← Back to Home

Privacy Policy

Little Otter Reader
Version: 2026-02-22
Effective Date: February 22, 2026
Last Updated: February 22, 2026

Introduction

Little Otter Reader (“we,” “us,” or “our”) is committed to protecting the privacy of children and families who use our educational reading application. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and services located at littleotterlearning.com (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

This Service is intended for use by parents, guardians, educators, and other adults (“Parents”) to help children practice reading. We are committed to compliance with the Children's Online Privacy Protection Act (COPPA) and applicable Canadian privacy laws (PIPEDA and Quebec's Law 25).

Verifiable Parental Consent: We verify that account holders are adults through email confirmation during the signup process. Only verified adults (age 18+) may create accounts and provide information about children.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Children's Privacy (COPPA Compliance)
  4. How We Share Your Information
  5. Data Security
  6. Data Retention
  7. Your Rights and Choices
  8. Third-Party Services
  9. International Users
  10. Changes to This Privacy Policy
  11. Contact Us

1. Information We Collect

A. Parent/Guardian Account Information

When you create an account, we collect:

  • Email address (required for account creation and login)
  • Password (hashed and encrypted; never stored in plain text)
  • Account creation date and last login timestamp
  • IP address (for security and fraud prevention only)

B. Child Profile Information (Parent-Provided)

Parents create child profiles and provide:

  • Child's first name only (no last name required or requested)
  • Birth month (optional; used only for age-appropriate content recommendations)
  • Initial reading skill level (easy, medium, or hard; selected by parent)
  • Current story progression index (tracks which story to recommend next)

We do NOT collect:

  • Last names
  • Full birthdates
  • Photos or videos
  • Home addresses
  • Phone numbers
  • School names or locations
  • Any personally identifiable information beyond first name

C. Reading Session Data

When a child uses the Service, we collect:

  • Story identification (which story was read)
  • Reading mode (microphone mode or parent-assisted mode)
  • Performance metrics:
    • Total words in story
    • Number of words read correctly
    • Number of words missed
    • Accuracy score (0-10 scale)
    • Session timestamp
  • Speech transcript (only if using microphone mode; used solely for accuracy assessment)

Important Note on Audio Data:

When microphone mode is used, audio is processed in real-time for speech recognition. Raw audio files are NOT stored on our servers. Only the text transcript is retained for accuracy scoring. We may use third-party speech-to-text providers to process audio. Neither we nor any third-party providers will use audio data to train machine learning models or for any purpose other than providing the speech recognition service to you.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: create and manage accounts, deliver reading content, and track your child's progress
  • Assess and personalize: evaluate reading performance and recommend age-appropriate content
  • Communicate with you: send account confirmation, password reset emails, and important service notices
  • Maintain reliability: monitor for and diagnose application errors to improve stability and user experience
  • Prevent fraud and abuse: detect automated bots and malicious activity
  • Comply with legal obligations: respond to lawful requests and enforce our Terms of Service

We do NOT use your information for:

  • Targeted or behavioral advertising
  • Sale to data brokers or third parties
  • Training AI or machine learning models
  • Any purpose not described in this Privacy Policy

3. Children's Privacy (COPPA Compliance)

Little Otter Reader is designed for use by parents and guardians, not directly by children. We comply with the Children's Online Privacy Protection Act (COPPA).

Parental Consent and Control

  • Only parents (age 13+) may create accounts
  • Parents provide all child profile information
  • Parents control access to their child's data
  • Parents can review, modify, or delete child data at any time

We Will NEVER:

  • Sell children's information to any third party
  • Use children's data for advertising or marketing
  • Share children's data except as described in this policy
  • Require children to disclose more information than necessary
  • Track children's behavior across other websites or services
  • Allow children to publicly post or share personal information

4. How We Share Your Information

We do not sell personal information. We share data only in these limited circumstances:

  • Service Providers: We share data with third-party vendors who perform services on our behalf (see Section 8). These providers are contractually bound to use data only as directed and to protect it appropriately.
  • Legal Requirements: We may disclose information if required by law, regulation, or valid legal process (such as a court order or subpoena). We will notify you of such requests to the extent permitted by law.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity under the same privacy protections. We will notify you of any such change.
  • Protection of Rights: We may disclose information when necessary in good faith to protect our rights, your safety, or the safety of others, or to investigate fraud.
  • Aggregated Data: We may share anonymized, aggregated data that cannot reasonably identify any individual (for example, aggregate reading performance statistics).

We will NEVER share children's personal information with advertisers, data brokers, or any third party for commercial purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • Encryption in transit: All data transmitted via HTTPS/TLS
  • Encryption at rest: Database and file storage encrypted
  • Password security: Passwords hashed using bcrypt (never stored in plain text)
  • Access controls: Role-based access with least privilege principle
  • Data isolation: Logical user data isolation at the database level ensures family data cannot be accessed by other users

Data Breach Notification

In the event of a data breach that affects your personal information or your child's information, we will notify affected users without unreasonable delay and as soon as feasible, in accordance with applicable legal requirements.

6. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

  • Account data (email, password hash): retained while your account is active; deleted within 30 days of a verified account deletion request
  • Child profile data: retained while your account is active; deleted upon account closure
  • Reading session data: retained while your account is active; deleted upon account closure
  • Contact form submissions: retained for up to 1 year to allow us to follow up on inquiries
  • Error logs (via Sentry): retained for 90 days per Sentry's default retention policy

To request deletion of your account and associated data, contact us at privacy@littleotterlearning.com. We will process verified requests within 30 days.

7. Your Rights and Choices

Canadian Residents (PIPEDA and Quebec Law 25)

If you are a Canadian resident, you have additional rights under PIPEDA and applicable provincial laws:

  • Right to access personal information we hold about you
  • Right to challenge the accuracy and completeness of your information
  • Right to request correction of inaccurate information
  • Right to withdraw consent (results in account deletion)

Privacy Officer: We have designated a Privacy Officer responsible for overseeing compliance with privacy laws and handling privacy-related inquiries. You may contact our Privacy Officer at privacy@littleotterlearning.com.

Quebec Residents: If you are a Quebec resident, you have additional rights under Quebec's Law 25, including enhanced transparency requirements and the right to file complaints with the Commission d'accès à l'information du Québec.

8. Third-Party Services

We use the following third-party service providers to operate the Service. Each provider has access only to the data necessary for their specific function and is contractually bound to protect it.

Supabase (database, authentication, file storage)

  • Data shared: account credentials, child profile data, reading session data
  • Location: United States (AWS infrastructure)
  • Privacy policy: supabase.com/privacy

Cloudflare (bot protection)

  • Data shared: IP address and browser signals for bot detection only; not linked to your account
  • Location: United States
  • Privacy policy: cloudflare.com/privacypolicy

Resend (transactional email)

  • Data shared: email address and email content (account confirmation, password reset)
  • Location: United States
  • Privacy policy: resend.com/privacy

Sentry (error monitoring)

  • Data shared: error messages, stack traces, browser type and version, operating system, page URL at time of error
  • NOT shared: child names or identifiers, audio data, session recordings
  • We configure Sentry to not automatically attach IP addresses or HTTP request bodies to error reports
  • Location: United States
  • Privacy policy: sentry.io/privacy

Web Speech API (speech recognition)

  • When microphone mode is used, speech recognition is handled by your browser's built-in Web Speech API. Audio processing may be performed by your browser vendor (for example, Google Chrome).
  • We do not currently use third-party cloud speech-to-text services.
  • No raw audio is transmitted to or stored on our servers.

9. International Users

The Service is operated from and hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

Canadian Residents: Additional rights and protections under PIPEDA and Quebec's Law 25 are described in Section 7.

We do not actively market the Service outside of the United States and Canada. If you choose to access the Service from another country, you do so at your own discretion and are responsible for compliance with applicable local laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy at littleotterlearning.com/privacy with a new effective date
  • Notify you by email at the address associated with your account
  • Where required by applicable law, obtain your renewed consent before changes take effect

Your continued use of the Service after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree to an updated policy, you must stop using the Service and may close your account by contacting privacy@littleotterlearning.com.

Previous versions of this policy are archived and available upon request.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@littleotterlearning.com
Response Time: We will respond to privacy requests within 30 days.

For COPPA-Related Inquiries

Parents with questions about children's privacy or COPPA rights should contact us at the email above with the subject line: “COPPA Inquiry.”

Version: 2026-02-22 | Last Updated: February 22, 2026