Privacy Policy for OopSafe
Last Updated: April 6, 2026 | Terms of Service
Overview
OopSafe ("the App", "we", "our") is a child-safe play environment developed by Latent Divergence Studios. This Privacy Policy explains what data the App collects, how it is used, stored, and protected. We are committed to safeguarding the privacy of children and their families.
1. Children's Privacy (COPPA & GDPR-K Compliance)
This App is designed for use by children under 13 under parental supervision. We comply with:
- COPPA (Children's Online Privacy Protection Act, USA)
- GDPR Article 8 (General Data Protection Regulation, EU/UK — processing of children's data)
- AADC (Age Appropriate Design Code, UK)
We do NOT:
- Collect, store, or transmit any personal information from children
- Track, profile, or behaviourally target children
- Use persistent identifiers to track children across sessions
- Share any child data with third parties
- Allow children to create accounts, make purchases, or access external websites
- Use analytics, crash reporting, or telemetry SDKs
- Contact children directly
Our app code does NOT collect:
- Names, email addresses, phone numbers, or physical addresses
- Browsing history, search queries, or usage patterns
- Biometric data (facial recognition data is processed on-device only and immediately discarded)
- Voice recordings or audio data
Third-party SDK (Google AdMob)
The App includes the Google Mobile Ads SDK to serve advertisements to parents only (never during children's play). When ads are served, Google may collect IP address, device identifiers, device information (model, OS version, screen size), and ad interaction data (impressions, clicks). This data is collected and processed by Google, not by us. The SDK is configured with COPPA child-directed treatment, which disables personalised advertising and limits data collection. For details on Google's data practices: https://policies.google.com/privacy
2. Data Stored on Device
All data stored by our app code is kept locally on the device only. We (Latent Divergence Studios) do not operate any servers that receive, process, or store user data. The Google AdMob SDK communicates with Google's servers as described above.
| Data | Purpose | Storage Method | Transmitted? |
|---|---|---|---|
| PIN hash (SHA-256 + 16-byte random salt) | Parental access control | Android EncryptedSharedPreferences (AES-256-GCM) | Never |
| Settings (sound, age group, enabled modes) | App configuration | Android EncryptedSharedPreferences (AES-256-GCM) | Never |
| Saved drawings (.png files) | Child's artwork | App-private internal storage | Never |
| Saved photos (.jpg files) | Camera captures | App-private internal storage | Never |
| Ad display timestamp | Rate-limiting ads to parents | Standard SharedPreferences | Never |
| Session count and last session time | Parental usage visibility | EncryptedSharedPreferences | Never |
3. Advertising
The App uses Google AdMob to display interstitial advertisements to parents only, after PIN verification. Ads are never shown during children's play. Ad content is rated G (General audiences). For details on what data the AdMob SDK collects, see Section 1 above.
4. Camera and Face Detection
The App includes an optional camera mode with augmented reality face filters (hats, glasses, emoji overlays).
- Face detection runs entirely on-device using Google ML Kit's bundled on-device model
- No images, video, or facial geometry data are ever transmitted to any server, including Google's servers
- Facial landmark coordinates are used only for real-time sticker positioning and are discarded each frame
- No facial recognition, identification, or facial template storage occurs
- Photos taken by the child are saved to app-private internal storage only
- Camera permission is optional and requested during setup — the App functions fully without it
- If camera permission is not granted, the camera mode is hidden from the child's toolbar
5. Text-to-Speech
The App uses Android's built-in Text-to-Speech (TTS) engine for educational word pronunciation. Speech synthesis runs on-device using the device's default TTS engine. No text or speech data is transmitted to external servers by the App. The behaviour of the system TTS engine is governed by the device manufacturer's privacy policy.
6. Audio
All sound effects and musical tones in the App are generated algorithmically using Android's AudioTrack API (waveform synthesis). No pre-recorded audio files are loaded, streamed, or downloaded. No microphone access is used.
7. Network Usage
The App requires the INTERNET permission solely for Google AdMob ad delivery. No other network communication occurs. The App functions fully offline for all children's play modes. Network security configuration enforces HTTPS for all connections, with limited cleartext exceptions required by AdMob's ad serving infrastructure.
8. Data Deletion
Parents can delete all App data at any time through the following methods:
- In-App: Settings > Clear All Saved Data (removes all drawings and photos)
- System Settings: Android Settings > Apps > OopSafe > Storage > Clear Data (removes all data including PIN and settings)
- Uninstall: Removing the App deletes all locally stored data
Since no data is transmitted to external servers, deletion is immediate and complete.
9. Data Retention
- Drawings and photos: Retained until manually deleted by the parent or until the App is uninstalled
- PIN and settings: Retained until cleared or App is uninstalled
- Ad timestamps: Retained in standard SharedPreferences; cleared when App data is cleared
No data is retained on any external server.
10. Permissions
| Permission | Purpose | Required? | Who triggers? |
|---|---|---|---|
| INTERNET | Google AdMob ad delivery | Yes (for ads) | System (parent-side only) |
| CAMERA | Camera play mode with AR face filters | No (optional) | Parent grants during setup |
| WAKE_LOCK | Keep screen on during play | Yes | Automatic |
| DISABLE_KEYGUARD | Show app over lock screen for kiosk mode | Yes | Automatic |
11. Security Measures
- PIN is hashed using SHA-256 with a cryptographically random 16-byte salt
- Constant-time comparison prevents timing attacks against PIN verification
- PIN hash and settings stored in Android EncryptedSharedPreferences (AES-256-GCM encryption with AES-256-SIV key wrapping)
- FLAG_SECURE prevents screenshots and screen recording of the App
- App-private storage (mode 700) prevents other apps from accessing saved content
- No data is logged to Android system logs in release builds
- ProGuard/R8 code obfuscation enabled in release builds
- Exponential backoff on failed PIN attempts (up to 15-second delay)
12. Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google AdMob | Ad delivery (parent-side only) | Limited device info for ad serving | Privacy Policy |
| Google ML Kit (bundled) | On-device face detection | None (fully on-device) | Terms |
No other third-party SDKs, analytics platforms, or services are integrated.
13. International Users
The App is available in 32 languages. Regardless of location, the same privacy protections apply. We do not adjust data practices based on region — the strictest standard (no data collection, no tracking, no profiling) applies universally.
14. Parental Controls
The App includes PIN-protected parental controls for:
- Exiting the App
- Accessing settings and configuration
- Changing sound, age group, volume, and enabled play modes
- Exporting saved drawings to the device gallery
- Clearing all saved drawings and photos
- Viewing session count and last session time
Children cannot access these controls without the parent's 4-digit PIN.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this document. We recommend reviewing this policy periodically.
16. Contact Us
For privacy questions, data deletion requests, COPPA inquiries, or any other concerns:
Email: hello@latentdivergence.comWebsite: https://latentdivergence.com
Response time: We aim to respond to all privacy inquiries within 48 hours.