Privacy Policy – LeesSom

Last updated: 2026-04-03

What Data We Collect

• Parent or guardian email address
• Account name and child profile names
• School-group level, selected avatar, and accessibility preferences
• Learning progress, scores, streaks, achievements, and challenge history
• Friends, invite codes, and challenge activity for the app's social features
• JWT session token and secure local session state

Third-Party Sign-In

If you choose Apple, Google, or Microsoft sign-in, we receive the account identifier and basic profile details needed to create and authenticate your LeesSom account.

• Apple: app-scoped Apple user identifier, email address (including private relay if you choose that), and full name on first sign-in.
  Apple's privacy policy: https://www.apple.com/legal/privacy/
• Google: Google user identifier, email address, and display name.
  Google's privacy policy: https://policies.google.com/privacy
• Microsoft: Microsoft user identifier, email address, and display name.
  Microsoft's privacy statement: https://privacy.microsoft.com/privacystatement

We use this data solely to create and authenticate your account. We do not access your iCloud data, Google Drive, Microsoft OneDrive, contacts, or any other third-party services beyond authentication.

Crash Reporting & Diagnostics (Sentry)

LeesSom uses Sentry to detect crashes and performance problems. Crash reporting is enabled by default, can be switched off in Settings → Privacy & support → Crashrapporten, and is configured without default PII (sendDefaultPii: false).

What we collect

• Crash logs (stack traces) and runtime error details
• Performance data such as app startup and request timing
• App version, OS version, and device model
• User interaction breadcrumbs (taps, navigation events — no content captured)

What we do not collect

• No advertising ID
• No location, camera, microphone, or contacts data
• No tracking data for cross-app advertising
• No user-linked Sentry identity from the mobile app or backend
• No text entered in input fields

Data handling

• Storage region: EU data residency (Frankfurt, Germany)
• Data retention: 90 days for error events, 60 days for performance data
• PII scrubbing: enabled by default (sendDefaultPii: false); IP addresses are stripped before storage via beforeSend callback

Sentry Privacy Policy: https://sentry.io/privacy/

How We Collect It

We collect data through account registration, social sign-in, gameplay activity, saved preferences, and optional diagnostics.

Why We Collect It

Data is used for account management, learning progress sync, difficulty personalization, social challenge features, and app stability.

How Long We Keep It

We keep account and gameplay data until the account is deleted. Guest-mode data remains only on the device unless the user later creates an account and chooses to continue from there.

Who We Share It With

We do not sell personal data and we do not use ad networks in LeesSom. We share data only with processors needed to run the app:

• Sentry (Functional Software, Inc.) — crash and performance diagnostics, without default PII, stored on EU servers. You can opt out via Settings → Privacy & support → Crashrapporten.
• Apple, Google, or Microsoft — only when you choose those sign-in providers. Their respective privacy policies apply to data they process.
• Hosting providers — to operate the LeesSom API and storage infrastructure.

Children and Parent / Guardian Role

LeesSom is designed for primary school children (ages 4–12). Registered accounts are intended to be created and managed by a parent or guardian. The app also offers a guest mode for instant play without registration.

We do not knowingly collect personal data from children under 13 without verifiable parental consent. Account registration requires a parent or guardian email address. If you believe we have inadvertently collected data from a child without parental consent, please contact us immediately and we will delete it promptly.

We do not use behavioral advertising, sell children's data, or share it with third parties for marketing purposes. No third-party advertising SDKs are included in the app.

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Correction — ask us to correct inaccurate data.
• Deletion — request deletion of your account and personal data.
• Restriction — ask us to limit how we use your data in certain circumstances.
• Portability — request your data in a portable format.
• Withdrawal of consent — withdraw consent (e.g., for crash diagnostics) at any time without affecting prior processing.

To exercise any of these rights, contact us by email.

How To Delete Your Account

Use the in-app delete account feature in Settings → Gevarenzone → Account verwijderen, or use the public Delete Account page if you cannot access the app.

Contact

For privacy requests, contact DevDad Support via email.

Governing Law

This policy is governed by the laws of the Netherlands. Users in the EEA may also have rights under the General Data Protection Regulation (GDPR).