← Back to Yoce

Privacy Policy

Last updated: 8 May 2026 · Version 2026-05-08-v5

For kids: we wrote a separate kid-friendly version that explains everything in plain language.

Yoce Ltd. (“Yoce”, “we”, “us”) operates a family rewards and chat app for parents and their children. We take your family's privacy seriously, especially children's data. This policy explains what we collect, how we use it, who can see it, how long we keep it, and the rights you have over it.

Yoce is designed for use by families that include children under 13. We comply with the U.S. Children's Online Privacy Protection Act (COPPA), the EU and UK General Data Protection Regulations including the heightened protections for children (GDPR-K), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA).

Our most-protective standard

Children's privacy laws differ across countries (the age of digital consent ranges from 13 in the UK to 16 in Germany / Netherlands; COPPA in the US; GDPR-K in the EU; state-specific rules in the US). Rather than apply different rules in different places, Yoce applies the strictest applicable standard from any jurisdiction we serve, to every family worldwide. That means: parental consent is always required for any child added (regardless of age), audio recordings are always treated as GDPR Article 9 special-category data, behavioural advertising and analytics are permanently disabled on every kid surface, retention windows match the shortest required period, and consent can always be withdrawn without deleting the account. We do this so a kid's privacy doesn't depend on the country they happen to live in.

1. Who we are and how to reach us

Yoce Ltd. is the “operator” under COPPA and the “data controller” under GDPR. Our contact details:

  • Email (privacy questions, COPPA, GDPR): privacy@yoce.com
  • General support: support@yoce.com
  • Postal: Yoce Ltd., England & Wales (registered office address available on request — write to privacy@yoce.com)

For COPPA verifiable parental consent specifically, see Section 4.

2. What we collect

From parents and adult family members

  • Email address and password (password is hashed — we never see the plain text)
  • Display name you choose
  • Family name and settings you configure (timezone, message limits, etc.)
  • If you sign in with Google: the email + display name we get from Google's OAuth response
  • Device tokens for push notifications (when you enable them)
  • Audit metadata for each significant action you take (timestamp, IP, user-agent)

From children (under your supervision)

  • A nickname or first name (chosen by you, the parent — not their full legal name unless you choose so)
  • An avatar (a stylised illustration; no real photographs are collected)
  • A username and PIN to log in on a shared device — we never ask the child for an email
  • Their star count, behaviour history, reward redemptions
  • Messages they send (text and voice clips up to 30 seconds), within the family or with friends you have approved
  • Their device push token if push is enabled
  • Birthday (optional, set by you) — used to display age on the family hub and for the calendar birthday reminder. Not used for advertising or shared with any third party.

We never collect from children: location, real name (unless you set it), email, phone number, photographs, contacts, or any data used for advertising profiles. We do not use behavioural advertising and do not run third-party advertising trackers in any part of the service. Behavioural analytics (Vercel Analytics) is hard-disabled on every kid screen even if a parent has enabled it for themselves.

No images, anywhere

Yoce does not allow uploading, sending, or storing any photographs, camera captures, or user-supplied images. Avatars are picked from a fixed set of stylised illustrations we ship; messages are text or short voice clips only. This is enforced at the API and storage layer, not just the UI — the database has no image column or bucket on any kid-visible surface, and the message endpoints reject any payload that isn't text or audio. Because no images flow through the service, Yoce never needs to scan, moderate, or transmit visual content involving children, and there is no path by which a kid's photo could be exposed via Yoce. We chose this constraint deliberately, on safety grounds, and don't plan to relax it.

Voice messages — special category data

Voice clips are audio recordings of children, which European data-protection law (UK GDPR / EU GDPR Article 9) treats as a special category of personal data. We process voice messages under the lawful basis of explicit parental consent captured at signup. Specifically:

  • Voice clips are stored encrypted at rest (AES-256, Supabase Storage)
  • Retained for 30 days maximum, then automatically deleted by a daily cron sweep
  • Never shared with any third party (advertisers, AI training datasets, analytics platforms — none)
  • Never used to train, fine-tune, or evaluate any machine-learning model
  • You can disable voice messages family-wide in Settings → Child messages, in which case no voice data is collected
  • You can delete the entire voice history along with the rest of your data via Settings → Privacy & Data → Delete account

From your devices automatically

  • Approximate location at the country/region level only (from your IP) — for fraud prevention and tax compliance, never used to target ads
  • Device type and operating system version (for compatibility and crash diagnosis)
  • Application logs (errors, performance) — no message content is logged

Yoce Wallet (optional, parent-activated)

When you activate the Yoce Wallet, we additionally collect:

  • Your country and chosen currency, so balances and disclaimers display correctly
  • The exchange rate you set (e.g. 10 stars = £1) and the history of any rate changes
  • Wallet transactions you create or approve: amount, currency, type, description, and the resulting balance
  • Manually-entered bank account names + balances you choose to track in your private parent view (children never see this data)
  • Wallet-specific consent events (activation, currency change, country change) recorded with timestamp + IP

The Yoce Wallet is a virtual ledger only. Yoce does not transmit, hold, or transfer real money. Yoce is not a bank, e-money institution, money transmitter, or licensed payment institution. The country-specific disclaimer shown when you activate the wallet is recorded verbatim in our consent log.

We never connect to your real bank or payment provider. Bank account information you enter is a manual private snapshot for your own reference and is never shared with your children, friends, or any third party. You can delete these entries anytime in Settings → Wallet → My bank accounts.

3. Why we collect it (purposes)

We collect personal information only for the following purposes:

  • To operate the Yoce service — sign in, store family data, deliver messages
  • To enable family chat and approved cross-family friend chat
  • To send transactional emails (signup confirmation, password reset, optional daily summary)
  • To prevent fraud and abuse (rate limits, captcha)
  • To debug crashes and improve reliability (aggregated, never sold, never tied to ads)
  • To comply with legal obligations (tax records, lawful subpoenas, regulatory inquiries)

We never: sell your data, rent it, share it for advertising, profile your children, target ads at children, or hand data to data brokers.

4. Parental consent (COPPA)

Because Yoce collects information from children under 13, we obtain verifiable parental consent before doing so, as required by COPPA (16 C.F.R. § 312.5).

How we obtain consent

When you create a Yoce account:

  1. You explicitly affirm that you are the parent or legal guardian of any children added to the account.
  2. You confirm you have read this policy and consent to the data described in Section 2 being collected from your children.
  3. We send you a confirmation email which you click to verify you control the email address. This is the first step of FTC's “Email Plus” verification method.
  4. At least 24 hours later, we ask you to confirm again from inside the app — the “plus” second touch. Without this confirmation, your kids' data cannot leave the family (no friend invites, no group chats).

Each consent event is recorded server-side with a timestamp, the version of this policy you saw, and your IP address — so consent is verifiable and reproducible.

Withdrawing consent

You can withdraw consent at any time by deleting your account in Settings → Privacy & Data, or by emailing privacy@yoce.com. Withdrawal stops new data collection and triggers deletion within 30 days, except where we're legally required to keep some records (tax, fraud).

5. Who can see your family's data

Inside the app

  • Members of your family (parents and children you have added)
  • Adult family members you invite, if you grant them access
  • Approved friends — only after both your family and the friend's family confirm the friendship

Service providers (processors)

These providers process data strictly on our behalf, under contract, and never use it for their own purposes:

  • Supabase — database, authentication, file storage. Hosted on AWS in the EU and US (mirrored). Encryption at rest and in transit. Their privacy policy.
  • Vercel — application hosting and edge delivery. Their privacy policy.
  • Cloudflare — bot protection (Turnstile) on signup. Their privacy policy.
  • Resend — transactional email. Their privacy policy.
  • Expo — push notifications to mobile devices. Push payloads contain only what you see in the in-app notification (e.g. “Sam earned 3 stars”); message bodies are never included in push.
  • Sentry — crash and error reporting. Receives stack traces and device/browser metadata when something in the app throws an unhandled error, so we can fix bugs you hit. Before any event leaves your device, Yoce strips IDs (kid IDs, message IDs, family IDs) from URLs, drops request and response bodies, removes auth headers and cookies, and never attaches screenshots or view hierarchies. Session replay is disabled. You can turn off crash reports entirely in Settings → Privacy & Data → Crash reporting on either web or mobile. Their privacy policy.
  • Vercel Analytics — first-party, cookie-less product analytics. Tracks anonymised page views and Web Vitals only; no cross-site tracking, no advertising profiles, no cookies stored in your browser by us. Hard-disabled on every child screen (path-gated in code) so kids' sessions are never measured even if you have analytics enabled for yourself. We do not use any third-party advertising or marketing analytics on Yoce. You can disable analytics for the whole account in Settings → Privacy & Data; our cookie banner also offers an opt-out. Their analytics privacy notice.

Cookies and similar technologies

Yoce uses a small number of strictly-necessary first-party cookies to keep you signed in and to remember your privacy preferences. We do not use:

  • Advertising cookies — none, ever.
  • Cross-site tracking cookies — none.
  • Third-party analytics cookies — Vercel Analytics is cookieless by design.
  • Social media / sharing pixels — none.

The cookies we do set: a Supabase auth cookie (session, ~7 days), a child-mode session cookie when a kid signs in (24-hour rolling), and a small preferences cookie that remembers whether you've seen the cookie banner. None of these are sold or shared.

No one else

We do not sell, rent, license, or trade personal information to advertisers, data brokers, ad networks, or marketing aggregators. We do not share kids' data for any purpose unrelated to operating Yoce.

6. International data transfers

Yoce's primary data centre is in the European Union / United Kingdom (Supabase EU-West). If you sign up from outside that region, your data is transferred there for processing. For users in the EU or UK, transfers rely on the Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, plus our processors' own certifications.

7. How long we keep data

  • Account & family data: for as long as your account is active
  • Voice messages: automatically deleted from storage 30 days after they're sent (the database retains a placeholder showing “Voice expired”)
  • Audit log: 7 years for COPPA, fraud-prevention, and regulatory record-keeping (anonymised after account deletion)
  • Backups: rolling 30-day window, then purged

When you delete your account, the data above is removed within 30 days, except for records we're legally required to retain (e.g. tax records for paying subscribers).

8. Your rights

Regardless of where you live, every parent on Yoce has the following rights over their own and their children's data:

  • Right of access: see what we hold — Settings → Privacy & Data → Export, or email privacy@yoce.com
  • Right to correct: edit any data via Settings; for things you can't edit yourself, email us
  • Right to delete: Settings → Privacy & Data → Delete my family. Takes effect within 30 days
  • Right to restrict processing: pause us using your data while you challenge accuracy
  • Right to portability: the export above is in JSON, machine-readable
  • Right to object: to anything done on the basis of legitimate interests
  • Right to withdraw consent: at any time
  • Right to lodge a complaint: with your local data protection authority (UK: ICO; EU: your member state DPA; US: FTC; California: AG)

We respond to verifiable rights requests within 30 days (45 if complex, with notice). There's no fee unless requests are manifestly excessive or repetitive.

9. How we protect your data

  • TLS 1.3 in transit; AES-256 at rest (provided by Supabase)
  • Row-level security so families can only see their own data, enforced by the database itself
  • SECURITY DEFINER access policies on every read and write — every action checks the caller is authorised
  • Voice clips served via short-lived signed URLs that expire
  • An immutable audit log of every state change (signups, message sends, family edits) — append-only, used for incident review
  • No third-party advertising trackers anywhere in the app

In the unlikely event of a personal-data breach affecting kids' data, we'll notify the FTC + your state AG within 60 days (US), the ICO/EU DPA within 72 hours, and affected users without undue delay.

10. California residents (CCPA / CPRA)

The categories of personal information we collect are listed in Section 2. We use them for the purposes in Section 3, share them with the categories of recipients in Section 5, and retain them for the periods in Section 7.

We do not “sell” or “share” (as defined under CPRA) any personal information, and have not in the previous 12 months. We do not knowingly sell or share the personal information of consumers under 16. California residents have the rights listed in Section 8; to exercise them email privacy@yoce.com.

10b. Other US state privacy laws

We comply with the following US state comprehensive privacy laws where applicable to residents of those states:

  • Virginia (VCDPA): rights to access, correct, delete, and port your data; to opt out of targeted advertising and sale (we do neither).
  • Colorado (CPA): same rights set as Virginia plus the right to opt out of profiling that produces legal or similarly significant effects (we don't profile).
  • Connecticut (CTDPA): aligned with Virginia/Colorado.
  • Utah (UCPA): aligned with the above; Yoce does not engage in sensitive-data processing without consent.
  • Texas (TDPSA): aligned; Texas residents have the same access/delete/correct/port rights.
  • Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Indiana (INCDPA), Tennessee (TIPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA): aligned baseline rights; same exercise process.

To exercise any of these rights, email privacy@yoce.com from the email address associated with your Yoce account, or use the in-app Settings → Privacy & Data tools. Most rights can be self-served from the app without contacting us.

Children's data under state laws. We do not sell or share children's personal data and never use it for targeted advertising. State law often grants additional protections to data of users under 13 (under 16 in some states); we apply the most- protective standard regardless of which state-specific rule technically applies.

11. Updates to this policy

When we make material changes — particularly to what we collect from kids, who we share with, or your rights — we'll notify you by email and require fresh consent before the new terms apply to children's data. Minor edits (clarifications, typos) are reflected by updating the “last updated” date above.

You can always view this policy's current version inside the app at Settings → Privacy & Data, and your consent history (which version you agreed to when) at the same place.

Kid-friendly versionTerms of ServiceBack to Yoce