Back

Privacy Policy

Last updated: March 21, 2026

1. Who We Are

Pimpi is operated by StudyStars. We build tools that help children ages 6–12 build positive learning and responsibility habits—supervised by their parents. Our product family includes Pimpi (a homework companion app), Pimpi Card (a stamp-based rewards app), and a Parent Dashboard for oversight.

2. What Data We Collect

We follow a strict minimal-data approach. We only collect what is necessary to provide the service:

  • Email address— provided by a parent during account creation. Used solely for authentication and account-related communications.
  • User-generated content— Sparks (learning activities), Lanes (categories), stamps, completed activities, and related data created within the apps.
  • Photos— optionally captured through the “Proof of Done” feature in the Pimpi app. Photos are stored securely and are only accessible to the authenticated account holder.
  • Authentication tokens— stored locally on the user’s device (in Secure Store on mobile, or httpOnly cookies on web). These are never shared with third parties.

3. What We Do NOT Collect

We believe in earning trust through transparency. Pimpi does not:

  • Use advertising identifiers (IDFA/GAID)
  • Run third-party analytics or tracking scripts
  • Sell, rent, or share personal data with advertisers
  • Display advertisements of any kind
  • Use fingerprinting or any form of cross-app/cross-site tracking

4. How Data Is Stored & Protected

All data is stored in a Supabase-hosted PostgreSQL database. Access is secured with Row Level Security (RLS), meaning each user can only read and modify their own data. Communication between our apps and servers is encrypted in transit using TLS.

On mobile devices, authentication tokens are stored in the platform’s Secure Store (Keychain on iOS, Keystore on Android)—not in cookies or local storage.

5. Third-Party Services

We use a small number of trusted third-party services to operate Pimpi:

  • Supabase— authentication and database hosting.
  • Vercel— web application hosting and content delivery.
  • Expo / EAS— mobile app distribution and over-the-air updates.

These providers process data only as necessary to deliver their services to us. We do not share personal data with any other third parties.

6. Children’s Privacy

Pimpi is designed for children ages 6–12 and we take children’s privacy very seriously. We comply with the Children’s Online Privacy Protection Act (COPPA) and equivalent regulations:

  • Parental involvement required— a parent or legal guardian must create and manage the account. Children cannot create accounts on their own.
  • Minimal data collection— we collect only what is needed for the app to function. We do not collect children’s names, birthdates, or location data.
  • No advertising or tracking— there are no ads, no advertising SDKs, and no tracking identifiers in our apps.
  • Parental control— parents can view, export, or delete all data associated with their account at any time.

7. Cookies

Our web applications (pimpi.app and parent.pimpi.app) use essential httpOnly cookies for authentication only. We do not use any tracking cookies, marketing cookies, or third-party cookie-based analytics.

Our mobile appsdo not use cookies at all. Authentication tokens are stored in the device’s Secure Store.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right to access— request a copy of the data we hold about you.
  • Right to rectification— request correction of inaccurate data.
  • Right to erasure— request deletion of your data (see Section 9).
  • Right to data portability— receive your data in a structured, machine-readable format.
  • Right to object— object to processing of your data.

Our legal basis for processing data is legitimate interest (providing the service you signed up for) and consent (where applicable). To exercise any of these rights, contact us at the address below.

9. Data Retention & Deletion

We retain your data for as long as your account is active. When you delete your account, all associated data—including Sparks, Lanes, stamps, completed activities, and photos—is permanently deleted from our systems.

You can delete your account at any time from the Settings screen within the app. You may also request deletion by contacting us directly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify users through the app or via email. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@studystars.app

Operator: StudyStars

Pimpi celebrating

Small steps, big kids.

Create a free account

Or let your kid start on their own

iOS app coming soon

© 2026 Israel Roldán