Privacy Policy
Last updated April 19, 2026
CocoCount Privacy At a Glance
- Parents are in control: Only parents can create accounts. Subscribing with your App Store or Google Play payment counts as parental consent.
- We do not sell data: Your family’s information is never sold or shared with advertisers.
- Children’s privacy first: Children’s accounts are limited, and parents can see and control everything.
- Chat safety: Children’s AI chat is always visible to parents, can be turned off, and can be deleted. We filter chats to reduce personal info sharing.
- Strong security: Data is encrypted, protected with Face ID/PIN, and stored securely.
- You are in charge of data: You can delete your account, your child’s account, or chat history anytime.
Introduction
Welcome to CocoCount ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of your family members who use our family task management application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.
Information We Collect
Personal Information
- Account Information: Name, email address (optional for children), profile pictures
- User Profile Data: Birthdate, timezone, language preferences (i18n locale), PIN codes
- Family Account Data: Information about family members and their relationships within the app
- Authentication Data: Login credentials, authentication tokens, device authentication (Face ID/Biometric data)
Usage and Activity Data
- Task and Activity Data: Tasks created, completed tasks, task history, activity logs
- Rewards and Financial Data: Points earned, balance information, reward redemptions, financial account data
- App Usage Data: Feature usage, navigation patterns, app preferences
- Device Information: Device type, operating system, app version, device identifiers
Communication Data
- Chat Messages: Messages sent through the in-app chat feature
- Notifications: Push notification preferences and delivery data
- Support Communications: Any communications with our support team
Technical Data
- Log Data: Server logs, error reports, performance data
- Analytics Data: Usage statistics, app performance metrics
- Network Data: IP addresses, connection status, sync data
How We Use Your Information
Core App Functionality
- Account Management: Creating and managing user accounts, family relationships
- Task Management: Enabling task creation, assignment, completion tracking
- Rewards System: Managing points, balances, and reward redemptions
- Communication: Facilitating in-app chat and notifications
- Personalization: Customizing the app experience based on user preferences
Service Improvement
- Analytics: Understanding app usage patterns to improve features
- Performance: Monitoring app performance and identifying issues
- Development: Developing new features and improving existing ones
Security and Compliance
- Authentication: Verifying user identity and preventing unauthorized access
- Fraud Prevention: Detecting and preventing fraudulent activities
- Legal Compliance: Complying with applicable laws and regulations
Information Sharing and Disclosure
We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties.
Limited Sharing
We may share your information in the following limited circumstances:
- Service Providers: With trusted third-party service providers who assist in operating our app (e.g., cloud storage, analytics, push notifications)
- Legal Requirements: When required by law, court order, or government request
- Safety and Security: To protect the safety and security of our users or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate privacy protections)
Family Account Sharing
- Information within your family account is shared among family members as part of the app's core functionality
- Parents have access to their children's data for supervision purposes
- Children's access to parent data is limited based on app security settings
Data Storage and Security
Data Storage
- Local Storage: Some data is stored locally on your device using SQLite
- Cloud Storage: Data is synced to our secure cloud servers
- Backup: Data is backed up to ensure availability and recovery
Security Measures
- Encryption: Data is encrypted in transit and at rest
- Authentication: Django-powered authentication with strong password requirements, plus biometric security options (Face ID/PIN)
- Access Controls: All data is scoped to account members only
- Secure Development: Following secure development practices
Payments
All payments for CocoCount subscriptions are processed through Apple App Store and Google Play. CocoCount does not collect or store payment card information. Please refer to the following for more information:
Cookies and Tracking Technologies
We may use cookies, device identifiers, push notification tokens, and similar tracking technologies to collect and store information necessary for the functionality of the app, crash reporting, and security. You can control or disable cookies and certain identifiers in your device settings, though this may limit some app functionality.
Third-Party Services
Alexa Integration
- Amazon Services: Integration with Amazon Alexa for voice commands and reminders
- Data Sharing: Limited data sharing with Amazon as necessary for Alexa functionality
- Amazon Privacy: Amazon's privacy practices apply to data shared with their services
Other Integrations
- Push Notifications: Using Expo notifications service
- Cloud Services: Using AWS S3 and other secure cloud infrastructure
- AI Chat: Chats with our in-app AI feature are processed by Google Cloud's Vertex AI service, which runs Google's Gemini models. OpenRouter is retained as a backup provider and is used only during incidents or when Vertex AI is unavailable. We contract with Google (and OpenRouter for fallback) under Data Processing Agreements (DPAs) designed to comply with GDPR and COPPA. Providers process data only to generate responses — they do not use chat data to train their models or build user profiles.
- No Analytics: We do not currently use third-party analytics services
Children's Privacy
COPPA Compliance
We are committed to protecting children's privacy and comply with the Children's Online Privacy Protection Act (COPPA).
Parental Consent via Subscription
CocoCount is a paid subscription app. Parents must subscribe using their App Store or Google Play account and payment method before creating a family account. This subscription and payment process serves as verifiable parental consent under COPPA. Parents control whether child accounts are created, what features children can access, and can delete their child’s account and data at any time.
Children's Data
- Parental Consent: Parents create the account and can add children as young as 4 years old (or as soon as they can read)
- Limited Collection: We collect minimal personal information from children
- Parental Controls: Parents have full control over their children's accounts
- Data Deletion: Parents can request deletion of their children's data
- Account Creation: Children's accounts are created by parents and have limited functionality
- Feature Restrictions: Children have limited ability to create and approve tasks compared to parents
Children’s Chat & AI Features
Children may interact with CocoCount’s in-app chat powered by AI.
- Parental Oversight: All chat conversations by children are visible to their parents through the parent’s account. Parents may review, monitor, and delete their child’s chat history.
- Feature Controls: Parents may enable or disable AI chat for their child at any time.
- Privacy Protections: We use automated filters to reduce the risk of children sharing personal information such as names, phone numbers, or addresses.
- Third-Party Processing: AI chat conversations are processed by Google Cloud (Vertex AI) only to generate responses. Data is not used to train AI models or build user profiles.
- Data Retention: Children’s chat logs are retained only for parental review and are deleted if a parent requests deletion or if the account is deleted.
Age Verification
- We implement age verification measures to ensure appropriate data collection
- Children's accounts have restricted functionality and data collection
Your Rights and Choices
Access and Control
- View Data: You can view your personal information through the app
- Update Data: You can update your information in the app settings
- Delete Data: You can request deletion of your account and data
- Export Data: You can request a copy of your data
Communication Preferences
- Notifications: You can control push notification settings
- Marketing: We send emails about new app features and activity summaries to help parents understand their children's progress
- Support: You can opt out of non-essential communications
Account Management
- Account Deletion: You can delete your account and associated data
- Data Portability: You can request data export in a portable format
- Account Transfer: Accounts are personal to you and may not be transferred to another person
Data Subject Requests
To exercise your privacy rights, including access, correction, deletion, or portability requests, you may contact us at privacy@cococount.com or submit a data subject access request through our app or website. We will respond in accordance with applicable laws (e.g., within 30 days under GDPR or 45 days under CCPA/CDPA).
Data Retention
Retention Periods
- Active Accounts: Data is retained as long as your account is active
- Inactive Accounts: Data may be deleted after 12 months of inactivity
- Deleted Accounts: Data is permanently deleted within 90 days of account deletion
- Legal Requirements: Some data may be retained longer for legal compliance
Backup Data
- Backup data is retained for up to 1 year for disaster recovery
- Backup data is automatically deleted after the retention period
International Data Transfers
Data Location
- Primary Storage: Data is stored in the United States, Taiwan, and Mexico
- Backup Storage: Backup data is stored in secure cloud locations
- Processing: Data may be processed in different countries as we expand to other regions including the EU
Adequacy Measures
- We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) and Data Processing Agreements with our cloud infrastructure provider (AWS) and our AI provider (Google Cloud / Vertex AI).
- We comply with applicable data protection laws and regulations.
Do Not Track
We do not currently respond to Do-Not-Track (DNT) browser signals or similar mechanisms because no uniform standard for recognizing such signals has been established.
Changes to This Privacy Policy
Policy Updates
- We may update this Privacy Policy from time to time
- We will notify you of significant changes through the app or email
- Continued use of the app after changes constitutes acceptance of the new policy
Notification Methods
- App Notifications: In-app notifications for policy updates
- Email Notifications: Email notifications for significant changes
- Website Updates: Updated policy posted on our website
Contact Information
Privacy Questions
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Email: privacy@cococount.com Legal Inquiries: legal@cococount.com
Data Protection Officer
As a small company, we handle all privacy and data protection matters internally. For privacy-related inquiries, please contact us directly.
Complaints
You have the right to file a complaint with your local data protection authority.
Legal Basis for Processing (GDPR)
Legal Grounds
- Contract: Processing necessary for app functionality
- Consent: Processing based on user consent
- Legitimate Interest: Processing for app improvement and security
- Legal Obligation: Processing required by law
Special Categories
- Biometric Data: Processed only on-device for authentication (Face ID, Touch ID, PIN). Biometric templates never leave your device.
- Children's Data: Processed with verifiable parental consent (via subscription) and subject to parental controls.
GDPR Rights for EU Users
- Right of Access: Request confirmation of whether we process your personal data and access to that data
- Right to Rectification: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing under certain circumstances
- Right to Data Portability: Request a copy of your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with your local data protection authority
Data Processing Details
- Data Controller: CocoCount is the data controller for personal data collected through our app
- Data Processors: We use AWS as our cloud infrastructure provider and Google Cloud (Vertex AI) as our AI provider. OpenRouter is retained as a backup AI provider used only during incidents.
- International Transfers: Data may be transferred outside the EU with appropriate safeguards
- Automated Decision Making: We do not make automated decisions that significantly affect you
California Privacy Rights (CCPA)
California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about data collection and sharing
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of data sales (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
Verification
We may need to verify your identity before processing requests.
Virginia Privacy Rights (CDPA)
If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (CDPA), including:
- Right to know whether we process your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request deletion of your personal data
- Right to obtain a copy of your personal data in portable format
- Right to opt out of processing for targeted advertising, sale, or profiling
We will respond to Virginia CDPA requests within 45 days, with one possible 45-day extension. If your request is denied, you may appeal by contacting us at privacy@cococount.com.
Data Breach Response Plan
Incident Response Procedures
In the event of a data breach or security incident, we have established procedures to:
1. Immediate Response: Contain and assess the breach within 24 hours 2. Notification: Notify affected users within 72 hours of becoming aware of the breach 3. Investigation: Conduct a thorough investigation to determine the scope and cause 4. Remediation: Take immediate steps to prevent further unauthorized access 5. Documentation: Document all actions taken in response to the incident
User Notification
If a data breach affects your personal information, we will notify you through:
- Email: Direct email to your registered email address
- App Notification: In-app notification if the app is still accessible
- Public Notice: Public announcement if required by law
Reporting to Authorities
We will report data breaches to relevant authorities as required by law, including:
- EU: Data protection authorities within 72 hours (GDPR requirement)
- US: State attorneys general and other relevant authorities
- Other Jurisdictions: As required by local data protection laws
Contact for Security Incidents
If you become aware of a potential security incident, please contact us immediately at: privacy@cococount.com