ManaChat

Privacy Policy

Child‑first, privacy‑first. This page explains what data we collect, how we use it, and your rights.

Effective date: 2025‑08‑21

Who we are

ManaChat is a child‑friendly chat app where kids can talk to fictional characters powered by AI. The app is operated by LolaLand ("we", "us"). This policy explains what data we collect, how we use it, how we protect it, and your rights.

Summary (plain language)

  • We don’t build a social network: chats are between your child and an AI character.
  • We keep data minimal: a nickname, optional age range, local chat history on device, and technical data for app operations, safety, analytics, crashes, and ads.
  • No personalized ads for kids: we show only child‑appropriate, non‑personalized ads and tag the app for COPPA.
  • Local first: chat history is stored on the device; you can clear it in the app.
  • Transient processing: messages are sent to our serverless AI function to generate replies; we do not maintain a cloud database of chat histories.

Scope

This policy applies to ManaChat on iOS, Android, and the web (if available). Regional laws we align with include COPPA (US), GDPR/UK GDPR (EU/UK), ePrivacy, CCPA/CPRA (California), PIPEDA (Canada), LGPD (Brazil), and other applicable laws.

Age requirements and child protection

  • ManaChat is designed for children. We implement measures to comply with COPPA and similar child‑privacy laws.
  • We do not knowingly collect more personal information than is reasonably necessary to participate in the app.
  • We do not show behaviorally targeted advertising to children. Ad requests are child‑directed and limited to general audiences with non‑personalized ads.
  • Parents/guardians can contact us to exercise rights or request deletion.

What we collect

We collect and process the following categories of data:

1) Information you or your child provides

  • Nickname or first name (e.g., "Explorer").
  • Optional age or age range (if you choose to provide it for content suitability).
  • Chat messages typed in the app.
  • In‑app settings and preferences.

2) Information collected automatically

  • App identifiers (random session ID generated in‑app), app version, device model, OS version, language, country/region, and basic telemetry.
  • IP address (processed by our service providers when you connect).
  • Analytics events (e.g., app start, ad events, performance) via our analytics provider (part of the Google stack).
  • Crash reports and diagnostics via our crash diagnostics provider.
  • Advertising request metadata via our advertising provider (Google stack), configured for child‑directed treatment and non‑personalized ads.
  • Security and integrity signals provided by our infrastructure provider to protect our backend from abuse.

3) On‑device storage

  • Chat history and related UI state are saved locally on your device using the app’s secure storage. You can clear this in the app.

How we use data

  • Provide and improve the service (deliver AI responses, maintain app functionality, load performance‑safe media).
  • Safety and integrity (detect abuse, ensure child‑appropriate experiences, prevent fraud and misuse).
  • Analytics and performance (understand app reliability and usage patterns to improve experience).
  • Crash diagnostics (identify and fix problems).
  • Advertising (serve only child‑appropriate, non‑personalized ads; measure delivery and frequency caps).
  • Legal compliance (comply with laws, enforce terms, respond to lawful requests).

Where processing happens and data retention

  • Our AI responses are served by serverless functions on our cloud provider (Google stack). Requests are processed in memory. We do not maintain a cloud database of chat histories.
  • Limited operational logs may be produced by our infrastructure and service providers (e.g., security and error logs). We configure logs to minimize personal data and avoid full request payloads where feasible.
  • On‑device chat history persists until you clear it in the app or uninstall the app.
  • Provider logs and analytics/crash data are retained according to provider defaults and our configuration (generally months, not years). Retention may vary by law and operational need.

Legal bases for processing (GDPR/UK GDPR)

  • Contract/necessary for service: to operate core app features (AI chat, storage on device, security).
  • Legitimate interests: service reliability, anti‑abuse, and safety (balanced with your rights and children’s protections).
  • Consent: where required for analytics or ads; for child users, we restrict ads to non‑personalized and child‑directed settings.
  • Legal obligation: to comply with applicable laws and protect users.

Advertising disclosures

  • We use a mobile ads SDK configured for child‑directed treatment and the highest family‑friendly content rating. We request non‑personalized ads only, and we do not enable interest‑based advertising for children.
  • We do not use precise location.
  • We do not sell or share personal information for cross‑context behavioral advertising.

Sharing with service providers

We share data only with service providers that help us operate the app. These providers act as processors where applicable and must protect data according to our instructions:

  • Cloud infrastructure and analytics providers (Google stack).
  • Advertising provider for non‑personalized, child‑directed ads (Google stack).
  • Mobile app distribution and operational tooling providers.

We do not sell personal data.

International transfers

If you are outside the United States, your data may be processed in the United States and other countries where our providers operate. We rely on appropriate safeguards (e.g., EU Standard Contractual Clauses) where required.

Your rights

Depending on your region, you may have the right to request: access, correction, deletion, portability, restriction, and to object to certain processing. Parents/guardians may exercise these rights on behalf of their child.

California/CPRA notices:

  • We do not sell or share personal information (as “sell” or “share” are defined by CPRA).
  • Sensitive information, if any, is used only to provide the service and protect users.
  • You may request access, correction, and deletion by contacting us.

Brazil (LGPD) and other regions

Similar rights apply, including confirmation of processing, access, correction, anonymization, blocking, deletion, portability, and information about sharing.

Controls and choices

  • Clear chat history: Use in‑app controls to clear conversations stored on the device.
  • Reset identifiers: You can reset your device’s advertising identifier in system settings.
  • Limit analytics: Depending on your device/OS settings, you may restrict analytics and ad tracking.
  • Requests: Email privacy@manachat.app with your device OS, app version, and a description of your request. We may ask for reasonable information to verify the request (parent/guardian verification for children).

Security

We use technical and organizational measures, including transport encryption (HTTPS), least‑privilege access, secure key management (e.g., Google Secret Manager), App Check verification, and provider security controls. No system is 100% secure; we continuously work to improve safeguards.

Data we do not collect or use

  • No precise geolocation.
  • No contact list, photos, microphone, or camera access for chat.
  • No social graph or public profiles.

Third‑party links

If the app links to external sites or content, their privacy practices apply to those properties.

Changes to this policy

We may update this policy to reflect changes in technology, law, or our practices. We will post updates in‑app or via release notes. Material changes will be highlighted.

Contact

Questions or privacy requests: privacy@manachat.app

If we cannot resolve your concerns, you may have the right to contact your local data protection authority.

Developer appendix (transparency)

For users and parents who want additional technical detail about processing:

  • Chat storage: Stored locally on device via AsyncStorage. Users can clear chat data in‑app.
  • AI processing: Requests sent to serverless functions on our cloud provider (Google stack) to generate responses. We avoid storing message content server‑side; limited operational logs may include metadata necessary for security and reliability.
  • Ads: Mobile ads SDK configured with COPPA/child‑directed and non‑personalized ads, family‑friendly content rating.
  • Analytics/Crash: Analytics and crash monitoring are used for functionality, performance, and stability. Identifiers are device/app‑scoped; we do not create public profiles.
  • Security: Platform‑level protections against abuse; secrets managed securely; HTTPS enforced.
© 2025 DastrixManaChat • Privacy‑First AI for Kids