Art Studio Privacy — Koydo | Koydo Art Studio

Effective 2026-04-27. This page complements thegeneral Koydo privacy policy.

What we collect from Art Studio users

Account identifiers (Supabase user ID) — required for saving artwork
Saved artwork metadata + thumbnails — stored encrypted at rest
Anonymized engagement signals (PRISM) — fed to the Koydo Brain to recommend modes and lessons; never used for advertising
Crash & performance diagnostics — to fix bugs faster

What we do not collect

No tracking across third-party services
No behavioral advertising
No camera frames are uploaded — color picking and photo tracing process images locally on the device
No microphone audio is uploaded — voice canvas runs on-device speech recognition

Children & COPPA

Art Studio is designed for children. We comply with COPPA, GDPR, and applicable regional privacy laws. Verifiable parental consent is required for any data linked to a child under 13.

Parental controls

Parents can view and delete their child's saved artwork via the in-app Account → Gallery menu.
Account deletion (which removes all data) is available at /account/settings.
Email privacy@koydo.app for any data request.

Data retention

Saved artwork is retained until the user deletes it. Engagement signals are retained for 24 months in aggregated, non-identifiable form. Crash data is retained for 90 days.

Where data lives

Data is hosted on Supabase (Frankfurt and Iowa regions) with AES-256 encryption at rest and TLS 1.3 in transit. Subprocessors are listed in the main privacy policy.

Contact

Questions? privacy@koydo.app