← Home

Privacy Policy

Draft pending counsel review

This draft describes how Blonella (a TexoByte product) handles information today. It is written to match the product as built—not a blank placeholder—and will be reviewed by counsel before we treat it as a final public launch policy. It is not legal advice.

Parent accounts, not child storefronts

Blonella accounts belong to parents or guardians. Children are profiles under a family account. In the current product, children do not create independent email/password logins. Child mode is a short, parent-gated handoff for check-in—not a commerce surface. Purchases (including Amazon affiliate links) are parent-side only.

What we collect

Parent: email, authentication credentials or linked sign-in provider data, optional MFA settings, session cookies, and account preferences.

Child profiles (parent-entered): display name, optional age band (we prefer a band over a full date of birth), optional avatar key, parental consent record (policy version, method, timestamp), reading lists/journeys, progress and finish events (including simple mood-style feedback), and reward grants tied to completions.

We do not collect child email, phone, precise geolocation, photos of the child, or a child social graph for the MVP.

Parental consent & control

Creating a child profile requires an explicit parental consent checkbox bound to our current consent policy version, from an authenticated parent. Parents can export account data and delete their account (which cascades owned family data for that account). Counsel will review whether our consent mechanism is adequate under COPPA for public launch.

How we use information

To run the reading habit product: shelves, journeys, progress, parent approval, optional rewards, security, support, and optional parent-facing email (for example password reset or finish notifications). We do not run advertising networks and we do not sell children's personal data.

Cookies, sessions & analytics

We use essential cookies and similar storage for parent authentication, Child mode session handling, and related security (for example locking parent privileges while Child mode is active). These are needed for the product to work.

Optional product analytics may use Plausible when enabled. Plausible is cookieless by design; we intend aggregate events only and do not send child free-text into analytics.

Third parties you may encounter

  • Cloudflare — hosting, database, storage, and related infrastructure for the app.
  • Email delivery (Resend) — transactional mail to parents; child display names may appear in parent-facing copy (for example a finish notice).
  • Catalog providers (such as Open Library / Google Books) — book metadata lookups; we do not send child profiles to those services for catalog search.
  • Amazon— when a parent chooses a Buy on Amazon affiliate link, the browser navigates to Amazon. Amazon's own privacy practices then apply. We send product/link context for purchases, not child profiles. See our affiliate disclosure.

Export & deletion

Parents can request an export of account data and delete their account from in-app security settings. Deletion removes the parent account and cascades owned family, child profiles, lists, and progress for that account according to our current deletion path.

Contact & changes

Questions about this draft: use the channels listed on About Blonella when published, or update this section once a public contact address is live. We may revise this page as the product and counsel review evolve; the “Last updated” date below will change when we do.

Last updated: July 15, 2026