Privacy Policy

27 October 2025

This Privacy Policy explains how Koobiba (“Koobiba”, “we”, “us”) collects, uses, and shares information when you visit our websites (including koobiba.com and subdomains), use our mobile apps, purchase or use Koobiba devices, or otherwise interact with us (collectively, the “Services”).

We are committed to privacy by design. Parent accounts manage the experience; Koobiba devices are intended for use by children but do not require children to create accounts.

What data we collect

We only collect what we need to deliver and improve the Services.

1) Information you provide

  • Account & profile: name, email, password, language, country.
  • Purchases & shipping: billing details, delivery address, VAT number (where applicable).
  • Support & contact: emails, form submissions, device diagnostics you choose to share.
  • Content you upload: audio files, playlists, titles, artwork, and metadata you choose to store/sync.
  • Waitlist/marketing: email, preferences, and consent choices.

2) Information collected automatically

  • Website/app analytics: pages viewed, device/browser type, approximate location (city/country), session duration, referrer URL, campaign UTM data. (See Cookies & similar tech.)
  • App/device telemetry (minimal): device identifier, firmware version, feature toggles, basic performance events (e.g., provisioning success/failure, playback start/stop), error logs. We avoid collecting recordings or children’s voices.
  • Transaction logs: order ID, payment status from our payment provider (we do not store full card numbers).

3) Information from third parties

  • Payment processors: payment confirmation, transaction status, risk assessment.
  • Authentication providers (if used): sign‑in tokens.
  • Shipping providers: delivery tracking and status updates.

We process personal data only where a legal basis applies:

  • Contract (Art. 6(1)(b)): to create/manage your account, fulfill orders, deliver the Services, and provide support.
  • Legitimate interests (Art. 6(1)(f)): to keep Services secure, prevent abuse, measure and improve performance, and understand usage — balanced against your rights.
  • Consent (Art. 6(1)(a)): for email marketing, non‑essential cookies/analytics, and optional diagnostics. You can withdraw consent anytime.
  • Legal obligations (Art. 6(1)(c)): invoicing, tax, and compliance.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects.

How we use your data

  • Provide, operate, and improve the Services and firmware.
  • Personalize content (e.g., language, previously used playlists).
  • Process payments, orders, shipping, and returns.
  • Communicate about purchases, updates, security notices, and changes.
  • Provide support and resolve issues.
  • Analyze aggregated, privacy‑preserving metrics to improve reliability and usability.

Children’s privacy

Koobiba devices are intended for use by children under the supervision of a parent/guardian. Parent accounts control settings and content. We do not knowingly collect personal data directly from children. If you believe a child provided personal data to us, contact [[email protected]](mailto:hello @ koobiba.com) so we can delete it.

Cookies & similar technologies

We use cookies, local storage, and SDKs to:

  • Keep you signed in and remember preferences (strictly necessary).
  • Measure website/app performance and aggregate usage (analytics — consent‑based where required).
  • Support marketing attribution (consent‑based).

You can manage preferences through our cookie banner and your browser/device settings. Blocking some cookies may affect functionality.

Sharing your data

We share data only with service providers that help us run the Services, under contracts that require them to protect your data:

  • Hosting & cloud infrastructure (EU‑based servers where possible)
  • Payment processors
  • Email & customer support platforms
  • Analytics services (consent‑based)
  • Shipping & logistics providers

We may also share data to comply with law, protect rights and safety, or as part of a business transfer (e.g., merger), with appropriate safeguards.

We do not sell personal data.

International transfers

If we transfer data outside the EEA/UK, we use lawful mechanisms (e.g., EU Standard Contractual Clauses and, where relevant, the UK Addendum) and assess the recipient’s legal environment.

Data retention

We keep personal data only as long as necessary for the purposes described above:

  • Account data: kept while your account is active; deleted or anonymized within a reasonable period after closure.
  • Order records: kept to satisfy legal/accounting obligations (typically 6–10 years under EU law).
  • Telemetry/analytics: stored in aggregate or pseudonymized form with defined retention windows.
  • Marketing records: kept until you unsubscribe or withdraw consent.

Waitlist data collection

When you join our waitlist through the form on our website, we collect:

  • Email address (required) — to notify you when Koobiba launches and send updates
  • Marketing consent (required) — confirmation that you want to receive emails about Koobiba
  • Country (optional) — to understand where our audience is located
  • Alternative products considered (optional) — to understand your needs and preferences
  • Referral source (UTM parameters from the URL) — to understand how you found us
  • Timestamp and browser information — for security and analytics purposes

How we use this data:

  • To notify you when Koobiba launches
  • To send relevant updates about the product development
  • To understand our audience and improve our marketing
  • To prevent spam and abuse of the waitlist

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw consent and request removal from the waitlist at any time by emailing [email protected].

Data storage: Waitlist data is never shared with third parties for marketing purposes. We can only process aggregate statistics without identifying individuals.

Retention: We keep waitlist data until the product launches and for a reasonable period afterward to fulfill our obligation to notify you. You can request deletion at any time.

Your rights (GDPR/EU)

You have the right to request:

  • Access to your data and a copy of it
  • Rectification of inaccurate data
  • Erasure (“right to be forgotten”) where applicable
  • Restriction of processing in certain cases
  • Portability of data you provided to us
  • Objection to processing based on legitimate interests, and to direct marketing
  • Withdrawal of consent at any time (for consent‑based processing)

Security

We use technical and organizational measures appropriate to the risks, such as encryption in transit, least‑privilege access, network segmentation, signed firmware/OTA updates, and regular backups. No system is 100% secure; we encourage strong passwords and keeping your device/app updated.

Our Services may link to third‑party sites or content libraries. Their privacy practices are governed by their own policies.

Changes to this Policy

We may update this Policy to reflect changes in law or our Services. We will post the updated version with a new “Last updated” date and, where appropriate, notify you by email or in‑app.

Annex: Summary of key processing activities (plain language)

  • Account & purchases: Necessary to provide the product and services.
  • Device telemetry: Minimal, for reliability and safety; no recordings of children.
  • Analytics/ads: Off by default where law requires consent; configurable via cookie banner.
  • Data sharing: Only with vetted processors under contract; no selling of data.
  • Your control: Access, edit, delete, port your data; unsubscribe anytime.