How Surprise Button Protects Your Child’s Privacy and Data
When you hand your child an iPad with any app, you’re trusting that company with your family’s privacy. Most educational apps collect far more data than parents realize, often sharing it with third parties for advertising and analytics.
This post explains exactly what Surprise Button does—and critically, doesn’t do—with data. No corporate jargon, no legal hedging. Just honest transparency about how we protect your children.
The Short Version (TL;DR)
What We Don’t Collect:
- ❌ No legal names, birthdays, or government IDs from children
- ❌ No location tracking
- ❌ No photos or videos
- ❌ No contact lists or device information
- ❌ No behavioral profiling or advertising IDs
- ❌ No third-party analytics on children
- ❌ No selling of any data to anyone
What We Do Collect:
- ✅ Parent email (you provide during signup)
- ✅ Age band selection (3-4, 5-7, 8-10, 11-13, or 14-16)
- ✅ Child profile nickname + age band (up to five per household, created by parents)
- ✅ Topics explored (to send you daily summaries)
- ✅ Time spent on topics (for your parent reports)
- ✅ Subscription status (processed securely by Apple; we never see your card details)
The Privacy Promise: Children use Surprise Button without ever typing in their own information. Parents choose a nickname and age band for up to five child profiles; we never learn legal identities, locations, or contact details. Your parent reports show topics explored by each nickname—never sensitive personal data.
Why Privacy Matters (And Why Most Apps Get It Wrong)
The Educational App Privacy Problem
Startling Statistics:
- 95% of educational apps collect personal data
- 58% share data with third parties
- Only 25% are COPPA compliant
- Many apps market to children while collecting behavioral data
What “Free” Educational Apps Often Do:
- Track every interaction to build profiles
- Sell aggregated data to advertisers
- Share analytics with dozens of third parties
- Use children’s engagement data to optimize ad revenue
- Create persistent IDs across apps and websites
The Reality: If an educational app is free and has no subscription, ask yourself: “If I’m not paying, what am I giving them instead?” Usually, the answer is your child’s data and attention.
The “We Don’t Sell Data” Loophole
Many apps claim “We don’t sell your data” while doing exactly that with legal technicalities:
The Game:
- “We don’t sell data; we share it with partners for mutual benefit”
- “We don’t sell data; we allow third parties to collect it”
- “We don’t sell data; we sell insights derived from data”
- “We don’t sell data; we monetize through targeted advertising”
The Reality: Your child’s information is being monetized. The method is just disguised.
Why Children Deserve Different Standards
Developmental Considerations:
- Children can’t consent to data collection
- They don’t understand privacy implications
- Profiles built in childhood follow them into adulthood
- Behavioral data can influence them unfairly
- They deserve to explore without surveillance
Legal Recognition: COPPA (Children’s Online Privacy Protection Act) and similar laws worldwide recognize that children need special protections. Companies must get verifiable parental consent before collecting data from children under 13.
Many apps avoid this by claiming they’re not “directed at children” despite obvious child audiences. This legal loophole lets them collect data without parental consent.
How Surprise Button Works (Technically)
The Anonymous Exploration Model
When Your Child Uses Surprise Button:
-
They select their explorer profile
- Parents create up to five explorer profiles (nickname + age band only)
- Kids tap their nickname—no passwords or additional details required
-
They explore content
- Content is served according to the age band saved in that profile
- We log which nickname explored each topic so your nightly summary is accurate
-
You receive a summary
- Email shows topics explored per nickname
- Time spent on each topic
- Natural conversation starters
- No legal names, addresses, or sensitive identifiers are ever included
The Key Difference: We only know the nickname you chose and the age band you selected. There are no behavioral, advertising, or third-party profiles built around your child—just the minimum information needed for your family reports.
What Data Flows Where
On the iPad:
- Age band stored locally (you selected during setup)
- Topics explored stored temporarily
- Daily summary prepared
- Sent to parent email address
On Our Servers:
- Parent email address (for sending summaries)
- Account subscription status
- Parent-created child profile nickname, age band, and profile UUID (up to five explorers)
- Aggregated, anonymized usage data for improving the app
- No advertising identifiers or third-party profiles
Not Stored Anywhere:
- Legal names, precise age, birthday, or school details
- Home address or location data
- Photos, videos, or recordings
- Advertising device identifiers
- Browsing patterns beyond current session
- Behavioral comparisons between children
COPPA Compliance Explained
COPPA requires companies to:
- Post a clear privacy policy
- Get verifiable parental consent before collecting data from children under 13
- Give parents control over data collection
- Protect children’s information
- Limit data collection to what’s necessary
How Surprise Button Complies:
1. Clear Privacy Policy
- Available at surprisebutton.com/privacy
- Written in plain language
- Regularly updated
- No hidden clauses
2. Verifiable Parental Consent
- Parents create the account with email verification
- Payment requires adult credit card
- Children never enter any personal information
- Parents provide nicknames and age bands; no direct data entry from children
3. Parental Control
- Parents can delete accounts anytime
- Can request data export
- Can modify age bands
- Can cancel with immediate data deletion
4. Data Protection
- Encrypted transmission (HTTPS)
- Secure server storage
- No third-party analytics on children
- Regular security audits
5. Data Minimization
- We collect only what’s needed (topics explored, time spent)
- No “just in case” data collection
- No long-term behavioral profiling
- Children remain known only by the nickname parents choose
FERPA Compliance for Homeschoolers
FERPA (Family Educational Rights and Privacy Act) protects student educational records. While primarily for schools, the principles matter for educational apps:
Student Record Protection:
- We don’t create “student records” in the FERPA sense
- No grades, assessments, or performance data stored
- No identification beyond parent-chosen nickname and age band
- Parents control all information
Educational Context:
- Topics explored aren’t “educational records”
- No data shared with schools or institutions
- Family data stays within the family
- No third-party access to learning information
What Actually Happens to Your Data
Parent Email Address
Collected: Yes, when you create an account
Used For:
- Sending daily discovery summaries
- Account recovery
- Important app updates
- Payment confirmations
- Nothing else
Shared With:
- No one. Ever.
- Not sold to marketers
- Not shared with partners
- Not included in any analytics
Your Control:
- Unsubscribe anytime
- Change email address
- Delete account entirely
- Export your data
Topics Explored
Collected: Yes, to create your daily summaries
Used For:
- Generating parent email summaries
- Showing you conversation starters
- Understanding what interests your children
- Improving content recommendations for your family
NOT Used For:
- Advertising
- Profiling individual children
- Selling to third parties
- Building behavioral profiles
Data Storage:
- Stored securely on our servers
- Encrypted in transit and at rest
- Automatically deleted when you cancel subscription
- No permanent archive
Your Control:
- Request data export
- Delete specific discovery records
- Delete entire account
Payment Information
Collected: Subscription status from Apple (via App Store billing)
Actually Stored by Us:
- Subscription status (active, trial, canceled)
- Renewal date
- Apple transaction identifier
Handled by Apple (not us):
- Full payment details
- Billing address
- Transaction history
Why Apple:
- PCI DSS compliant (highest payment security standard)
- Built-in family purchase controls and receipts
- We never see or store your card information
- Apple manages refunds and payment disputes
Your Control:
- Manage the subscription in Settings → [your name] → Subscriptions
- Cancel anytime before renewal
- Request payment history directly from Apple
Age Band Selection
Collected: Yes, you choose one when setting up
Used For:
- Showing age-appropriate content only
- Matching developmental stage
- Ensuring safety and appropriateness
NOT Used For:
- Identifying specific children
- Building age-based profiles
- Marketing
- Anything beyond content selection
Your Control:
- Change age band as children grow
- Switch between age bands for multiple children
- No permanent record of “which child is which age”
Aggregated, Anonymized Analytics
What We Track (Anonymously):
- Which topics are popular across all users
- Which content gets most engagement
- Technical errors and bugs
- App performance metrics
Why:
- Improve content selection
- Fix technical issues
- Understand what families find valuable
- Prioritize new features
Cannot Be Used To:
- Identify individual families
- Track specific children
- Build personal profiles
- Target advertising
Example: We might see “500 families explored volcano content this month” but never “The Johnson family’s 8-year-old daughter spent 47 minutes on volcanoes”
What We’re Doing Differently (and Why)
No Advertising = No Surveillance
Why Most Apps Track Extensively: They need to serve targeted ads. To do that, they need to know:
- What you like
- What you click
- How long you engage
- What you buy
- Who you are
Why Surprise Button Doesn’t: We have no ads. Ever. So we have zero incentive to track behavior, build profiles, or monetize attention.
Our Revenue Model:
- You pay a subscription
- We provide a service
- That’s it
Simple, ethical, aligned.
No Third-Party Analytics on Children
Common Practice: Most apps include Google Analytics, Facebook Pixel, or similar trackers. These tools:
- Track every interaction
- Build behavioral profiles
- Follow users across apps and websites
- Share data with advertisers
- Create persistent IDs
Our Practice:
- No Google Analytics on child-facing parts of the app
- No Facebook tracking
- No advertising IDs
- No cross-app tracking
- No third-party cookies
We Only Use:
- First-party analytics (what happens in our app only)
- Anonymized, aggregated data
- Technical error reporting (to fix bugs)
- Nothing beyond the nickname and age band parents provide
No Social Features = No Risk
The Social Media Problem: Apps with chat, comments, or social features create risks:
- Exposure to strangers
- Cyberbullying potential
- Inappropriate content from other users
- Pressure to share personal information
Surprise Button:
- Completely solo experience
- No chat or comments
- No friend lists
- No user-generated content
- No contact with other children
Your Child Interacts With:
- Curated educational content only
- Nothing else
Parent-Managed Profiles, No Behavioral Tracking
The Profile Problem: Apps that build deep child profiles often accumulate:
- Learning patterns across years
- Interest evolution and inferred preferences
- Performance metrics tied to identities
- Behavioral predictions that can be monetized
That depth of data becomes valuable—and tempting to sell or share.
Surprise Button Approach:
- Parent-created child profiles store nickname, age band, and a profile UUID (up to five explorers)
- No behavioral scores, advertising segments, or third-party sharing
- Topic history rolls off after 30 days unless the parent exports it
- Parents can delete profiles or the entire account at any time
What We Remember:
- Your parent email
- Child profile nickname + age band
- Last 30 days of topics per profile (for the nightly summaries)
- Current subscription status
What We Don’t Remember:
- Legal names, addresses, or precise ages
- Interest histories older than 30 days
- Behavioral predictions or advertising attributes
- Comparisons between different families or children
Transparency in Action
You Can Request:
1. Data Export
- Email us: hi@surprisebutton.com
- We’ll send everything we have within 30 days
- It won’t be much (just topics explored, dates, times)
2. Data Deletion
- Cancel your subscription
- Request immediate deletion
- We comply within 48 hours
- Permanent and complete
3. Privacy Questions
- Ask anything about our practices
- Get honest, direct answers
- No legal runaround
- Real person responds
Regular Privacy Audits
We Commit To:
- Annual third-party security audits
- Regular review of data practices
- Updating privacy policy when changes occur
- Notifying users of any material changes
We Publish:
- Privacy policy (surprisebutton.com/privacy)
- Terms of service (surprisebutton.com/terms)
- COPPA compliance documentation (surprisebutton.com/coppa)
- This transparency blog post
How We’re Different from Big Tech
Google/YouTube Kids
They Track:
- Video watch history
- Search queries
- Device information
- Location (if enabled)
- Cross-app behavior (Google ecosystem)
They Use It For:
- Targeted recommendations
- Advertising (even on “Kids” platforms indirectly)
- Building behavioral profiles
- Cross-device targeting
Surprise Button:
- No watch history profiles
- No search queries (no search feature)
- No device information
- No location tracking
- No cross-app ecosystem
Amazon FreeTime/Kids+
They Track:
- All content consumption
- Device usage patterns
- Purchase behavior
- Family relationships
- Detailed profiles per child
They Use It For:
- Upselling more content
- Recommending purchases
- Optimizing for engagement
- Building Amazon customer profiles
Surprise Button:
- No consumption optimization
- No purchase recommendations
- No family profiling
- No engagement maximization
- Simple subscription, no upsells
ABCmouse/Adventure Academy
They Track:
- Detailed learning progress
- Performance metrics
- Time on task
- Completion rates
- Curriculum mastery
They Use It For:
- Curriculum effectiveness
- Marketing proof (“Results!”)
- Selling to schools
- Parent upsells
Surprise Button:
- No performance tracking
- No mastery metrics
- No grades or scores
- No pressure to complete
- Discovery, not assessment
Questions Parents Ask
Q: If you don’t track my child, how do you send me summaries?
A: We track which explorer profile (nickname + age band) is active so your summary is accurate. We don’t collect legal names or personal identifiers—just the nickname you chose and the topics explored.
Q: How do you improve the app without tracking users?
A: We use aggregated, anonymized data (“500 users explored this topic”) and direct parent feedback. We don’t need individual behavioral profiles to make the app better.
Q: What if I have multiple children using the same account?
A: You can create up to five explorer profiles. The nightly email is grouped by nickname (e.g., “Ava explored Volcano basics”), making it easy to tailor conversations.
Q: Can law enforcement or government request my child’s data?
A: There’s almost no data to request. Topics explored and times aren’t legally interesting. We don’t have location, communications, or personal details. If legally required, we comply with valid requests, but there’s genuinely not much to provide.
Q: What happens to data if Surprise Button is sold or goes out of business?
A: Our privacy policy requires:
- Notifying users of any ownership change
- Maintaining privacy commitments under new ownership
- Offering data deletion before any transfer
- Or, if we close, deleting all user data
Q: How is this different from “anonymous” tracking most apps claim?
A: Most apps anonymize by removing names but keep everything else (behavioral patterns, interests, device IDs). They can still target and profile “Anonymous User 847392.” We collect far less data—just the nickname and age band you provide—so the experience stays genuinely private.
Q: Do you use AI to analyze my child’s behavior?
A: No. We use AI to curate and review content safety, not to analyze your child. Topics are selected randomly within age-appropriate bounds, not through behavioral prediction.
Our Privacy Principles
1. Data Minimalism Collect only what’s necessary. If we don’t need it, we don’t collect it.
2. Purpose Limitation Data collected for summaries is used for summaries. Not for marketing, not for analytics, not for anything else.
3. Transparency Explain clearly what we do and why. No hiding behind legal jargon.
4. User Control Your data, your control. Export it, delete it, modify it.
5. Security First Protect data with encryption, secure servers, and regular audits.
6. No Surprise Changes If privacy practices change, we notify you clearly and give you the option to leave.
7. Children Come First When in doubt, protect privacy more, not less. Children’s rights to exploration without surveillance matter.
The Technical Details (For Privacy Nerds)
Data Encryption:
- TLS 1.3 for all data transmission
- AES-256 encryption for stored data
- Encrypted backups
- Secure key management
Server Security:
- Hosted on AWS (SOC 2 Type II certified)
- Regular security patches
- Access logging and monitoring
- Minimal access privileges
- Two-factor authentication for team
Third-Party Services We Use:
- Apple (Sign in with Apple, subscription billing, in-app purchases)
- AWS (secure hosting)
- Cloudflare (edge protection and Zaraz-managed analytics with pseudonymous data)
- Twilio SendGrid (email delivery for summaries)
We Don’t Use:
- Google Analytics (on child-facing app)
- Facebook Pixel
- Advertising networks
- Cross-app tracking SDKs
- Social media integrations
Data Retention:
- Active accounts: Topics from last 30 days
- Canceled accounts: Immediate deletion
- Payment records: 7 years (tax law requirement, held by Apple)
- Email address: Until you delete account
Compare Before You Trust
Before downloading any educational app, ask:
-
Does it require my child’s personal information?
- Name, birthday, school, location?
- Red flag if yes
-
Does it have advertising?
- If yes, it’s tracking to serve targeted ads
- “Age-appropriate ads” still requires behavioral tracking
-
What’s the business model?
- Free = you’re the product
- Subscription = clearer incentives
-
What does the privacy policy actually say?
- Read it (we know, it’s painful)
- Look for data sharing, third parties, advertising
-
Does it create child profiles?
- If yes, what exactly is stored?
- Nickname + age band only is reasonable
- Red flag if behavioral or advertising data is attached
-
Who owns the company?
- Big tech subsidiary? (More likely to monetize data)
- Independent? (Easier to maintain privacy commitment)
- Public company? (Shareholder pressure to monetize)
-
Can I easily delete data and account?
- Should be simple and immediate
- If difficult, they value data over privacy
Our Commitment to You
We Promise:
- Children will always use Surprise Button without sharing sensitive personal information
- We will never sell or share data
- Privacy will never be sacrificed for profit
- Changes will be transparent and opt-in
- You can delete everything, anytime
We Can’t Promise:
- Perfect security (nothing is 100% secure)
- Zero data collection (some is necessary for the service)
- That other apps will follow our example
But We Commit:
- To minimize data collection
- To protect what we do collect
- To be honest about practices
- To put children first
Try Surprise Button Risk-Free
7-Day Free Trial:
- Full access to all features
- Managed through the Apple App Store (Apple ID required)
- Cancel anytime before day 7 to avoid charges
- Complete data deletion if you cancel
Start your trial: surprisebutton.com/contact
Questions about privacy? Email us: hi@surprisebutton.com
We’re not a faceless corporation. We’re parents who built the tool we wanted for our own kids. Your trust matters to us.
Last updated: October 21, 2025 Privacy Policy: surprisebutton.com/privacy COPPA Compliance: surprisebutton.com/coppa