← Back to Tooki

Privacy Policy

Last updated: February 2026

1. Introduction

Welcome to Tooki! Tooki is a platform designed to help parents and caregivers keep their children engaged with educational and fun activities during meetings and other moments that require focused attention. We take your family's privacy very seriously — especially when it comes to children's data.

This Privacy Policy describes how we collect, use, store, and protect your information when you use the Tooki app. By creating an account and using our services, you agree to the practices described in this document.

2. What Data We Collect

2.1 Account Data (Parent / Guardian)

  • Email address and password (authentication via Supabase)
  • Parent or guardian name
  • Language preference (English, Portuguese, or Spanish)
  • Optional PIN to protect Kids Mode exit
  • Research-survey email preference — whether you have agreed to receive occasional product-feedback surveys by email. You can change this at any time in Edit Profile.

2.2 Child Profile Data

  • Child's name
  • Child's age or age range
  • Interests and preferences selected during onboarding

2.3 Usage Data

  • Generated activities and ratings (1 to 5 stars)
  • Activity progress (completed steps)
  • Screen time tracking data
  • Saved activity history

2.4 Third-Party Integration Data

  • Google Calendar access upon explicit OAuth authorization (read-only)
  • Anonymous analytics data via Google Analytics (optional, when enabled)

3. Tooki Screen Check — Chrome Extension

Tooki Screen Check is an optional Chrome browser extension that helps parents track what their children watch on streaming platforms. Below we describe how this extension collects and handles data.

3.1 What the Extension Does

  • The extension uses content scripts that run exclusively on Disney+ and Netflix to detect what content is being watched
  • It does not access, monitor, or collect any browsing history or data from any other websites or services

3.2 Data Collected by the Extension

  • Show or movie title currently being watched
  • Episode information (season and episode number, when applicable)
  • Duration of the viewing session
  • Streaming platform (Disney+ or Netflix)
  • Timestamps of when content was watched

3.3 How Data Is Transmitted

  • Viewing data is synced to Tooki's servers every 5 minutes via encrypted HTTPS connections
  • Data is linked to the parent's Tooki account through a secure pairing code system — the parent generates a code in the Tooki app and enters it in the extension to establish the connection

3.4 Control and Deletion

  • The extension can be disconnected at any time from the extension popup or from Tooki's Screen Check page in the app
  • All collected viewing data can be reviewed and deleted by the parent at any time through the Tooki app
  • Uninstalling the extension immediately stops all data collection

4. How We Use Your Data

We use the information collected solely to:

  • Create and manage your account and family profile
  • Generate personalized activities for your child based on age, interests, and meeting duration using AI (Claude, by Anthropic)
  • Display Google Calendar events to suggest activities at the right time
  • Save activity history and ratings to improve future recommendations
  • Track your child's screen time to support parental control
  • Provide multilingual support tailored to your family's profile
  • Continuously improve our services based on aggregated, anonymous usage data

We do not use your data for advertising purposes, and we do not sell it to third parties.

5. Data Sharing with Third Parties

Tooki uses trusted third-party services to operate the platform. We share data only to the extent necessary for the services to function:

Supabase: Database and authentication — secure storage of profiles, activities, and progress, with Row Level Security (RLS) enabled on all tables.
Anthropic: Claude Haiku API — child profile data (name, age, interests, and language) is sent to generate personalized activities; Anthropic does not retain this data beyond what is required to process the request.
Google: Calendar OAuth and Analytics — Calendar access is granted only upon explicit user authorization; Google Analytics, when enabled, collects usage data anonymously.
Vercel: Application hosting and deployment infrastructure.
PostHog (US): Product feedback surveys hosted on PostHog's US infrastructure. Used to collect optional, parent-provided feedback to help us improve Tooki. We do not record children's screens through PostHog. You can dismiss any survey, and responses can be deleted on request.

We do not share personally identifiable information with advertisers or other third parties without your explicit consent.

6. Children's Data Protection

Tooki is a parent-controlled application. Accounts are created and managed exclusively by adult guardians. We do not collect data directly from children — all information about the child is provided by the guardian during onboarding.

We do not allow children to create accounts, register, or interact with features that involve direct collection of personal data. Kids Mode is a closed, controlled experience accessible only via a PIN set by the guardian.

If we identify that data has been collected from minors without proper parental consent, we will remove that information immediately. Please contact us at contato@tooki.app.

7. Storage and Security

  • All data is stored in Supabase with encryption in transit (HTTPS/TLS) and at rest
  • Row Level Security (RLS) ensures each user can only access their own data
  • Passwords are managed by Supabase Auth with secure hashing and are never stored in plain text
  • The Kids Mode PIN is stored securely within the user profile
  • Language preferences are persisted in localStorage on the user's device

We follow security best practices, but no system is completely invulnerable. We recommend using strong, unique passwords.

8. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by emailing contato@tooki.app. Upon request, we will remove your data within 30 days, unless legal obligations require us to retain it for a longer period.

9. Your Rights

In accordance with applicable data protection laws (including GDPR and LGPD where applicable), you have the right to:

  • Access the personal data we hold about you and your family
  • Correct inaccurate or outdated data (available directly in the app via profile editing)
  • Request deletion of your data
  • Withdraw consent for data processing at any time
  • Data portability in a structured format
  • Revoke Google Calendar access directly in your Google Account settings

To exercise any of these rights, please contact us at contato@tooki.app.

10. Cookies and Local Storage

Tooki uses browser localStorage to persist language preferences between sessions. We do not use tracking or advertising cookies. Google Analytics, when enabled, may use anonymous analytics cookies to understand usage patterns — you can disable this in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect product improvements or changes in applicable law. When we make significant changes, we will notify you by email or in-app notice before the changes take effect. The date of the last update will always be indicated at the top of this document.

Continued use of Tooki after changes are made constitutes your acceptance of the revised policy.

12. Contact

If you have any questions, concerns, or requests related to your privacy, please reach out to our team:

  • Email: contato@tooki.app
  • Website: www.tooki.app

We will do our best to respond within 5 business days.

Tooki — Making every meeting a learning opportunity