Zero Ads, Zero Data Selling: How We Built a Privacy-First Kids App
Amal and Thurayya are completely ad-free, COPPA-compliant, and never sell or share children's data. Voice recordings from speech recognition are processed in real-time and immediately discarded — never stored. The apps use no third-party advertising SDKs, no behavioral tracking for ad targeting, and no in-app purchases that children can accidentally trigger. Revenue comes entirely from parent subscriptions.
Our Privacy Architecture
No Advertising SDKs
Most free apps include these SDKs for monetization:
- Google AdMob
- Facebook Audience Network
- AppLovin
- Unity Ads
We include none. Our app bundle contains zero advertising code.
// pubspec.yaml (Flutter dependencies)
dependencies:
flutter:
sdk: flutter
# ✓ Learning, auth, content
riverpod: ^2.0
flutter_riverpod: ^2.0
google_cloud_speech: ^0.20
rive: ^0.12
firebase_auth: ^4.0
# ✗ NO AdMob, no Unity Ads, no ad SDKs
Speech Audio Handling
When a child speaks for pronunciation practice:
Child speaks: "كتب"
↓
[Device STT] (on-device, no upload)
Audio → recognized text → discarded immediately
↓
[Cloud STT] (optional, for accuracy)
Audio file → sent to Google Cloud
↓
Google STT processes audio
↓
Audio file is deleted from Google servers
Only result (text + timestamps) is returned to app
↓
[App receives results]
Audio is never stored in app
Audio is never sent anywhere else
Result is used for immediate feedback
↓
[Session ends]
No audio recording exists
Code enforcement:
# src/services/stt_client.py
from google.cloud import speech_v1
import io
def recognize_speech(audio_bytes):
client = speech_v1.SpeechClient()
audio = speech_v1.RecognitionAudio(content=audio_bytes)
config = speech_v1.RecognitionConfig(
encoding=speech_v1.RecognitionConfig.AudioEncoding.LINEAR16,
sample_rate_hertz=16000,
language_code='ar-SA',
)
# Process audio
response = client.recognize(config=config, audio=audio)
# Extract results
transcription = response.results[0].alternatives[0].transcript
# ⚠️ CRITICAL: Audio bytes are never written to disk
# ⚠️ CRITICAL: Audio bytes are not stored in database
# ⚠️ CRITICAL: Audio is garbage-collected after this function
return transcription
COPPA Compliance Details
The Children's Online Privacy Protection Act (COPPA)
Federal law (US) governing apps for children under 13. Amal and Thurayya comply fully:
Requirement 1: Parental Consent
- Feature: Parent creates account with email verification
- Parent receives consent email: "I agree my child may use Amal"
- Parent clicks confirmation link
- Only then can child's account be created
Requirement 2: Minimal Data Collection
- Data collected: age, learning progress, pronunciation scores
- Data NOT collected: home address, phone number, social media handles, precise location
- Parent can view all data via dashboard
Requirement 3: No Social Features
- ✗ No messaging between children
- ✗ No public profiles
- ✗ No commenting on user content
- ✗ No sharing to social media (feature exists for parent share only)
Requirement 4: No Third-Party Selling
- We don't sell child data to advertisers
- We don't share data with marketing firms
- We don't build profiles for targeting
Requirement 5: Data Deletion
- Parent can request account deletion
- All child data deleted within 30 days
- No backup copies, no "soft delete"
Revenue Model: Subscriptions, Not Attention
| Model | Revenue | Incentive | Conflict |
|---|---|---|---|
| Ads | CPM (~$5-10 per 1000 views) | Keep child on app as long as possible | Learning vs. engagement |
| Subscription | $6.99-11.99/month | Parent satisfaction + learning outcomes | Parent satisfaction = child learning |
We succeed when children learn, not when they watch ads.
Pricing
Monthly: $6.99 USD (~€6.50, £5.99, ₹599)
Yearly: $67.99 USD (~40% discount)
Families (2-3 children): Same price, one subscription
Trial: 14 days free (no credit card required)
Why Parents Prefer This
- No surprise in-app purchases (common complaint: child accidentally buys $99 gem pack)
- No ads interrupting learning
- No tracking for ad targeting
- Transparent billing
Business Model Alignment
Ads-based app:
Parent happiness ← → Child learning
(opposite goals)
Subscription app:
Parent happiness ← → Child learning
(same goal)
When revenue comes from parents, we optimize for parent + child satisfaction, not engagement metrics.
Privacy Audits
We undergo third-party security audits annually:
- SOC 2 Type II: Controls over data security and availability
- GDPR compliance: Privacy policy, data deletion, consent
- COPPA compliance: Kids privacy review (via lawyers, not automated)
- Penetration testing: External security firm attempts to breach systems
Audit Results (latest: 2026-03)
- Zero findings (no critical issues)
- 2 minor findings (logging configuration, quickly fixed)
- Zero data breaches in company history
FAQ
Q: If you don't sell data, how do you know which features work? A: Analytics! We track learning outcomes, not identities. We see "45% of children struggle with emphasis consonants" without knowing who "Mary from Seattle" is. Anonymized aggregate data drives product decisions.
Q: What if I'm from outside the US? Does COPPA still apply? A: COPPA is US law, but our policy is global. Every child is treated as if COPPA applies, regardless of location. International parents get the same privacy protections as US parents.
Q: Can I export my child's data? A: Yes. Parent dashboard has "Download Data" button. You get a CSV with all of your child's progress, scores, and learning history. You own your child's data.
