Status: Legal document — implementation-aware
Effective Date: April 2026 · Last Updated: April 2026
Contact: support@joggmini.mokingbird.xyz
Jogg Mini is a product of MokingBird Oy, a company registered in Finland, European Union, operating under the brand name Mokingbird. In this Privacy Policy, "Jogg Mini", "we", "our", and "us" refer to MokingBird Oy.
Jogg Mini is a privacy-focused, gamified AI and machine learning learning application designed for children and young learners ages 5–15, their parents or guardians, and teachers.
This Privacy Policy explains what information we collect and why, how different user types (children, teens, parents, teachers, guests) are handled, the legal bases on which we process personal data, your rights as a user, parent, or guardian, how we protect data, how data is shared, retained, and deleted, and how we comply with COPPA and GDPR.
This policy applies to data collected through the Jogg Mini mobile app (iOS and Android), Jogg Mini web services, and Supabase-backed authentication and data services used by Jogg Mini.
Children under 13 may use portions of Jogg Mini without an authenticated account (guest mode). For account-linked features, children under 13 cannot create their own account. A parent or legal guardian must register and create the child's profile. All child data is collected and managed through the parent account.
Data collected for children under 13 (provided by parent): First name, age, grade level and education system (US, UK, India, IB), avatar or profile styling choice, learning progress: XP, stars, gems, streaks, world completion, quiz history, and parental control settings linked to the child profile.
We do not collect from children under 13: last name or surname, email address, phone number, home or postal address, GPS or network-based location, contacts, calendar, photos, camera, or microphone data, or advertising identifiers.
Eligible teens may self-register using supported sign-in methods. COPPA does not apply at age 13+. However, we apply strong privacy protections to this age group.
Data collected for teens: Name (from sign-in provider), email address (from sign-in provider), age (entered during registration), and learning progress: XP, stars, levels, quiz history, streaks.
Parents register using Google, Apple, or email and password. Data collected for parents: Full name, email address, authentication credentials (managed via Supabase Auth), 6-digit parent PIN (hashed before storage), subscription status and tier, optional phone number, notification preferences, and list of linked child profiles.
Where a parent purchases a subscription, a Stripe customer ID is associated with the account. We do not store full payment card numbers — Stripe processes all payments under their own PCI-DSS standards.
Teachers register using Google, Apple, or email and password. Data collected for teachers: Full name, email address, school or institution name (optional), classroom and quiz organisation data, quiz participation and result records, and school subscription metadata where applicable. Teachers do not receive parent account credentials or household-level account management rights.
No personal information is collected from guests. Guest progress is stored locally on the device in encrypted local storage. It is not transmitted to our servers, and it is not retained if the app is uninstalled.
As described per user type in Section 4 above.
| Data | Purpose |
|---|---|
| Questions answered (correct / incorrect) | Progress tracking and educational reporting |
| Time spent per session | Parental controls, usage monitoring |
| XP, levels, stars, gems | Gamification and progression display |
| Streak records | Habit formation features |
| Badges and achievement unlocks | Gamification records |
| World completion status | Learning journey tracking |
| Quiz participation and results | Parent/teacher reporting |
We collect limited technical data to maintain app quality: crash and error reports (if crash reporting is enabled in the active deployment), feature usage analytics (if analytics is enabled in the active deployment), device-side app state for offline continuity, and network connectivity state relevant to sync behaviour.
We may collect anonymised, aggregated analytics to improve the app and question quality: question difficulty and accuracy rates (aggregate, not per-user), feature usage patterns (anonymised), and app session statistics (not linked to individual users). This data cannot be traced back to individual users and is never sold.
Jogg Mini does not collect: GPS location or network-based location, device contacts or calendar, camera or microphone content, social media connections, advertising identifiers (IDFA, GAID) for ad targeting, behavioural data for third-party advertising profiles, or direct under-13 child email registration data.
Jogg Mini uses Supabase-backed authentication. Depending on user type, sign-in may involve Supabase email/password authentication, Google Sign-In (OAuth 2.0), or Apple Sign-In (OAuth 2.0). When a user chooses Google or Apple login, those providers process identity information under their own privacy policies. Jogg Mini receives only the information needed to create and maintain the user's account.
We do not use data for targeted or behavioural advertising, building user profiles for third-party advertisers, sharing with social networks, or marketing to children.
| Legal Basis | When It Applies |
|---|---|
| Performance of a contract | To provide the app and services the user has requested |
| Legitimate interests | To secure, maintain, and improve the service; fraud prevention; analytics |
| Consent | For parent-managed child data; certain communications; optional features |
| Legal obligation | Where processing is required by law (e.g., tax records, legal compliance) |
For under-13 child accounts, parental involvement and parental consent are central to the product design. Where consent is the basis for processing, users may withdraw consent at any time.
Jogg Mini is an ad-free product. We do not display advertisements to any user, include mobile advertising SDKs, use child data to serve third-party ads, sell user information to data brokers or advertisers, or build advertising profiles based on user behaviour. Monetisation of Jogg Mini is based solely on voluntary subscriptions and one-time purchases.
Jogg Mini is designed with COPPA-oriented principles:
Parents may:
To exercise rights, use available in-app account/settings controls or contact: support@joggmini.mokingbird.xyz.
| Right | Description | How to Exercise |
|---|---|---|
| Access | Receive a copy of personal data we hold | In-app tools where available, or email support@joggmini.mokingbird.xyz |
| Rectification | Correct inaccurate personal data | In-app profile controls where available, or email us |
| Erasure | Request deletion of your account and associated personal data | In-app delete controls where available, or email us |
| Restriction | Request restriction of certain processing | Contact support@joggmini.mokingbird.xyz |
| Data portability | Request portable data where legally applicable | In-app export tools where available, or email us |
| Object | Object to processing on legitimate interests grounds | Contact support@joggmini.mokingbird.xyz |
| Lodge a complaint | Complain to a supervisory authority | Contact your national Data Protection Authority |
We do not sell personal data to third parties.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication (EU-hosted) | All account data |
| Stripe or app-store billing partners | Payment/subscription processing where paid features are offered | Billing-related account metadata (card details are not stored by us) |
| Analytics providers (if enabled) | Product analytics | Usage events configured to avoid unnecessary personal data |
| Crash-reporting providers (if enabled) | Reliability and error diagnostics | Error/diagnostic payloads configured to minimise personal data |
| Google (OAuth) | Sign-in authentication | OAuth token only |
| Apple (OAuth) | Sign-in authentication | OAuth token only |
We may also disclose personal data if required by applicable law, regulation, court order, or legal process, or in connection with a corporate restructuring, acquisition, or merger subject to equivalent data protections.
All user data is stored on Supabase infrastructure hosted in the European Union. Supabase has a Data Processing Agreement (DPA) with MokingBird Oy ensuring GDPR-compliant data handling.
Our security approach includes: optional biometric authentication for app access, 4-digit app PIN (optional, device-side), PIN and credential hashing for relevant backend-stored secrets, secure local storage for sensitive lock/auth secrets, encrypted HTTPS/TLS transport, JWT tokens with automatic refresh (PKCE OAuth flow where configured), PostgreSQL Row-Level Security (RLS) — each user sees only their own data, and role-separated access controls (parent, teacher, child-profile scopes).
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required by GDPR Article 33 and notify affected users without undue delay where the breach is likely to result in high risk to their rights and freedoms.
We retain personal data for as long as reasonably necessary to operate the service, meet legal obligations, resolve disputes and enforce agreements, and support accounting and tax record requirements.
When an account or child profile is deleted, personal data is deleted according to operational deletion workflows and legal retention constraints. Anonymised, aggregated data (not traceable to individuals) may be retained indefinitely for quality improvement. Billing records may be retained as required by accounting/tax law.
MokingBird Oy is registered in Finland and primarily operates EU infrastructure. If your data is processed outside the European Economic Area (EEA), we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission and Data Processing Agreements with providers certified for cross-border transfers.
Given that Jogg Mini primarily serves children, we implement protections beyond standard privacy practices:
We may update this Privacy Policy to reflect product changes, legal requirements, or security improvements. When we do, we will update the "Last Updated" date, notify registered users via in-app notification for material changes, and for changes that materially affect how we handle children's data or parental consent, we may require re-consent before continuing to provide the service.
MokingBird Oy
Privacy Officer
Email: support@joggmini.mokingbird.xyz
Website: https://joggmini.mokingbird.xyz
For EU data protection enquiries or to lodge a complaint, you may also contact your national Data Protection Authority (DPA). In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).
| Child <13 | Teen 13–15 | Parent | Teacher | Guest | |
|---|---|---|---|---|---|
| First name | ✓ (via parent) | ✓ | ✓ | ✓ | ✗ |
| ✗ | ✓ | ✓ | ✓ | ✗ | |
| Age | ✓ (via parent) | ✓ | ✗ | ✗ | ✗ |
| Quiz progress | ✓ | ✓ | ✗ | Quiz results only | Local only |
| Location | ✗ | ✗ | ✗ | ✗ | ✗ |
| Ads shown | ✗ | ✗ | ✗ | ✗ | ✗ |
| Data sold | ✗ | ✗ | ✗ | ✗ | ✗ |