Last updated: 15 May 2025

BIMI BOO PRIVACY POLICY

Welcome to Bimi Boo’s Privacy Policy!
At Bimi Boo, we’re committed to creating a safe, transparent, and trustworthy environment for all our users — especially children. This Privacy Policy explains how Bimi Boo Kids Learning Games for Toddlers FZ-LLC (“Bimi Boo,” “we,” “us,” or “our”) collects, uses, and protects your information whenever you use our services.

1. INTRODUCTION TO OUR PRIVACY POLICY

1.1 Our Commitment to Privacy

As creators of educational content for children, we take privacy extremely seriously. We comply with global privacy laws, GDPR, the Children’s Online Privacy Protection Act (COPPA), CCPA / CPRA and various US state privacy laws and regulations. Our approach is to minimize the data we collect, and we strive to maintain the highest standards of data protection.

1.2 Who We Are

Bimi Boo Kids Learning Games for Toddlers FZ-LLC 

Registration Address: 124, Floor 1, OQ 3, Building 5 Dubai Media City, Dubai, 73030, UAE

Contact Information: 

Email: [email protected] 

1.3 Scope of this Policy

This Privacy Policy applies to:

  • Our website (http://bimiboo.net )

  • Our mobile applications, including:

    • Bimi Boo Kids Learning Academy

  • Any other related services we provide

1.4 Understanding This Policy

This Privacy Policy covers:

  • What personal and non-personal data we collect

  • How we collect, use, and protect your information

  • How, when, and why we may share your information

  • Your rights and choices regarding your personal data

  • How you can access and control your information

We aim to keep this policy clear and accessible for all our users, while ensuring full compliance with relevant privacy laws. We encourage parents and guardians to review this policy carefully, as it affects your rights and your child’s privacy when using our services.

Please note:
Our website is primarily intended for parents and guardians. Our apps are designed for children’s use.

Policy Updates:
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website. 

2. INFORMATION WE COLLECT AND PROCESS

2.1 Our Data Collection Principles

At Bimi Boo, we follow strict data minimization principles, collecting only the information necessary to provide our educational services and improve user experience. We are particularly mindful of children’s privacy and collect different types of information depending on whether the user is a child or an adult.

The tables below outline what information we collect across our various services, where this information comes from, our legal basis for collecting it (explained in simple terms in Section 2.3), and why we need this information.

2.2 Categories of Personal and Non- Personal Information Collected, Sources, and Legal Bases (Last 12 Months)

A. Bimi Boo Kids Learning Academy

Category

Information Collected

Source

Legal Basis

Purpose

Identifiers and Login Credentials

– Email address

– Password

Direct user input during account creation

– Contract Performance

– Legal Obligation

– Account management and security

– Multi-device access control

Child’s personal Information

– Child’s name (optional)

– Child’s gender (optional)

– Child’s date of birth (optional)

Parent/guardian input during profile setup

– Contract Performance

– Consent for optional fields

– Profile management

– Content personalization (including age-appropriate content)

Commercial Information

– Subscription status

– Subscription history

– Payment platform information

App store purchases and account activity

– Contract Performance

– Legal Obligation

– Subscription management

– Service delivery

Usage Data

– Game completion history

– Learning achievements

– Content interaction patterns

Automatic collection during app use

– Legitimate Interest

– Contract Performance

– Service improvement

– Content personalization

Technical Device Information

– Device identifier

– Platform type

– Device name

– Session information

Automatic collection from device

– Legitimate Interest

– Technical Necessity

– Service functionality and security

– Multi-device access control

B. All Bimi Boo Apps

Category

Information Collected

Source

Legal Basis

Purpose

Technical Device Information

– Device identifiers

– Platform type

– Device model & brand

– Operating system & version

– Hardware specifications

– Network connection status

Automatic collection from device

– Legitimate Interest

– Technical Necessity

– Service functionality and security

– Technical compatibility

– Performance optimization

App Performance Data

– App version

– Error logs

– Crash reports

– Performance metrics

– Session information

Automatic collection during app use

– Legitimate Interest

– Technical Necessity

– App stability

– Bug fixing

– Performance monitoring

Usage Information

– Game progress

– Interaction patterns

– In-app purchase events

– New/established user status

Automatic collection during app use

– Legitimate Interest

– Service localization

– Regional feature optimization

– User experience optimization

C. Website (bimiboo.net)

Category

Information Collected

Source

Legal Basis

Purpose

Technical Information

– IP address

– Browser type

– Device information

– Cookies and similar technologies

Automatic collection during website visits

– Legitimate Interest

– Consent (for non-essential cookies)

Website functionality and security

Contact Information

– Email address

– Name

Direct user input

– Consent (marketing)

– Contract Performance (support)

Marketing communications and customer support


D. Web Subscription Page for Bimi Boo Academy

Identifiers and Contact Information

– Email address

– Name

Direct user input during subscription

– Contract Performance

– Legal Obligation

– Account creation

– Subscription processing

– Service delivery

Payment Information

– Payment method details

– Billing address

Direct user input during checkout

– Contract Performance

– Legal Obligation

– Subscription processing

– Financial record keeping

Commercial Information

– Subscription plan selected

– Transaction history

User selection and transaction records

– Contract Performance

– Legal Obligation

– Subscription management

– Service delivery

Technical Information

– IP address

– Browser type and version

– Device information

– Cookies and similar technologies

Automatic collection during website visit

– Legitimate Interest

– Consent (for non-essential cookies)

– Website functionality

– Security

– User experience improvement

2.3 Legal Bases Explained

  • Contract Performance: When you sign up for our app or subscribe to our service, we need to use your information to provide what you’ve asked for.

Example: We use your email address to create your account and remember your child’s progress so they can continue learning where they left off.

  • Legitimate Interest: Sometimes we need to use information to improve our services or protect our business, as long as it doesn’t unfairly impact your rights.

Example: We analyze how children use our games to make them more educational and engaging, or to fix technical issues.

  • Consent: Sometimes we’ll ask for your specific permission before using your information.

Example: Before sending you marketing emails about new games or special offers, we’ll ask if you want to receive them.

  • Technical Necessity: Some information is absolutely necessary for our apps to work properly.

Example: We need to know what type of device you’re using so our app displays correctly on your screen.

  • Legal Obligation: Sometimes the law requires us to collect, store, or share certain information.

Example: We may need to keep records of purchases for tax purposes, or respond to valid requests from government authorities.

We’re always careful with your information and only use it for the specific purposes explained in this policy. 

3. WHO WE SHARE YOUR DATA WITH

3.1 Information Sharing Practices

We do not sell, trade, or otherwise disclose your and/or your child’s personal information to third parties for their marketing or commercial purposes. Your privacy is important to us, and we only share your data as necessary to provide our services through our trusted service providers listed below.

3.2 Our Data Processors 

We partner with trusted service providers to process data on our behalf. We have signed Data Processing Agreements with each provider and ensure they maintain appropriate security measures and privacy standards. 

Processor

Purpose

Data Processed

Legal Basis

Amazon Web Services (AWS)

Cloud infrastructure and data storage

– Email

– Password

– Child’s name

– Child’s gender

– Child’s date of birth

– Learning progress history

– Device identifier

– Device platform

– Device name and sessions

– Subscription details

– Contract Performance 

– Legitimate Interest

AppsFlyer

Mobile attribution and marketing analytics

– Device identifiers

– App installation data

– Session and interaction data

– Legitimate Interest

Cloudflare

Security and content delivery network

– Country

– User-Agent

– City

– IP Address

– Legitimate Interest (for security and service optimization)

Firebase

Analytics, crash reporting, and performance monitoring

– App usage statistics

– App version

– Error logs

– In-app purchase events

– Geographic and device data

– Legitimate Interest

– Technical Necessity

Google Analytics

Website analytics

– Cookies

– Usage statistics

– Consent (for non-essential cookies)

– Legitimate Interest (for essential website functionality)

Google Cloud

Cloud infrastructure and data storage

– Email

– Password

– Child’s name

– Child’s gender

– Child’s date of birth

– Learning progress history

– Device identifier

– Device platform

– Device name and sessions

– Subscription details

– Contract Performance (for service delivery)

– Legitimate Interest (for security and functionality)

Mailchimp

Email marketing

– Email address

– Consent (for marketing communications)

Stripe

Payment processing for subscription purchases in our applications when downloaded from our web marketing pages

– Name

– Email address

– Payment method details

– Transaction information

– Billing address

– Contract Performance (for payment processing)

– Legal Obligation (for financial record keeping)

Text, Inc.(Live chat)

Customer support services

– Email address

– Name

– Chat messages and content

– Technical device information

– IP address

– Chat history

– Contract Performance (for support delivery)

– Legitimate Interest (for service improvement)

Unity Cloud Diagnostics

Technical diagnostics and crash reporting

– Installation-specific ID

– Performance data

– Crash logs

– Legitimate Interest

– Technical Necessity

3.3 Data Protection Measures

To ensure your data remains protected when shared with our processors:

  • We carefully select service providers who meet high privacy and security standards

  • We establish formal Data Processing Agreements with each provider

  • We limit data sharing to only what is necessary for the specified purpose

  • We regularly review our providers’ security practices and compliance

  • We implement appropriate security measures during data transfers

  • We ensure all processing complies with applicable privacy regulations

4. MARKETING COMMUNICATIONS

4.1 Our Marketing Communications

We may send you emails about our products and services, including: 

  • Updates about our services

  • Special promotions and discounts

  • New product announcements

  • Educational content and tips

  • Newsletter updates

4.2 Third-Party Products

We may occasionally send you information about third-party products or services that we believe might interest you

Important: We do not share or sell your contact information with these third parties. All communications will come directly from us.

4.3 Your Control Over Marketing Messages

You can easily manage your preferences and opt out at any time by

  • Clicking the “unsubscribe” link in any marketing email

  • Contacting us directly at [email protected] 

5. HOW LONG WE KEEP YOUR INFORMATION 

We keep your personal information only for as long as:

  • We need it to provide you with our services

  • It’s required by law

  • It’s necessary to resolve disputes or enforce our agreements 

  • You also have the right to request deletion of your personal information at any time (as explained in Section 6.1.2)


6. UNDERSTANDING & EXERCISING YOUR PRIVACY RIGHTS

6.1 Your Privacy Rights

6.1.1 Your Right to Know What Information We Collect and Share

You have the right to request that we disclose:

  1. The categories of personal information we’ve collected about you

  2. Where we got this information from

  3. Why we collect or share your information

  4. Who we share your information with

  5. The specific pieces of your personal information we’ve collected

Additionally, you can request that we tell you:

  1. What categories of your information we’ve shared with third parties, and categories of third parties we shared it with (if applicable). Note: We do not sell or share your personal information with third parties.

  2. What categories of your information we’ve disclosed for business purposes, and who we disclosed it to.

6.1.2 Your Right to Delete Personal Information 

You have the right to request that we delete any personal information we have collected from you.

6.1.3 Your Right to Opt Out of Sale or Sharing

Important: We Do Not Sell Your Personal Information 

We do not sell or share your personal information with third parties. However, if our practices change in the future, you would have the right, at any time, to direct us not to sell or share your personal information with third parties. 

6.1.4 Your Right to Correct Inaccurate Information

You have the right to request that we correct any inaccurate personal information we maintain about you. When evaluating your correction request, we will consider the nature of the information and how we use it. 

6.1.5 Your Right to Limit Use of Sensitive Information

You have the right, at any time, to direct us to limit our use of your sensitive personal information to only what is necessary to provide the goods or services you would reasonably expect when requesting those goods or services. 

6.1.6 Your Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your privacy rights. This means we won’t:

  • Deny you goods or services

  • Charge you different prices or rates

  • Provide you with a different level or quality of goods or services

However, we may offer you certain financial incentives or different prices, rates, levels, or qualities of goods or services when the difference is reasonably related to the value of your data. 

6.1.7 Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and applicable national laws:

a) Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to request that we transfer this data directly to another controller where technically feasible. This right applies to automated information that we process with your consent or for the performance of our contract with you.

b) Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, including:

  • When you contest the accuracy of your personal data (while we verify its accuracy)

  • When our processing is unlawful but you don’t want us to erase the data

  • When we no longer need your data but you require it to establish, exercise, or defend legal claims

  • When you’ve objected to our processing pending verification of whether our legitimate grounds override yours

c) Right to Object to Processing

Where we process your data based on our legitimate interests, you have the right to object to this processing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.

You also have the absolute right to object to the processing of your personal data for direct marketing purposes.

d) Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.1.8 International Data Transfers

If you are located in the EEA, UK, or Switzerland, we want you to know that your personal data may be transferred to and processed in countries outside your region, including the United States, where different data protection standards may apply.

When we transfer personal data outside the EEA, UK, or Switzerland, we implement appropriate safeguards to ensure your data remains protected according to this Privacy Policy. These safeguards may include:

  • Relying on adequacy decisions issued by the European Commission

  • Using Standard Contractual Clauses approved by the European Commission or other relevant authorities

You can request more information about these safeguards by contacting us at [email protected]  

6.1.9 Data Protection Authority

If you are located in the EEA, UK, or Switzerland and believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a data protection authority in your country of residence, place of work, or where the alleged infringement occurred. 

6.1.10 Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on our users. “Automated decision-making” means a decision made solely by automated means without any human involvement that has a legal effect or significantly affects you or your child.

We also do not engage in “profiling” as defined under applicable data protection laws, including Article 4(4) of the GDPR. This means that we do not use your personal information, or your child’s, to analyze or predict aspects concerning your or your child’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, for purposes that would have a significant effect.

While we may personalize educational content based on a child’s age or progress, such personalization is strictly to enhance the learning experience and does not involve profiling that produces legal or similarly significant effects, nor is it used for targeted advertising or similar purposes. 

6.2 How To Exercise Your Rights

Since we operate exclusively online, you can exercise all of your privacy rights by sending an email to:

[email protected]

When contacting us, please specify which privacy right you wish to exercise. We will respond to your request within the timeframe required by law and verify your identity before processing your request to protect your privacy and security.

If you have any questions about exercising your rights, please don’t hesitate to contact us at the same email address. 

7. CHILDREN’S PRIVACY

7.1 Our Commitment to Children’s Privacy

As creators of educational content for children, we take children’s privacy extremely seriously and comply with the Children’s Online Privacy Protection Act (COPPA). This section explains our practices regarding children’s personal information.

7.2 Information We Collect from Children

Types of Information:

  • Child’s name (optional) – Provided by parent/guardian during profile setup

  • Child’s gender (optional) – Provided by parent/guardian during profile setup

  • Child’s date of birth (optional) – Provided by parent/guardian during profile setup

  • Game progress and learning achievements – Automatically collected during app use

  • Device information – Automatically collected from the device

How We Use This Information:

  • To personalize educational content based on the child’s age and progress

  • To track learning achievements and progress

  • To provide multi-device access to saved progress

  • To improve our educational content and user experience

  • To maintain the technical functionality and security of our services

Public Disclosure:

We do not enable children to make their personal information publicly available through our services. All information is kept private and is not shared with other users.

Disclosure Practices:

We only share children’s information with our trusted service providers (listed in Section 3.2) who help us operate our services. We never sell or share children’s personal information for marketing purposes.

7.3 Parental Rights and Control

Parents or guardians have the right to:

  • Review their child’s information – Parents can access and review all personal information we have collected from their child by contacting us at [email protected]

  • Delete their child’s information – Parents can request deletion of their child’s personal information at any time by contacting us at [email protected]

  • Refuse further collection or use – Parents can refuse to permit further collection or use of their child’s personal information at any time by contacting us at [email protected]

To exercise any of these rights, please contact us with your request. We will respond to your request within a reasonable timeframe and after verifying your identity as the child’s parent or guardian.

7.4 Verifiable Parental Consent

Before collecting, using, or disclosing personal information from children under 13, we obtain verifiable parental consent by implementing the following methods:

  • Requiring account creation by a parent or legal guardian, where applicable

  • Using app store payment mechanisms (e.g., Apple App Store or Google Play) that involve adult credentials and require adult verification for purchases

  • Implementing a parental gate using a math question designed to be difficult for children to answer correctly, thereby preventing them from accessing areas of the app or features where personal information may be collected without prior parental involvement

  • Never collecting personal information directly from children without a parent’s or guardian’s active participation or consent

7.5 Minimal Data Collection

We do not condition a child’s participation in games, activities, or access to features on the disclosure of more personal information than is reasonably necessary for the activity. Optional information (such as name, gender, and birth date) is clearly marked as such.

7.6 Data Security Measures for Children’s Information

We maintain strict security measures to protect children’s personal information, including:

  • Encryption of sensitive data in transit and at rest

  • Regular security assessments and testing

  • Strict access controls and authentication procedures

  • Staff training on children’s privacy protection

  • Data minimization practices

8. DO NOT TRACK (DNT) SIGNALS

Our website does not currently recognize or respond to “Do Not Track” (DNT) browser signals or similar privacy control mechanisms. DNT is a privacy preference that users can set in certain web browsers. While we respect your privacy choices, these automated requests will not change how we collect and use data. However, you have several options to control tracking:

  1. You can adjust your browser settings to manage tracking and cookie permissions; or

  2. You can email us at [email protected] to opt out of data collection as detailed in Section 6 of this Privacy Policy.

We want to be clear that we do not engage in behavioral advertising directed at children, and we do not track or target children for advertising purposes, in compliance with applicable children’s privacy protection laws. We take children’s privacy seriously and maintain strict policies to protect it.

9. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies on our website and web subscription pages to improve your experience, analyze usage, and provide personalized content.

For detailed information about the types of cookies we use, how we use them, and how you can control them, please see our Cookie Policy.

When you visit our website or web subscription pages for the first time, you will be prompted to accept or decline non-essential cookies.