1. Introduction
This Privacy Policy explains how Adaptels Pte. Ltd.("Adaptels", "we", "us", or "our"), a company incorporated in Singapore and the data controller responsible for your personal data, collects, uses, stores, protects, and discloses personal data when you use QuizKin (the "Service").
This policy is designed to comply with the Singapore Personal Data Protection Act 2012 ("PDPA") and reflects our commitment to handling personal data — especially children's data — with the highest standard of care.
Our contact details for privacy matters are in Section 12. The data controller is:
- Entity: Adaptels Pte. Ltd.
- Country of incorporation: Singapore
- Data Protection Officer: [email protected]
2.1 Account Information (Parents)
- Name— provided during registration.
- Email address— used for authentication, account recovery, and service communications.
- Password hash— passwords are salted and hashed by AWS Cognito. We never store or have access to plaintext passwords.
2.2 Child Profile Information
- Name or nickname— chosen by the parent for display inside the app.
- Age and learning level(e.g. K1 or K2) — used to calibrate quiz difficulty and recommendations.
- Avatar preferences— colour and emoji selected by the parent; optional photo uploaded to S3.
2.3 Usage Data
- Quiz responses and scores— the answers your child gives and the resulting accuracy and speed metrics.
- Progress data— category mastery, streaks, stickers, and other learning milestones.
- Session analytics— length of sessions, categories attempted, focus-score signals, and completion events, used to power the Parent Dashboard.
2.4 Biometric Data (Face Descriptors, Optional)
If, and only if, you enrol your child in face-based login, we store a 128-dimensional mathematical face descriptor (an array of numbers derived from facial geometry) for the purpose of matching at sign-in. We do notstore photographs, video frames, or any visual recording. Face detection runs entirely in your device's browser using face-api.js; the raw camera feed never leaves the device.
You may delete all face descriptors for a child at any time from the Parent Dashboard. Deletion is immediate and irreversible.
2.5 Voice Recordings
QuizKin uses server-generated audio for text-to-speech narration (via Amazon Polly); we do not record your child's voice or capture microphone input for voice authentication or any other purpose.
2.6 Payment Information
If you subscribe to a paid plan, payment is processed by Stripe, our PCI DSS-compliant payment processor. Stripe collects and stores your card details directly; Adaptels does not store card numbers, CVVs, or bank account details on our servers. We receive only a payment token and metadata such as the last four digits and expiry date for identification purposes.
2.7 Technical Data
- IP address— recorded in server logs for security, abuse prevention, and diagnostics. We do not use IP addresses to build marketing profiles.
- Browser and device information— type, version, and operating system, used for compatibility and bug diagnosis.
We use the personal data described above to:
- Deliver the Service— authenticate parents, operate child profiles, generate quizzes, and track progress.
- Personalise learning— adapt question selection and difficulty to each child's performance.
- Provide analytics to parents— generate dashboards and weekly email reports.
- Process billing— manage subscriptions, invoices, and refunds via Stripe.
- Communicate with you— send service updates, billing confirmations, security alerts, and (with your consent) product news.
- Improve the Service— analyse aggregated, anonymised usage to improve content quality and reliability.
- Comply with law— respond to lawful requests, enforce our Terms, and prevent fraud or abuse.
We do notuse your or your child's data for advertising, behavioural profiling, or any purpose unrelated to providing and improving the educational service.
4. Parental Consent for Children's Data
- You consent on behalf of your child.Where a child is under the age of majority (under 18 in Singapore), the parent or legal guardian provides consent for the collection and processing of the child's personal data.
- Right to review.Parents may view all personal data associated with their child's account at any time from the Parent Dashboard, or by contacting us.
- Right to deletion.Parents may request deletion of some or all of their child's data at any time. Deletions complete within 30 days on primary systems and within 90 days on backups.
- No ads, no sales.We do not serve advertisements to children and we do not sell, rent, or trade children's data to any third party.
- Withdrawing consent. You may withdraw consent for any optional data processing (for example, face descriptors) at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
5. Third-Party Processors
We use the following third-party service providers to operate QuizKin. Each has been selected for its security posture and data-protection practices. These providers act as data processors on our behalf and only process personal data under contractual obligations that mirror the protections in this policy.
- Amazon Web Services (AWS)— hosting, database (DynamoDB), storage (S3), and content delivery. Infrastructure is deployed in the Singapore region (ap-southeast-1).
- AWS Cognito— user authentication, password hashing, email verification, and session management.
- Amazon Polly— generates spoken audio for question narration (no child voice is recorded).
- Stripe— subscription billing and payment processing. PCI DSS Level 1 compliant.
- Cloudflare— DNS management and edge CDN. Cloudflare does not have access to application-layer personal data.
- Google Analytics 4 (GA4)— anonymous, aggregated site usage analytics. We do not link GA4 events to individual parent or child identities.
We do not use Facebook Pixel, retargeting networks, data brokers, advertising SDKs, or any third-party AI or analytics service that profiles users for marketing.
6. Data Retention
- Active accounts. We retain personal data for as long as your account is active and for a reasonable period afterwards to fulfil the purposes described in this policy.
- After account closure. Upon account deletion, personal data is purged from our primary systems within 30 days. Automated backups are rotated and purged within 90 days.
- Biometric data.Face descriptors are retained only while the child's account is active and face login is enabled. They are deleted immediately on parental request or when face login is disabled.
- Legal retention. Certain data (for example, billing records for tax purposes) may be retained for longer where required by law.
7. Your Rights (PDPA)
Under the Singapore Personal Data Protection Act, you have the following rights, exercisable by emailing [email protected]:
- Right of access— to request a copy of the personal data we hold about you and your children.
- Right of correction— to update or correct inaccurate personal data.
- Right of withdrawal of consent— to withdraw consent for any consent-based processing (for example, biometric data or marketing emails).
- Right of deletion— to request deletion of personal data, subject to our legal retention obligations.
- Right of data portability— to export your data and your children's data in a machine-readable format (JSON).
- Right to complain— to lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC) at www.pdpc.gov.sg.
We will respond to verified requests within 30 days.
8. Cookies
QuizKin uses minimal browser storage, limited to what is needed to operate the Service:
- Authentication cookies and tokens(via AWS Cognito and our session system) — strictly necessary to keep you signed in.
- Preference data(in localStorage / IndexedDB) — stored on-device for offline use and UI preferences.
- Analytics cookies— set by Google Analytics 4 to understand aggregate usage. Subject to our cookie banner where applicable.
We do not use advertising cookies, third-party retargeting cookies, or cross-site tracking.
9. Data Security
- Encryption in transit.All data transmitted between your device and our servers is encrypted using TLS 1.2 or later.
- Encryption at rest. All stored data, including face descriptors and quiz data, is encrypted using AES-256 or equivalent.
- Access controls. Access to production systems is restricted by role-based access control, multi-factor authentication, and audit logging.
- Least privilege. Staff access to personal data is limited to the minimum required for support, fraud prevention, and compliance.
- Security reviews. We perform regular vulnerability assessments of our infrastructure and application code.
10. International Data Transfer
QuizKin infrastructure is hosted in AWS's Singapore region (ap-southeast-1), which we treat as our primary data-residency region.
However, some of our third-party processors may store or process data outside Singapore as part of delivering their global services, including but not limited to:
- Stripe— payment processing occurs on Stripe's global infrastructure, which includes data centres in the United States and elsewhere.
- Cloudflare— DNS and CDN edge services operate globally.
- Google Analytics 4— analytics events may be processed on Google's global infrastructure.
Where personal data is transferred outside Singapore, we take reasonable steps to ensure that it is afforded a level of protection comparable to that under the PDPA, including by relying on contractual protections, vendor certifications (SOC 2, ISO 27001, PCI DSS) and data-processing agreements.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will:
- update the version number and effective date at the top of this page;
- notify you by email or in-app notice at least 30 days before the change takes effect where feasible; and
- prompt you to re-accept the updated Privacy Policy on your next login where the change is material.
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: