side product analytics. PostHog only receives a hashed, non-reversible child identifier and event metadata — never your child's first name, transcript text, or any direct identifier.

Important: There are no analytics SDKs, no advertising SDKs, and no third-party trackers embedded in the Qurio mobile app itself. All analytics events are emitted from our servers after personal identifiers have been stripped or hashed.

8.5 Open-Licence Content Sources

Qurio retrieves educational images from Wikimedia Commons and the NASA Images API. These are read-only public sources; we do not share any user data with them. Every image is additionally screened by Google Cloud Vision SafeSearch before being shown to a child.

8.6 No Sale or Advertising Sharing

We do not sell, rent, or trade personal data to third parties. We do not share personal data with advertising networks, data brokers, or third-party advertisers. We do not engage in cross-app or cross-context behavioural advertising.

9. Children's Privacy

This section is written specifically to address the privacy of children using Qurio. It is designed to satisfy the children's-privacy requirements of the Apple App Store (Kids Category), Google Play Families Policy, the principles of COPPA, and the DPDP Act 2023's provisions on the personal data of children.

9.1 Verified Parental Consent Is Required

A child profile cannot be created until a Parent has:

Created their own verified Parent account (via OTP-verified email and phone);
Read this Privacy Policy and our Terms of Use; and
Provided explicit, affirmative consent to the collection and processing of their child's personal data, including a record of which consent version was agreed to and the timestamp of consent.

This consent record is stored as required by the DPDP Act.

9.2 Strict Data Minimisation for Children

We collect only what is necessary for Qurio to work for a child of that age:

First name only (no last name).
Age band (7–9 or 10–12).
The text or voice input the child provides while using the app.

That is the complete list of personal data we collect from or about your child directly.

9.3 No Behavioural Advertising, No Tracking

We do not show advertising in the Qurio app.
We do not use any advertising identifiers (IDFA, AAID).
We do not use behavioural tracking SDKs in the app.
We do not build profiles of children for advertising or marketing.

9.4 Safety-First Design

Every question and answer passes through layered safety checks:

Input is screened for personal-information patterns (so the app can gently steer a child away from sharing identifying details).
Input and output are checked by an automated moderation system.
A keyword rule engine catches sensitive topics.
If a serious safety concern is detected (such as a sign of self-harm or other crisis), the app pauses and notifies the Parent immediately via WhatsApp and email.

9.5 No Open Communication Channels

Qurio does not include child-to-child chat, public profiles, social feeds, user-generated content sharing, or any feature that allows a child to communicate with strangers.

9.6 In-App Purchases and External Links

The initial release of Qurio does not include in-app purchases visible to children. Any future purchase functionality, out-bound links, web views, or other features that take the user outside the protected experience will be gated behind a Parental Gate (a verifiable parental authentication step), consistent with Apple and Google Kids Category requirements. The Parental Gate is designed so that it cannot be completed by a child — for example, by requiring a multi-step interaction that is age-inappropriate for the 7–12 audience.

10. Parental Rights and Controls

As the Parent or legal guardian of a child user, and as a Data Principal under the DPDP Act, you have the following rights. You can exercise all of these from within the Qurio Parent Dashboard, or by emailing privacy@qurioapp.com.

10.1 Right to Access

You can view, at any time:

Full chat transcripts of every conversation your child has had with Qurio.
Any safety flags raised by the system.
Your child's learning profile and topic history.
Your own account information and consent records.

10.2 Right to Correction

You can update your child's first name, age, age band, time limits, and topic restrictions at any time from the dashboard. You can update your own account information (email, phone, WhatsApp number, notification preferences) at any time.

10.3 Right to Erasure (Right to Be Forgotten)

You can request deletion of:

All data for a specific child profile, or
Your entire Parent account and all associated child profiles.

When you submit a deletion request, we perform a hard deletion of all personal data tied to your child — including the child profile (first name, age, learning profile), the full text of conversation transcripts, voice transcription records, generated audio files, and any other directly identifying records — within 60 seconds of the request being confirmed. If you delete your entire account, your Parent account record (email, phone, WhatsApp number, notification preferences) is hard-deleted in the same window.

What is retained, and why. To meet our legal obligations under the DPDP Act and to maintain the integrity of our safety systems, a limited set of records may be retained beyond the 60-second deletion window. Specifically:

Fully anonymised or hashed system audit logs — for example, internal records that show a safety event occurred at a given time and risk level, referenced only by a non-reversible hash — may be retained for a longer period strictly for safety auditing, abuse prevention, and legal compliance. These records do not contain your child's name, transcript text, voice data, or any field that can be used, alone or in combination, to re-identify your child.
Consent records required to demonstrate DPDP Act compliance may be retained for the minimum period required by law.
Aggregate, non-identifying analytics (such as total questions answered platform-wide) may be retained for product-improvement purposes.

Service providers who received data for processing (e.g. voice audio that has already auto-deleted, or transient API calls to AI providers that did not retain the data) are not separately purged because they did not retain personal data in the first place. Where any provider does retain limited operational logs, we instruct deletion in line with their data-processing agreements with us.

10.4 Right to Withdraw Consent

You may withdraw consent at any time. Withdrawing consent will pause your child's access to Qurio, and you may then choose to delete the account or re-consent.

10.5 Right to Data Portability

You can request a PDF export of your child's conversation history from within the dashboard, or by writing to privacy@qurioapp.com.

10.6 Right to Grievance Redressal

If you have a concern about how we have handled your or your child's personal data, you can raise it with our Grievance Officer (see Section 14). Under the DPDP Act, you also have the right to file a complaint with the Data Protection Board of India if your concern is not resolved.

10.7 How to Exercise These Rights

In-app: Open the Parent Dashboard → Settings → Data & Privacy.
By email: Write to privacy@qurioapp.com from the email address registered on your account. We will respond within the timeframes required by applicable law.

We will not charge you a fee to exercise any of these rights, except where the law permits a reasonable fee for repeated or excessive requests.

11. Data Retention

We retain personal data only for as long as it is needed for the purposes described in this policy, or as required by law.

Data type	Retention
Voice audio recordings	Auto-deleted within 5 minutes of upload
Chat transcripts and turn metadata	Retained while the child profile is active, to power the Parent Dashboard; hard-deleted within 60 seconds of a deletion request
Child profile data (first name, age, learning profile)	Retained while the child profile is active; hard-deleted within 60 seconds of a deletion request
Parent account data	Retained while the account is active; hard-deleted within 60 seconds of an account deletion request
Consent records	Retained as required to demonstrate compliance with the DPDP Act
Anonymised / hashed system audit logs	Retained beyond the 60-second deletion window strictly for safety auditing, abuse prevention, and legal compliance; contain no fields that can be used to re-identify your child
TTS audio files (Qurio's generated voice responses)	Stored via 1-hour signed URLs only; underlying files purged on schedule
Aggregate, non-identifying analytics	May be retained for product-improvement purposes; cannot be linked back to your child

12. International Data Transfers

Qurio's primary data storage is in India (Google Cloud asia-south1, Mumbai).

Some of our service providers are headquartered outside India and may process limited data (such as a question text being sent to Anthropic's API for answer generation, or a phone number being sent to Gupshup for WhatsApp delivery) on servers located outside India. In every such case:

We rely on the provider's contractual commitments around data protection;
We require, where applicable, that the provider not use the data to train AI models or for any purpose other than performing the service we requested; and
We transfer only the minimum data needed.

If the DPDP Act's rules on cross-border transfer evolve, we will update our practices accordingly.

13. Security

We take security seriously, but no system is perfectly secure. We use:

Encryption at rest and in transit (see Section 7.2);
Secret management for all API keys;
Strict authentication and authorisation checks on every API request;
An automated review queue and human safety review for flagged content;
Logging and monitoring to detect anomalies.

If we ever experience a personal data breach that is likely to result in a risk to you or your child, we will notify you and the Data Protection Board of India as required by the DPDP Act.

14. Grievance Officer and Contact

In compliance with the DPDP Act 2023, we have designated a Grievance Officer to handle concerns about personal data.

Grievance Officer: Dhammachintak Neel
Email: grievance@qurioapp.com
Postal Address: A106, Ushodaya Aqua, Hosa Road, Choodasandra, Bengaluru, Karnataka — 560035, India
Response time: We aim to acknowledge grievances within 7 working days and resolve them within the timeframes prescribed by applicable law.

For all other privacy questions, you can reach us at hello@qurioapp.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, new features, or changes in law. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy;
Increment the policy version;
Notify Parents by email and/or via an in-app notice; and
Where required by law, obtain fresh consent before applying the new policy to existing accounts.

We encourage you to review this policy periodically.

16. Apple, Google, and Platform-Specific Disclosures

This section provides additional disclosures relevant to the platforms through which Qurio is distributed.

16.1 Apple App Store (Kids Category)

Qurio is distributed in the Kids Category on the Apple App Store. Consistent with the App Store Review Guidelines:

We do not include behavioural advertising or behavioural-tracking analytics.
We do not include third-party advertising SDKs.
We do not transmit personally identifiable information or device information to third parties, except as described in Section 8 and only as needed to operate the Service.
We require verifiable parental consent before any child profile is created.
Any future external links, in-app purchases, or features that take the user outside the protected experience will be gated behind a Parental Gate (a verifiable parental authentication step) that a child of the target age range cannot reasonably complete on their own.

Our App Privacy disclosures in App Store Connect ("Privacy Nutrition Label") reflect the practices described in this policy.

16.2 Google Play Families Policy

Qurio participates in Google Play's family-focused programs. Consistent with the Families Policy:

We only use SDKs that are approved or appropriate for use in apps targeted at children.
We do not collect personal or sensitive information from children beyond what is described in Section 4.
We do not use advertising identifiers or share data with ad networks.
Our Data Safety form on the Play Store reflects the practices described in this policy.

16.3 COPPA Principles (Applied as a Baseline)

Although Qurio's initial launch is in India and is governed primarily by the DPDP Act 2023, we apply the core principles of the U.S. Children's Online Privacy Protection Act as a baseline standard:

Notice to Parents about our information practices (this policy).
Verifiable parental consent before collecting personal information from a child.
Parental access, review, and deletion rights.
Data minimisation and confidentiality.
No conditioning a child's participation on disclosing more information than reasonably necessary.

17. Acceptance

By creating a Parent account, providing consent, and allowing your child to use Qurio, you confirm that you have read this Privacy Policy, that you are the parent or legal guardian of the child profile(s) you create, and that you consent to our collection and use of personal data as described here.

If you do not agree with this policy, please do not create an account, and please contact us if you would like any existing data deleted.

Thank you for trusting Qurio with your child's curiosity. We take that trust seriously, and we have built Qurio with safety, transparency, and parental control at its core.

— The Qurio Team
hello@qurioapp.com