Last updated: 15 May 2025

BIMI BOO PRIVACY POLICY

Welcome to Bimi Boo’s Privacy Policy!
At Bimi Boo, we’re committed to creating a safe, transparent, and trustworthy environment for all our users — especially children. This Privacy Policy explains how Bimi Boo Kids Learning Games for Toddlers FZ-LLC (“Bimi Boo,” “we,” “us,” or “our”) collects, uses, and protects your information whenever you use our services.

1. INTRODUCTION TO OUR PRIVACY POLICY

1.1 Our Commitment to Privacy

As creators of educational content for children, we take privacy extremely seriously. We comply with global privacy laws, GDPR, the Children’s Online Privacy Protection Act (COPPA), CCPA / CPRA and various US state privacy laws and regulations. Our approach is to minimize the data we collect, and we strive to maintain the highest standards of data protection.

1.2 Who We Are

Bimi Boo Kids Learning Games for Toddlers FZ-LLC

Registration Address: 124, Floor 1, OQ 3, Building 5 Dubai Media City, Dubai, 73030, UAE

Contact Information:

Email: [email protected]

1.3 Scope of this Policy

This Privacy Policy applies to:

Our website (http://bimiboo.net )
Our mobile applications, including:

Bimi Boo Kids Learning Academy

Any other related services we provide

1.4 Understanding This Policy

This Privacy Policy covers:

What personal and non-personal data we collect
How we collect, use, and protect your information
How, when, and why we may share your information
Your rights and choices regarding your personal data
How you can access and control your information

We aim to keep this policy clear and accessible for all our users, while ensuring full compliance with relevant privacy laws. We encourage parents and guardians to review this policy carefully, as it affects your rights and your child’s privacy when using our services.

Please note:
Our website is primarily intended for parents and guardians. Our apps are designed for children’s use.

Policy Updates:
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website.

2. INFORMATION WE COLLECT AND PROCESS

2.1 Our Data Collection Principles

At Bimi Boo, we follow strict data minimization principles, collecting only the information necessary to provide our educational services and improve user experience. We are particularly mindful of children’s privacy and collect different types of information depending on whether the user is a child or an adult.

The tables below outline what information we collect across our various services, where this information comes from, our legal basis for collecting it (explained in simple terms in Section 2.3), and why we need this information.

2.2 Categories of Personal and Non- Personal Information Collected, Sources, and Legal Bases (Last 12 Months)

A. Bimi Boo Kids Learning Academy
Category	Information Collected	Source	Legal Basis	Purpose
Identifiers and Login Credentials	– Email address – Password	Direct user input during account creation	– Contract Performance – Legal Obligation	– Account management and security – Multi-device access control
Child’s personal Information	– Child’s name (optional) – Child’s gender (optional) – Child’s date of birth (optional)	Parent/guardian input during profile setup	– Contract Performance – Consent for optional fields	– Profile management – Content personalization (including age-appropriate content)
Commercial Information	– Subscription status – Subscription history – Payment platform information	App store purchases and account activity	– Contract Performance – Legal Obligation	– Subscription management – Service delivery
Usage Data	– Game completion history – Learning achievements – Content interaction patterns	Automatic collection during app use	– Legitimate Interest – Contract Performance	– Service improvement – Content personalization
Technical Device Information	– Device identifier – Platform type – Device name – Session information	Automatic collection from device	– Legitimate Interest – Technical Necessity	– Service functionality and security – Multi-device access control
B. All Bimi Boo Apps
Category	Information Collected	Source	Legal Basis	Purpose
Technical Device Information	– Device identifiers – Platform type – Device model & brand – Operating system & version – Hardware specifications – Network connection status	Automatic collection from device	– Legitimate Interest – Technical Necessity	– Service functionality and security – Technical compatibility – Performance optimization
App Performance Data	– App version – Error logs – Crash reports – Performance metrics – Session information	Automatic collection during app use	– Legitimate Interest – Technical Necessity	– App stability – Bug fixing – Performance monitoring
Usage Information	– Game progress – Interaction patterns – In-app purchase events – New/established user status	Automatic collection during app use	– Legitimate Interest	– Service localization – Regional feature optimization – User experience optimization
C. Website (bimiboo.net)
Category	Information Collected	Source	Legal Basis	Purpose
Technical Information	– IP address – Browser type – Device information – Cookies and similar technologies	Automatic collection during website visits	– Legitimate Interest – Consent (for non-essential cookies)	Website functionality and security
Contact Information	– Email address – Name	Direct user input	– Consent (marketing) – Contract Performance (support)	Marketing communications and customer support
D. Web Subscription Page for Bimi Boo Academy
Identifiers and Contact Information	– Email address – Name	Direct user input during subscription	– Contract Performance – Legal Obligation	– Account creation – Subscription processing – Service delivery
Payment Information	– Payment method details – Billing address	Direct user input during checkout	– Contract Performance – Legal Obligation	– Subscription processing – Financial record keeping
Commercial Information	– Subscription plan selected – Transaction history	User selection and transaction records	– Contract Performance – Legal Obligation	– Subscription management – Service delivery
Technical Information	– IP address – Browser type and version – Device information – Cookies and similar technologies	Automatic collection during website visit	– Legitimate Interest – Consent (for non-essential cookies)	– Website functionality – Security – User experience improvement

2.3 Legal Bases Explained

Contract Performance: When you sign up for our app or subscribe to our service, we need to use your information to provide what you’ve asked for.

Example: We use your email address to create your account and remember your child’s progress so they can continue learning where they left off.

Legitimate Interest: Sometimes we need to use information to improve our services or protect our business, as long as it doesn’t unfairly impact your rights.

Example: We analyze how children use our games to make them more educational and engaging, or to fix technical issues.

Consent: Sometimes we’ll ask for your specific permission before using your information.

Example: Before sending you marketing emails about new games or special offers, we’ll ask if you want to receive them.

Technical Necessity: Some information is absolutely necessary for our apps to work properly.

Example: We need to know what type of device you’re using so our app displays correctly on your screen.

Legal Obligation: Sometimes the law requires us to collect, store, or share certain information.

Example: We may need to keep records of purchases for tax purposes, or respond to valid requests from government authorities.

We’re always careful with your information and only use it for the specific purposes explained in this policy.

3. WHO WE SHARE YOUR DATA WITH

3.1 Information Sharing Practices

We do not sell, trade, or otherwise disclose your and/or your child’s personal information to third parties for their marketing or commercial purposes. Your privacy is important to us, and we only share your data as necessary to provide our services through our trusted service providers listed below.

3.2 Our Data Processors

We partner with trusted service providers to process data on our behalf. We have signed Data Processing Agreements with each provider and ensure they maintain appropriate security measures and privacy standards.

Processor	Purpose	Data Processed	Legal Basis
Amazon Web Services (AWS)	Cloud infrastructure and data storage	– Email – Password – Child’s name – Child’s gender – Child’s date of birth – Learning progress history – Device identifier – Device platform – Device name and sessions – Subscription details	– Contract Performance – Legitimate Interest
AppsFlyer	Mobile attribution and marketing analytics	– Device identifiers – App installation data – Session and interaction data	– Legitimate Interest
Cloudflare	Security and content delivery network	– Country – User-Agent – City – IP Address	– Legitimate Interest (for security and service optimization)
Firebase	Analytics, crash reporting, and performance monitoring	– App usage statistics – App version – Error logs – In-app purchase events – Geographic and device data	– Legitimate Interest – Technical Necessity
Google Analytics	Website analytics	– Cookies – Usage statistics	– Consent (for non-essential cookies) – Legitimate Interest (for essential website functionality)
Google Cloud	Cloud infrastructure and data storage	– Email – Password – Child’s name – Child’s gender – Child’s date of birth – Learning progress history – Device identifier – Device platform – Device name and sessions – Subscription details	– Contract Performance (for service delivery) – Legitimate Interest (for security and functionality)
Mailchimp	Email marketing	– Email address	– Consent (for marketing communications)
Stripe	Payment processing for subscription purchases in our applications when downloaded from our web marketing pages	– Name – Email address – Payment method details – Transaction information – Billing address	– Contract Performance (for payment processing) – Legal Obligation (for financial record keeping)
Text, Inc.(Live chat)	Customer support services	– Email address – Name – Chat messages and content – Technical device information – IP address – Chat history	– Contract Performance (for support delivery) – Legitimate Interest (for service improvement)
Unity Cloud Diagnostics	Technical diagnostics and crash reporting	– Installation-specific ID – Performance data – Crash logs	– Legitimate Interest – Technical Necessity

3.3 Data Protection Measures

To ensure your data remains protected when shared with our processors:

We carefully select service providers who meet high privacy and security standards
We establish formal Data Processing Agreements with each provider
We limit data sharing to only what is necessary for the specified purpose
We regularly review our providers’ security practices and compliance
We implement appropriate security measures during data transfers
We ensure all processing complies with applicable privacy regulations

4. MARKETING COMMUNICATIONS

4.1 Our Marketing Communications

We may send you emails about our products and services, including:

Updates about our services
Special promotions and discounts
New product announcements
Educational content and tips
Newsletter updates

4.2 Third-Party Products

We may occasionally send you information about third-party products or services that we believe might interest you

Important: We do not share or sell your contact information with these third parties. All communications will come directly from us.

4.3 Your Control Over Marketing Messages

You can easily manage your preferences and opt out at any time by:

Clicking the “unsubscribe” link in any marketing email
Contacting us directly at [email protected]

5. HOW LONG WE KEEP YOUR INFORMATION

We keep your personal information only for as long as:

We need it to provide you with our services
It’s required by law
It’s necessary to resolve disputes or enforce our agreements
You also have the right to request deletion of your personal information at any time (as explained in Section 6.1.2)

6. UNDERSTANDING & EXERCISING YOUR PRIVACY RIGHTS

6.1 Your Privacy Rights

6.1.1 Your Right to Know What Information We Collect and Share

You have the right to request that we disclose:

The categories of personal information we’ve collected about you
Where we got this information from
Why we collect or share your information
Who we share your information with
The specific pieces of your personal information we’ve collected

Additionally, you can request that we tell you:

What categories of your information we’ve shared with third parties, and categories of third parties we shared it with (if applicable). Note: We do not sell or share your personal information with third parties.
What categories of your information we’ve disclosed for business purposes, and who we disclosed it to.

6.1.2 Your Right to Delete Personal Information

You have the right to request that we delete any personal information we have collected from you.

6.1.3 Your Right to Opt Out of Sale or Sharing

Important: We Do Not Sell Your Personal Information

We do not sell or share your personal information with third parties. However, if our practices change in the future, you would have the right, at any time, to direct us not to sell or share your personal information with third parties.

6.1.4 Your Right to Correct Inaccurate Information

You have the right to request that we correct any inaccurate personal information we maintain about you. When evaluating your correction request, we will consider the nature of the information and how we use it.

6.1.5 Your Right to Limit Use of Sensitive Information

You have the right, at any time, to direct us to limit our use of your sensitive personal information to only what is necessary to provide the goods or services you would reasonably expect when requesting those goods or services.

6.1.6 Your Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your privacy rights. This means we won’t:

Deny you goods or services
Charge you different prices or rates
Provide you with a different level or quality of goods or services

However, we may offer you certain financial incentives or different prices, rates, levels, or qualities of goods or services when the difference is reasonably related to the value of your data.

6.1.7 Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and applicable national laws:

a) Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to request that we transfer this data directly to another controller where technically feasible. This right applies to automated information that we process with your consent or for the performance of our contract with you.

b) Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, including:

When you contest the accuracy of your personal data (while we verify its accuracy)
When our processing is unlawful but you don’t want us to erase the data
When we no longer need your data but you require it to establish, exercise, or defend legal claims
When you’ve objected to our processing pending verification of whether our legitimate grounds override yours

c) Right to Object to Processing

Where we process your data based on our legitimate interests, you have the right to object to this processing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.

You also have the absolute right to object to the processing of your personal data for direct marketing purposes.

d) Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.1.8 International Data Transfers

If you are located in the EEA, UK, or Switzerland, we want you to know that your personal data may be transferred to and processed in countries outside your region, including the United States, where different data protection standards may apply.

When we transfer personal data outside the EEA, UK, or Switzerland, we implement appropriate safeguards to ensure your data remains protected according to this Privacy Policy. These safeguards may include:

Relying on adequacy decisions issued by the European Commission
Using Standard Contractual Clauses approved by the European Commission or other relevant authorities

You can request more information about these safeguards by contacting us at [email protected]

6.1.9 Data Protection Authority

If you are located in the EEA, UK, or Switzerland and believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a data protection authority in your country of residence, place of work, or where the alleged infringement occurred.

6.1.10 Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on our users. “Automated decision-making” means a decision made solely by automated means without any human involvement that has a legal effect or significantly affects you or your child.

We also do not engage in “profiling” as defined under applicable data protection laws, including Article 4(4) of the GDPR. This means that we do not use your personal information, or your child’s, to analyze or predict aspects concerning your or your child’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, for purposes that would have a significant effect.

While we may personalize educational content based on a child’s age or progress, such personalization is strictly to enhance the learning experience and does not involve profiling that produces legal or similarly significant effects, nor is it used for targeted advertising or similar purposes.

6.2 How To Exercise Your Rights

Since we operate exclusively online, you can exercise all of your privacy rights by sending an email to:

[email protected]

When contacting us, please specify which privacy right you wish to exercise. We will respond to your request within the timeframe required by law and verify your identity before processing your request to protect your privacy and security.

If you have any questions about exercising your rights, please don’t hesitate to contact us at the same email address.

7. CHILDREN’S PRIVACY

7.1 Our Commitment to Children’s Privacy

As creators of educational content for children, we take children’s privacy extremely seriously and comply with the Children’s Online Privacy Protection Act (COPPA). This section explains our practices regarding children’s personal information.

7.2 Information We Collect from Children

Types of Information:

Child’s name (optional) – Provided by parent/guardian during profile setup
Child’s gender (optional) – Provided by parent/guardian during profile setup
Child’s date of birth (optional) – Provided by parent/guardian during profile setup
Game progress and learning achievements – Automatically collected during app use
Device information – Automatically collected from the device

How We Use This Information:

To personalize educational content based on the child’s age and progress
To track learning achievements and progress
To provide multi-device access to saved progress
To improve our educational content and user experience
To maintain the technical functionality and security of our services

Public Disclosure:

We do not enable children to make their personal information publicly available through our services. All information is kept private and is not shared with other users.

Disclosure Practices:

We only share children’s information with our trusted service providers (listed in Section 3.2) who help us operate our services. We never sell or share children’s personal information for marketing purposes.

7.3 Parental Rights and Control

Parents or guardians have the right to:

Review their child’s information – Parents can access and review all personal information we have collected from their child by contacting us at [email protected]
Delete their child’s information – Parents can request deletion of their child’s personal information at any time by contacting us at [email protected]
Refuse further collection or use – Parents can refuse to permit further collection or use of their child’s personal information at any time by contacting us at [email protected]

To exercise any of these rights, please contact us with your request. We will respond to your request within a reasonable timeframe and after verifying your identity as the child’s parent or guardian.

7.4 Verifiable Parental Consent

Before collecting, using, or disclosing personal information from children under 13, we obtain verifiable parental consent by implementing the following methods:

Requiring account creation by a parent or legal guardian, where applicable
Using app store payment mechanisms (e.g., Apple App Store or Google Play) that involve adult credentials and require adult verification for purchases
Implementing a parental gate using a math question designed to be difficult for children to answer correctly, thereby preventing them from accessing areas of the app or features where personal information may be collected without prior parental involvement
Never collecting personal information directly from children without a parent’s or guardian’s active participation or consent

7.5 Minimal Data Collection

We do not condition a child’s participation in games, activities, or access to features on the disclosure of more personal information than is reasonably necessary for the activity. Optional information (such as name, gender, and birth date) is clearly marked as such.

7.6 Data Security Measures for Children’s Information

We maintain strict security measures to protect children’s personal information, including:

Encryption of sensitive data in transit and at rest
Regular security assessments and testing
Strict access controls and authentication procedures
Staff training on children’s privacy protection
Data minimization practices

8. DO NOT TRACK (DNT) SIGNALS

Our website does not currently recognize or respond to “Do Not Track” (DNT) browser signals or similar privacy control mechanisms. DNT is a privacy preference that users can set in certain web browsers. While we respect your privacy choices, these automated requests will not change how we collect and use data. However, you have several options to control tracking:

You can adjust your browser settings to manage tracking and cookie permissions; or
You can email us at [email protected] to opt out of data collection as detailed in Section 6 of this Privacy Policy.

We want to be clear that we do not engage in behavioral advertising directed at children, and we do not track or target children for advertising purposes, in compliance with applicable children’s privacy protection laws. We take children’s privacy seriously and maintain strict policies to protect it.

9. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies on our website and web subscription pages to improve your experience, analyze usage, and provide personalized content.

For detailed information about the types of cookies we use, how we use them, and how you can control them, please see our Cookie Policy.

When you visit our website or web subscription pages for the first time, you will be prompted to accept or decline non-essential cookies.

Bimi Boo