Privacy Policy

Last updated: 9 December 2025

Controller/Processor:
AdaptaIQ Sp. z o. o.
ul. Domaniewska 47/10
02-672 Warsaw, Poland
KRS: 0001188086
NIP (PL Tax ID): 5214128792
REGON: 542448991

Operating product: Kidaro

Contact emails:

1. Who we are and how you can contact us

This Privacy Policy explains how we, AdaptaIQ Sp. z o.o., process personal data in connection with Kidaro.

Kidaro helps parents understand how their child learns through AI-generated insights and reports. This Privacy Policy explains how we collect, use, share, and protect personal data when a parent or legal guardian uses the Kidaro Service and when a parent provides information about their child.

Children do not create accounts. Parents or legal guardians create and control the account, provide consent, and manage all related choices.

Email for privacy matters: privacy@adaptaiq.com

If you have questions about this Policy or about how we handle personal data, you can contact us at the email address above. We aim to respond without undue delay and to resolve issues in a professional way.

2. Scope of this Policy

This Policy applies when you use the Kidaro website or any Kidaro pages operated by AdaptaIQ, join our waitlist or newsletter, complete Kidaro assessments, or contact us about the Service.

It does not apply to:

Third party websites or apps that may be linked from Kidaro
Services provided by schools or organisations that use Kidaro under separate agreements, where those entities may act as controller for their own use of data

Kidaro is designed for use by parents and legal guardians. Children may participate in an interview or assessment with adult supervision, but they do not create their own accounts on Kidaro and we do not offer Kidaro directly to children.

3. Key terms

In this Policy:

“Service” means the Kidaro website and assessment tools.
“Parent” means a parent or legal guardian who uses Kidaro on behalf of a child.
“Child” the child whose learning data is provided by the parent.
“Personal data” information identifying a person
“Controller/Processor” means the entity that decides why and how personal data is processed.

4. Data we collect

We group the personal data we process into several categories. The exact data we collect depends on how you use Kidaro.

4.1 Parent account and contact details

When you sign up for Kidaro, join the waiting list, or contact us, we may collect:

Name and surname
Email address
Password or other login credentials if an account is created
Communication language and country of residence
Your relationship to the child (for example, parent or legal guardian)
Any other details you choose to include in messages sent to us

4.2 Child related information

Kidaro is designed to help parents understand how their child learns. To do this, we process information about the child, for example:

First name or nickname
Age, year at school, and languages spoken
Daily routines related to sleep, homework, and screen time
Patterns of attention, motivation, emotional regulation, and working memory
Learning preferences and what tends to help or overload the child
Context about school environment and home environment
Parent observations and open ended descriptions

In future versions of the Service, and only with parental consent, we may also invite the child to answer simple questions using age-appropriate and child-safe formats.

We may also receive information about learning differences or special educational needs, but only if you choose to share it. We do not require this information for every family and you can always decide how much detail to provide.

We do not ask children to provide their own contact details or payment information through Kidaro.

Importantly:

We do not use identifiable information about your child for advertising, remarketing, or building advertising profiles.
We do not send marketing communications directly to children.

4.3 Technical and usage data

When you use Kidaro, we automatically collect certain technical information, for example:

Device type, operating system, browser type and version
IP address and general location derived from IP address (for example city or country)
Referring pages, pages visited, time and date of your visit, time spent on each page
Interaction events such as clicks, scrolls, and form submissions
Basic error and performance data, for example which requests failed

We use this data to keep the Service secure, maintain performance, and improve the user experience.

4.4 Communications and preferences

If you contact us or opt in to communications, we process:

The content of your messages and our replies
Support tickets and related diagnostic information
Newsletter and waitlist preferences
Records of your consent to receive marketing communications and your opt out choices

4.5 Payment and transaction data

If you purchase a Kidaro product or service, we process:

Billing name and contact details
Country, currency, and value added tax (VAT) or tax related information where applicable
Limited payment card details such as card type and last four digits (full card numbers are handled by our payment provider and not stored by us)
Transaction identifiers, amounts, dates, and status

We use established payment processors to handle card data securely.

4.6 Cookies and similar technologies

We use cookies and similar technologies on the Kidaro website and in the Service. Some cookies are strictly necessary for the Service to work. Others, such as analytics cookies, are used only with your consent, where required by law.

For more details about the cookies we use, please see our Cookie Notice, which we may provide separately on the website.

5. Why we use data and our legal bases

We process personal data only when we have a legal basis to do so. Under EU and UK data protection laws, these bases include contract, consent, legal obligation, and legitimate interests.

5.1 Providing the Kidaro Service

We use your data to:

Create and manage your access to Kidaro
Deliver the Learning Phenotype Summary and related reports
Remember your progress and settings
Provide customer support and respond to requests

Legal bases:

Performance of a contract or steps taken at your request before entering into a contract
Legitimate interests, for example to provide and maintain an effective and reliable Service

5.2 Learning Phenotype Summary and child Child-Related Insights

We use the parent’s responses and child-related information to:

Analyse patterns across key learning related areas such as readiness and wellbeing, focus, emotional regulation, motivation, working memory, and thinking style
Generate the Learning Phenotype Summary and related visual or narrative explanations
Present practical suggestions to parents in age-appropriate and parent-oriented language

Some information you may choose to share about your child can be considered special category data, for example information about health, neurodiversity, or special educational needs.

For such information, our legal basis is your explicit consent. You can withdraw this consent at any time by contacting us. If you do so, we may no longer be able to provide parts of the Service that rely on that information.

5.3 Improvement, research, and development

We use both technical data and, where possible, pseudonymized or aggregated data to:

Understand how the Service is used and where families may get stuck
Improve question wording and flows in the interview
Test new features and models, including AI-based components
Produce statistics that do not identify individuals

Where practical, we remove direct identifiers or use aggregated data for these purposes.

Legal basis: Legitimate interests, namely our interest in improving and developing Kidaro while protecting the privacy of our users.

5.4 Communications and marketing

We use your contact details to:

Send service messages such as confirmations, security alerts, and important updates
Inform you about new Kidaro features, content, or events
Keep waiting list subscribers engaged with relevant news while we prepare the next release

Legal bases:

Performance of a contract, for essential service messages
Legitimate interests, where permitted by law, for example to send information about similar services you have already used
Consent, where local law requires consent for electronic marketing, and for any optional newsletters where you actively opt in

You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us.

We do not send marketing communications directly to children.

5.5 Security and fraud prevention

We use personal data, in particular technical and log data, to:

Maintain the security and integrity of the Service
Detect and prevent fraud, abuse, or misuse
Investigate incidents and respond to legal requests from authorities where applicable

Legal bases:

Legitimate interests, namely our interest in keeping the Service safe and protecting users and our infrastructure
Compliance with legal obligations

6. Use of cookies and similar technologies

We use:

Strictly necessary cookies, for example, to keep you logged in or to remember cookie choices
Functional cookies, for exampl,e to remember language or display settings
Analytics cookies, to understand how visitors use the site and to improve Kidaro
Communication and feedback tools, for example to help us respond to your questions

Where required by law, analytics and similar cookies are only used with your consent, which you can withdraw or change at any time through the cookie banner or settings.

7. Children’s privacy and parental consent

Kidaro is built for parents and legal guardians. Children may take part in an interview or interactive questions, but always under the responsibility of the parent or guardian.

Key points:

We rely on the parent or guardian to provide consent for any processing of child related data in Kidaro.
We do not knowingly allow children to create Kidaro accounts, manage payments, or receive marketing communications.
If we learn that a child has provided personal data through Kidaro without the knowledge of a parent or guardian, we will take reasonable steps to delete the data or to obtain parental consent.

As a parent or guardian, you control what information about your child is shared with Kidaro and you can contact us at any time to ask questions or exercise rights on your child’s behalf.

8. How we use AI and AI transparency

Kidaro uses AI tools to analyse parent responses and help generate reports.

We limit the data sent to AI providers and require them not to use it for training general AI models.

Kidaro insights are informational only and not medical, psychiatric or psychological diagnoses.

9. How we share personal data

We do not sell personal data. We share personal data only as described below and when we have a legal basis to do so.

9.1 Service providers (processors)

We use carefully selected service providers to operate Kidaro. These may include:

Hosting and cloud infrastructure providers
Database and storage providers
AI infrastructure and model hosting providers
Email and communication tools
Payment processors
Analytics and error monitoring tools
Customer support tools

These providers only process personal data on our documented instructions, must protect it using appropriate security measures, and are not allowed to use it for their own independent marketing.

For child related data, we share information only with service providers that help us operate Kidaro, run AI processing, provide infrastructure, or support communications with you. We do not sell child data and we do not share it with schools or other third parties for their own purposes without your explicit consent.

We do not use identifiable child data for advertising or for building advertising profiles.

9.2 Optional experts and advisors

If you choose any optional feature that involves review by a psychologist or a similar expert, that expert will be bound by contractual confidentiality obligations and will only access the data needed for that review.

9.3 Legal and safety reasons

We may disclose personal data to third parties if we believe it is reasonably necessary to:

Comply with applicable law, legal process, or lawful requests from public authorities
Enforce our terms and protect the rights, privacy, safety, or property of AdaptaIQ, our users, or the public
Detect, prevent, or otherwise address fraud, security, or technical issues

9.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of all or a portion of our business, personal data may be transferred as part of that transaction, subject to standard confidentiality safeguards and applicable law.

10. International transfers and hosting

Some providers may process data outside your country.

For users in the European Economic Area or the United Kingdom:

Where we transfer personal data to a country that does not have an adequacy decision from the European Commission or the UK government, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses and, where relevant, the UK addendum or UK data transfer agreement.
We also use additional safeguards where appropriate, for example technical measures and contractual protections.

You can contact us for more information about the safeguards we use for international transfers.

11. Data retention

We keep personal data only for as long as we need it for the purposes described in this Policy, unless a longer period is required or permitted by law. In particular:

Parent account and contact data is kept while you have an active relationship with Kidaro and for a period after that, typically up to 24 months, to manage our relationship, keep records, and handle potential queries or disputes.
Child related data and Learning Phenotype outputs are kept while you actively use the Service and, by default, for up to 12 months after your last meaningful activity so that you can revisit or update your child’s profile. You can ask us to delete this data earlier, subject to any legal obligations that require us to keep certain records.
Payment and transaction records are kept for the period required under tax, accounting, and financial regulations, which is usually several years.
Technical logs and security records are typically kept for up to 12 months unless a longer retention period is needed for security investigations or to meet legal requirements.

When we no longer need personal data and are not required to keep it, we will delete it or anonymise it so that it no longer identifies any individual.

When you ask us to delete or correct data, we aim to act without undue delay and in any event within one month, unless a different timeframe is allowed or required by law.

12. Your rights

You may request access, correction, deletion, restriction, objection, or portability of your data.

Where processing is based on consent, you may withdraw it at any time.

Parents or legal guardians can exercise these rights on behalf of their child.

To exercise your rights, please contact us at privacy@adaptaiq.com and describe your request clearly. For your protection, we may need to verify your identity and your relationship to the child before acting on your request.

If you live in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority. For example, in Poland the authority is the President of the Personal Data Protection Office.

We would, however, appreciate the chance to address your concerns before you approach a regulator, so we encourage you to contact us first.

13. Security

We use technical and organisational measures such as encryption, access controls, backups, and monitoring to protect data.

If a breach creates high risk, we will notify you as required by law.

14. Third party links

Kidaro may link to external websites. Their privacy practices are independent of ours.

15. Changes to this Policy

We may update this Policy from time to time.
If changes are material, we will notify you in a reasonable way.

The “Last updated” date at the top of this Policy shows when it was most recently revised. If you continue to use the Kidaro Service after a revised Policy takes effect, you are deemed to have accepted the updated Policy.

16. How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of personal data, you can contact us at:

Email: privacy@adaptaiq.com

Postal address:
AdaptaIQ Sp. z o.o.
ul. Domaniewska 47/10
02-626 Warsaw
Poland