PlaySprig
Start free

Children's Privacy Policy

Last updated: March 11, 2026

For parents — the short version

  • We collect only a username, password (hashed), age, and your email — no real names, photos, or child email.
  • There are no ads, no trackers, and no data sold to third parties. Games run in a secure sandbox.
  • You can review, delete, or revoke consent for your child's account at any time by emailing hello@playsprig.com.

PlaySprig ("we," "us," or "our") operates the PlaySprig platform at playsprig.com (the "Service"), an AI-powered game creation platform designed for children. We are committed to protecting the privacy of children who use our Service. This Children's Privacy Policy explains our practices regarding the collection, use, and disclosure of personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act ("COPPA") and its implementing regulations.

This policy should be read alongside our general Privacy Policy, which applies to all users of the Service. Where this Children's Privacy Policy conflicts with the general Privacy Policy, this policy controls with respect to children under 13.

1. Information We Collect from Children

We collect the minimum amount of information necessary to provide the Service. We collect the following categories of personal information from children under 13:

Information provided at registration

  • Username — A self-chosen screen name used to identify the child's account. We encourage children to choose a username that does not reveal their real name.
  • Password — Stored in hashed form. We never store or have access to plaintext passwords.
  • Age — We ask for the child's age (not date of birth) to determine whether parental consent is required. This is stored as an integer, not a birthdate.
  • Parent or guardian email address — Provided by the child at registration so we can contact the parent to obtain verifiable parental consent. This email belongs to the parent, not the child.

Information generated through use of the Service

  • Game projects — Code, game assets, and project metadata created by the child using the Service.
  • AI prompts and responses — Text prompts the child submits to our AI game generation feature, and the corresponding generated output. These are logged for service improvement, abuse prevention, and safety monitoring.
  • Usage data — Basic usage information such as number of AI generations used per day, project creation dates, and account status changes. We do not track browsing activity across other websites.

Information we do NOT collect from children

  • Real name or full legal name
  • Date of birth (only age as an integer)
  • Physical address or geolocation
  • Phone number
  • Photographs, video, or audio of the child
  • The child's own email address (under-13 accounts do not require a child email)
  • Social media identifiers or contacts
  • Persistent identifiers for behavioral advertising purposes

2. How We Use Children's Information

We use personal information collected from children exclusively for the following purposes:

  • To provide the Service — Enabling the child to create, save, and run game projects, and to use the AI game generation feature.
  • To authenticate the child — Verifying the child's identity when they log in to their account.
  • To obtain parental consent — Contacting the parent or guardian via email to obtain verifiable parental consent as required by COPPA.
  • To enforce rate limits and prevent abuse — Tracking usage counts to enforce per-account generation limits and detect automated abuse.
  • To ensure child safety — Monitoring AI prompts and generated content to prevent inappropriate content generation and to maintain a safe environment.
  • To improve the Service — Analyzing aggregate, de-identified usage patterns to improve the AI generation quality and user experience. We do not use children's personal information for this purpose in an individually identifiable manner.

We do not use children's personal information for behavioral advertising, profiling, or any purpose unrelated to the provision of the Service.

3. Disclosure of Children's Information

We do not sell, rent, or trade children's personal information. We disclose children's personal information only in the following limited circumstances:

  • Service providers — We share data with third-party service providers who perform services on our behalf, solely to the extent necessary for them to perform those services. These include:
    • Anthropic (AI generation — processes prompts and generates game code)
    • Resend (email delivery — sends parental consent and account emails)
    • Stripe (payment processing — processes parent payment information only; children's personal information is not shared with Stripe)
    • Cloud hosting providers (infrastructure — stores encrypted data)
  • Legal requirements — We may disclose personal information if required to do so by law, regulation, legal process, or enforceable governmental request.
  • Safety — We may disclose personal information if we believe in good faith that disclosure is necessary to protect the safety of a child or the public.

4. Parental Consent

We obtain verifiable parental consent before collecting personal information from children under 13, as required by COPPA. Our consent process works as follows:

  1. When a child under 13 creates an account, they are asked to provide a parent or guardian's email address.
  2. We send an email to the parent or guardian explaining what information we collect, how we use it, and providing a clear link to this privacy policy.
  3. The parent can click "I Approve" to give consent, or "I Did Not Authorize This" to deny consent and deactivate the account.
  4. During the 48-hour consent window, the child's account is in a "pending consent" state. The child may use the Service during this period.
  5. If the parent does not respond within 48 hours, the account is automatically deactivated and access is revoked. This is enforced in real time — the child cannot continue using the Service past the 48-hour window even if they remain logged in.

We use email-based consent confirmation, which is an FTC-approved method of obtaining verifiable parental consent. When a parent subsequently provides a credit card for a paid subscription, the credit card transaction serves as additional verification of parental consent.

5. Parental Rights

Parents and legal guardians of children under 13 have the following rights under COPPA:

  • Right to review — You may review the personal information we have collected from your child by contacting us at the address below.
  • Right to deletion — You may request that we delete all personal information we have collected from your child. Upon receiving a verified request, we will delete your child's account and all associated data, including game projects, AI request logs, and usage records.
  • Right to refuse further collection — You may refuse to permit further collection or use of your child's information. If you exercise this right, your child's account will be deactivated.
  • Right to revoke consent — You may revoke your consent at any time by contacting us. Revocation of consent will result in deactivation of the child's account.

We will not condition a child's participation in the Service on the child disclosing more personal information than is reasonably necessary to participate in the Service.

6. Data Retention and Deletion

  • Active accounts — We retain personal information for as long as the child's account is active and parental consent remains in effect.
  • Expired consent — If parental consent is not obtained within 48 hours of account creation, the account is deactivated and all associated data is scheduled for deletion.
  • Denied consent — If a parent denies consent, the account is immediately deactivated. The child may attempt to log in again, which will trigger a new reactivation email to the parent. If the parent does not reactivate the account, all data is scheduled for deletion.
  • Deletion process — When an account is deleted, we remove all game projects, project revisions, AI request logs, and the account record itself. Deletion is logged for compliance audit purposes, but the log contains only the username, parent email, account creation date, and reason for deletion — not the content of any projects or prompts.

7. Security

We implement reasonable security measures to protect children's personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • All data is transmitted over HTTPS (TLS encryption in transit).
  • Data is encrypted at rest.
  • Passwords are stored using industry-standard one-way hashing (bcrypt).
  • All user-generated game code runs in a sandboxed environment isolated from our servers and other users.
  • Access to personal information is restricted to authorized personnel on a need-to-know basis.

8. Advertising and Tracking

We do not display any advertising on the Service. We do not use third-party advertising networks or ad trackers. We do not engage in behavioral advertising or interest-based advertising directed at children. We do not use persistent identifiers to track children across websites or online services for advertising purposes. We do not share children's personal information with advertisers.

9. Third-Party Links and Services

The Service does not contain links to third-party websites directed at children. Games created on the platform run within a sandboxed environment and cannot navigate the child to external websites. If we add links to third-party services in the future, we will update this policy and obtain parental consent as required.

10. Changes to This Policy

If we make material changes to this Children's Privacy Policy, we will notify parents via the email address on file before the changes take effect. We will obtain new parental consent if changes involve the collection, use, or disclosure of children's personal information in a manner materially different from what was disclosed at the time consent was obtained.

11. Contact Us

If you have questions about this Children's Privacy Policy, wish to exercise your parental rights, or need to report a concern about your child's privacy, please contact us:

PlaySprig Privacy Team

Email: hello@playsprig.com

We will respond to all verified parental requests within 30 days.