← Back to TumbleKeys

Privacy Policy

Nothing from your child. The bare minimum from you. No tracking, no selling, no ads.

Last updated May 11, 2026

The Gist

We don’t collect anything from your kid. We collect the bare minimum from you (the parent) to make purchases work and unlock emails arrive. No tracking, no selling, no ads. The product is designed so the toy never needs to know anything about your child — and we structured the company so we’d never have a reason to want to.

This policy is written in real human English because TumbleKeys’ whole pitch is that it’s the kind of product where you don’t have to worry about what’s being captured behind the scenes. A boilerplate cover-our-backs privacy policy would undermine that. So this one is honest and specific.

What we collect from your child

Nothing. Ever.

That’s not marketing copy — it’s an architectural fact. To be specific:

  • No video is recorded. The toy has no camera access; we never ask for it.
  • No photos of any kind are uploaded. The “Save scene” feature for cumulative themes saves to your device’s Photos library locally — the image never touches our servers.
  • No audio is recorded. The toy plays sound but doesn’t listen. We don’t request microphone access.
  • No keystrokes leave the device. What your kid types is processed in their browser and discarded. Smash counts are stored in their browser’s localStorage, not on our servers.
  • No behavioral profile. We don’t build a model of what your kid likes, dislikes, or does. There’s nothing to build it from.

The free version of TumbleKeys works fully offline after the first visit, which is the simplest proof of this: the toy isn’t phoning home, because it doesn’t need to.

What we collect from you, the parent

Only at the point of purchase, and only what’s technically necessary:

  • Email address. Collected by Stripe at checkout (we don’t see your card details). After the purchase webhook fires, we store the email in our license database so we can send you the unlock magic link and recover access if you ever lose your device.
  • License metadata. A randomly generated license key (UUID), the tier you bought (Pass / Business), the purchase date, and the status (active / refunded / revoked). Stored in our Supabase database.
  • Server logs. Standard web-server access logs (IP address, user agent, request path) recorded by our hosting provider, kept for roughly 30 days, used for fraud prevention and debugging. We don’t correlate them with your purchase record unless we’re actively investigating abuse.

That’s the entire list. We don’t ask for your name, your kid’s name (the one you can optionally set in the parent panel stays on your device), your address, or anything beyond an email.

What we explicitly don’t collect

No third-party advertising trackers. No Facebook Pixel. No Google Analytics with personal identifiers. No fingerprinting libraries. No cross-site tracking cookies. No marketing automation pixels. No session replay tools that watch what your cursor does.

If you load TumbleKeys with browser DevTools open and watch the network tab, the only third-party calls you’ll see are to Stripe (during checkout), Supabase (during license verification), Resend (the email service when triggered server-side, invisible to you), Vercel (our host), and PostHog (anonymized product analytics — described below). That’s it.

Analytics — PostHog, anonymized

We use PostHog to measure things like “how often does someone hit Start” or “what percentage of sessions trigger a milestone celebration.” The data is anonymized: no personal identifiers, no email associations, no IP storage beyond what PostHog needs for rate-limiting.

You can opt out of analytics entirely by enabling Do Not Track in your browser settings, or by using a privacy extension like uBlock Origin. We respect the Global Privacy Control header where supported. If GPC is present, we don’t initialize PostHog at all.

Cookies and local storage

We don’t set any classic tracking cookies. What we do store, in your browser’s localStorage (which never leaves your device):

  • License token — a signed JWT that proves you bought the Pass, so you stay unlocked across visits without logging in.
  • App settings — the theme you picked, sound on/off, parent-panel preferences, your kid’s name if you set one, smash counts and personal-best records.
  • Bedtime banner dismissal — so we don’t nag you twice in one evening.

You can clear all of it by clearing your browser’s site data for tumblekeys.com. The site will work fresh after that; you can recover your Pass by tapping the magic link in the original purchase email (or via the “Lost access?” form in the parent panel).

Service providers (sub-processors)

The minimum infrastructure to run a paid product on the modern web:

  • Stripe — handles payments. They see your card details; we don’t.
  • Supabase — hosts our license database. Stores email + license key + tier + status. Service-role access only; no public reads.
  • Resend — sends the unlock magic link email. Receives your email address at send-time only.
  • Vercel — hosts the application. Records standard server logs.
  • PostHog — anonymized product analytics, opt-out via DNT or GPC.

Each is a separate company under its own privacy terms (links above). They’re bound by data-processing agreements with us, but they’re still independent organizations and you should know they exist.

Children’s privacy (COPPA)

TumbleKeys is designed for use by children, but the only person we ever interact with directly is the parent buying the Pass. We do not knowingly collect personal information from any child under 13 (or any age) because the product is architected to never need any.

If you’re a parent who’s discovered that a child somehow provided data we shouldn’t have (we can’t think of a way this would happen, but email us if it does), email hello@tumblekeys.com and we’ll investigate and delete anything we find within 30 days.

Your rights

You can request:

  • Access — a copy of everything we have associated with your email.
  • Deletion — full removal of your record from our database. Note this also revokes any active license attached to that email.
  • Export — a portable copy of your data in JSON.
  • Correction — fixing any field that’s wrong (e.g. the email on your purchase).

Email hello@tumblekeys.com with what you want. We’ll respond within 30 days, typically within a few business days.

These rights are explicitly required by the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR). We offer them to everyone regardless of where you live because that’s the right call.

Data retention

  • License records are kept while your Pass is active, plus 90 days after refund or revocation (for audit + dispute purposes). After that, they’re deleted.
  • Server logs are kept ~30 days, then purged.
  • Anonymized analytics aggregates (no individual associations) may be kept indefinitely.

If you delete your account, all of the above is purged on the next retention sweep.

International transfers

TumbleKeys is operated from the United States. If you’re in the EU, UK, Canada, or another jurisdiction with stricter rules, your data is transferred to and processed in the US. Our sub-processors (Stripe, Supabase, Vercel, etc.) may use additional regions; their privacy policies cover that.

Changes to this policy

When this policy changes, we’ll update the “Last updated” date at the top. For material changes that affect paying customers, we’ll also email you so you don’t miss it.

Contact

Privacy questions, data requests, or feedback on this policy: hello@tumblekeys.com.