TokenPalsTokenPals
 Back home

Privacy Notice

Last updated: 1 May 2026

This Privacy Notice explains how Emily Rose Close, an individual sole proprietor trading as "TokenPals" ("we", "us", or "our"), collects, uses, shares, and protects your personal data when you use the TokenPals service (the "Service"). We act as the data controller of personal data collected through the Service.

1. Personal data we collect

We collect the following categories of personal data:

  • Account data — your name, email address, password (stored hashed), and account type (parent or teacher).
  • Child profile data — the first name (or nickname) and learning preferences of each child you set up. We do not require a child's full legal name, address, or contact details.
  • Gameplay & progress data — game sessions, accuracy, tokens earned and spent, items owned, sticker placements, and pal interactions.
  • Support & communication data — emails you send us and any other messages you choose to share.
  • Technical data — IP address, device type, browser, operating system, language, and basic usage telemetry (e.g. pages viewed, errors).
  • Payment data — handled directly by Paddle, our Merchant of Record (see "How we share data" below). We receive limited information from Paddle such as subscription status, plan, and the last four digits of the payment method.

2. How we use personal data

We use personal data to:

  • create and manage your account, and provide the Service to you and your child (legal basis: performance of a contract);
  • process subscriptions, payments, and refunds via Paddle (performance of a contract);
  • secure the Service and prevent fraud or abuse (legitimate interests);
  • respond to support requests (performance of a contract / legitimate interests);
  • improve the Service — fix bugs, refine learning content, understand usage patterns (legitimate interests);
  • send essential service emails, such as account confirmation, billing notices, and policy changes (performance of a contract / legal obligation);
  • comply with legal obligations (legal obligation).

3. Children's privacy

TokenPals is designed to be used by children under the supervision of a parent, guardian, or teacher. Accounts are always created and managed by an adult. We deliberately collect the minimum information needed about a child (a first name or nickname, plus learning progress). We do not show advertising to children, do not sell child data, and do not use child data to build third-party advertising profiles.

4. How we share data

We share personal data only with the following categories of recipients:

  • Paddle — our Merchant of Record, who handles payments, subscription management, billing, tax compliance, and invoicing.
  • Service providers (subprocessors) — hosting, database, email delivery, error monitoring, and analytics tools that help us run the Service.
  • Professional advisers — legal, accounting, and similar advisers, where reasonably necessary.
  • Authorities — where required by law, court order, or to protect our rights or the safety of others.

We do not sell personal data.

5. International transfers

Some of our service providers are based outside your country of residence (including in the United States and the European Union). Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, where required by law.

6. Data retention

We keep personal data only for as long as needed for the purposes described above. Account and child profile data is retained while your account is active. If you delete your account, we delete or anonymise associated personal data within 90 days, except where we are required to keep it longer for legal, tax, or fraud-prevention reasons (e.g. transaction records).

7. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate personal data;
  • delete your personal data ("right to erasure");
  • restrict or object to certain processing;
  • port your personal data to another service;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at support@tokenpalsapp.com. We aim to respond within 30 days.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS/TLS), encryption at rest where available, access controls, hashed passwords, and row-level database security. No system is perfectly secure — if we ever become aware of a breach affecting your data, we will notify you without undue delay where required by law.

9. Cookies

We use a small number of essential cookies and similar technologies to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. You can manage cookie settings through your browser; note that disabling essential cookies may break parts of the Service.

10. Changes to this notice

We may update this Privacy Notice from time to time. The "Last updated" date at the top reflects the latest revision. If we make material changes, we will notify you by email or in-app notice before they take effect.

11. Contact

Questions about this Privacy Notice or how we handle your data? Email support@tokenpalsapp.com.