Privacy Policy

Last updated: May 19, 2026

Bilal Almadani ("Jozori", "we", "us") operates the Jozori bilingual learning platform for children and families. We are the data controller for the personal data described below. We take the privacy of children, parents, and educators extremely seriously, and we design our product to comply with the spirit of COPPA (US) and GDPR / GDPR-K (EU/UK).

1. Who creates accounts

Only a parent or legal guardian aged 18 or older creates an account. Child profiles live inside a parent account and are never separately registered. Children cannot directly sign up, log in, message anyone, or share information with strangers.

2. What we collect

• Parent account: email, display name, language preference, hashed PIN.
• Child profile: first name or nickname, age tier, chosen avatar, learning progress.
• Usage telemetry: activities completed, time spent, badges earned — used solely to power the parent dashboard and personalise content.
• Device basics: IP address, device type, and crash diagnostics for security and service reliability.

We do not collect: precise location, behavioural advertising identifiers, contacts, photos from the device, microphone recordings, or biometric data.

3. Legal basis (UK/EEA users)

• Performance of a contract — operating the service you subscribed to.
• Legitimate interests — security, fraud prevention, and product improvement.
• Consent — optional marketing emails (withdraw any time from the email footer or Settings).
• Legal obligation — tax, accounting, and regulatory requirements.

4. How we use data

Strictly to operate the service: deliver age-appropriate content, show parents their child's progress, secure the account, prevent abuse, and improve the product. We do not sell data, and we do not show third-party advertising to children.

5. Sharing and subprocessors

Data is processed by trusted providers bound by data-processing agreements:

• Hosting & database — for storing your family's account.
• Email delivery — for transactional emails (account, billing, weekly summaries).
• Paddle.com — our Merchant of Record. Paddle handles payments, billing, sales tax, invoicing, and refunds, and may collect billing-related data (name, billing address, payment method, IP, location of purchase). See Paddle's privacy notice for details.
• Professional advisers — legal and accounting, where required.
• Authorities — where required by law.

We never share child data with marketers, data brokers, or advertising networks.

6. International transfers

Some subprocessors may process data outside the UK/EEA. In those cases we rely on appropriate safeguards (such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, or equivalent adequacy decisions).

7. Retention

Account and child-profile data is kept while your account is active and for up to 12 months after cancellation, then deleted or anonymised. Billing records retained by Paddle may be kept longer to meet tax and accounting obligations.

8. Your rights

Parents can view, export, correct, or permanently delete their family's data from Settings → Privacy, or by emailing privacy@jozori.com. UK/EEA users also have the right to restrict or object to processing, withdraw consent, request portability, and lodge a complaint with their local data protection authority. We respond to verified requests within 30 days.

9. Security

We use industry-standard technical and organisational measures including encryption in transit and at rest, hashed credentials, role-based access controls, audit logging, and regular security review.

10. Cookies

We use only essential cookies required to keep you signed in and to protect the service from abuse. We do not use third-party advertising or cross-site tracking cookies on children's surfaces.

11. Contact

Bilal Almadani — email privacy@jozori.com for any privacy question, or safety@jozori.com for anything related to child safety. See also our Child Safety page.