Ziggy Privacy Policy

Effective date: November 10th, 2025
Controller: Kobu LLC ("Kobu", "we", "us", "our")
Contact: ziggy@kobuapps.com
Postal address: 8 The Green, Suite 24486, Dover, DE 19901, USA

This Privacy Policy explains how Kobu LLC collects, uses, discloses, and protects personal information when you use Ziggy (the "App") and our websites or communications related to the App (together, the "Services"). By using the Services, you agree to this Policy. If you do not agree, please do not use the Services.

We designed this Policy to be clear and readable. If anything is unclear, contact us at ziggy@kobuapps.com.

1) Who we are (controller)

Kobu LLC is the data controller for the App. Our contact details are above. We are based in the United States and provide the Services worldwide. We have not appointed an EU/UK representative at this time; users in the EEA/UK may contact us directly at the email address listed above. (We will update this Policy if that changes.)

2) Who may use the App; Children’s privacy (COPPA)

  • Only adults (18+) may create an account and manage a household in the App.

  • Adults may create child profiles and manage child use. Children do not provide an email address to sign in.

  • We collect only limited child information (see Section 3).

  • We do not sell or share any personal information for advertising.

  • Parents/guardians can review, correct, or delete a child’s information by emailing ziggy@kobuapps.com and/or using in‑app tools.

3) Information we collect

We collect information you provide to us during use of the App. The categories include:

A. Account & device information (all users)

Device identifiers (e.g., mobile device ID), operating system and app version, IP address and coarse location inferred from IP, time zone, session/security logs, and notification tokens. These items are collected automatically as part of normal app operation.

B. Adult account holder information (provided by the adult)

Name, family role, email address, authentication credentials (hashed password or similar), and communication choices. Optional for communications with pilot users: a phone number.

C. Child profile information (created by the adult)

Child first name or nickname, age, chosen avatar, and family role. Children do not provide an email address or other external identifier to create an account.

D. In‑App data (usage‑generated)

Information generated by your household’s use of the App and stored in your account (for example chores, rewards, records of activity, progress, configurations or settings, and related timestamps). The specific in‑App data elements may change as we add features.

E. Diagnostics & analytics

Crash logs, performance data, and analytics events (e.g., feature usage and funnel metrics) to improve stability and usability.

F. Communications & support

Content of messages you send to us (email or in‑app), scheduling details, and metadata related to onboarding calls. For WhatsApp pilot communications, we store your phone number and membership state; we do not ingest or analyze your message content in WhatsApp.

G. Website & cookies

If you visit our websites, we may use cookies or similar technologies for basic analytics and performance.

Not collected at this time: photos, audio, or video uploads by users. If we introduce media uploads later, we will update this Policy.

4) How we use information (purposes)

We use information to:

  • Provide, operate, and secure the App and its features (e.g., chore scheduling, approvals, points, rewards, leaderboards, notifications).

  • Create and manage household accounts and profiles.

  • Send operational communications (e.g., confirmations, updates, reminders) and push notifications.

  • Provide onboarding, support, and troubleshooting.

  • Analyze usage and improve the App’s performance, safety, and user experience.

  • Enforce terms, prevent misuse or fraud, protect safety and rights, and comply with law.

  • For email lists and pilot programs, send updates you opt into (you can opt out anytime).

5) Lawful bases for processing (GDPR/UK GDPR)

For users in the EEA/UK, our legal bases include:

  • Contract: to provide the Services you request.

  • Legitimate interests: to secure and improve the Services, prevent fraud, and support customer service (balanced against your rights).

  • Consent: where required (e.g., marketing communications or certain cookies).

  • Legal obligation: to comply with applicable laws and respond to lawful requests.

6) How we share information

We do not sell personal information. We share it only with:

  • Service providers (processors) that help us operate the Services under contracts that limit their use:

    • Supabase and its infrastructural service providers (database, authentication)

    • Amplitude (product analytics)

    • Expo services (push notifications and over‑the‑air updates)

    • Microsoft 365/Outlook (email communications)

    • WhatsApp (optional broadcast channel for pilots; governed by WhatsApp’s own terms and privacy policy)

  • Legal reasons: to comply with law, court orders, or to protect rights, safety, and security.

  • Business transfers: in connection with a merger, acquisition, or asset sale (we will continue to protect your information and give notice of changes).

No sale or “sharing” for cross‑context behavioral advertising (CPRA). We do not sell personal information or share it for targeted advertising as defined under California law.

7) International data transfers

We store data in the United States. If you are in the EEA/UK or other regions with data protection laws, we transfer your information to the U.S. using appropriate safeguards, such as the EU Standard Contractual Clauses (SCCs) and the UK international data transfer addendum, where applicable. You can contact us for more details.

8) Data retention

We retain account and household data while the account is active. If you delete your account or request deletion, we will delete or anonymize personal information within 30 days, subject to lawful retention needs (e.g., security logs, fraud prevention, or legal obligations). Routine encrypted backups and server logs may persist for the duration of our rotation and purging windows.

9) Your choices and rights

  • Access, correction, deletion, and export: You can request a copy of your data, ask us to correct it, delete it, or provide a portable export. Email ziggy@kobuapps.com to make a request.

  • Marketing opt‑out: You can opt out of marketing emails via the unsubscribe link or by contacting us. Push notifications can be controlled in device settings.

  • California/US state privacy (CCPA/CPRA and similar laws): Residents may request access/know, correction, deletion, and to opt out of sales/sharing (we do not sell/share). We will not discriminate against you for exercising your rights.

  • EEA/UK: You may have additional rights (restriction, objection) and the right to lodge a complaint with a supervisory authority.

  • Appeals: If we deny your request, you may appeal by replying with the subject line “Privacy Request Appeal”. We will review and respond within 45 days.

Verifying requests. We may ask for information to verify your identity before responding.

10) Security

We use technical and organizational measures including encryption in transit and at rest, access controls based on least privilege, monitoring, secure development practices, and regular backups. No system is perfectly secure; please use strong passwords and keep them confidential.

11) Cookies and similar technologies

We use cookies and similar technologies for basic site functionality and analytics. You can control cookies through your browser settings. We do not use third‑party advertising cookies.

12) WhatsApp community (pilot phases)

Participation in our WhatsApp community is optional. We collect and use your phone number only to deliver low‑volume announcements (typically a few per week) or to respond to messages you send us. Message content is governed by WhatsApp’s terms and privacy policy. You can leave the community at any time and/or ask us to delete your phone number from our lists.

13) Payments

There are no payments during the current testing phase. If we introduce subscriptions or in‑app purchases later, we will update this Policy and, where required, obtain consent or provide additional notices.

14) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide advance notice (typically 30 days) via the App, email, or our website. Your continued use of the Services after the effective date means you accept the updated Policy.

15) Governing law and language

This Policy is governed by the laws of the State of Delaware, USA, without regard to conflicts of law. The English version of this Policy controls.

16) Contact us

Questions or requests? Email ziggy@kobuapps.com or write to:
Kobu LLC
8 The Green, Suite 24486
Dover, DE 19901, USA

Region‑specific disclosures

California (CCPA/CPRA): We do not sell or share personal information for cross‑context behavioral advertising. We disclose categories of personal information to service providers for business purposes as described above. You may exercise your rights as described in Section 9. We do not offer financial incentives tied to your data.

EEA/UK (GDPR/UK GDPR): Our legal bases are listed in Section 5. You may lodge a complaint with your local data protection authority. If we appoint an EU or UK representative, we will update this Policy with their contact details.

Children (COPPA): The adult account holder provides consent for the creation of child profiles and controls the child’s use of the App. Parents can review or delete a child’s information by contacting us at ziggy@kobuapps.com.