← Back to Elentus
Privacy Policy
Effective Date: 29 March 2026
Elentus is operated by an individual developer based in Australia. This privacy policy explains how we collect, use, store, and protect personal information across our products and services. It applies to all users of Elentus products, including ReadingFox.
We have written this policy in plain English so that parents and guardians can understand exactly what data we handle and why. If anything is unclear, please contact us at support@elentus.com.
1. Definitions
- "We," "us," "our" refers to Elentus.
- "You," "your" refers to the parent or guardian who creates and manages an account.
- "Child" refers to a minor whose profile is created and managed by a parent or guardian within the app.
- "Services" refers to all Elentus products, including the ReadingFox mobile application.
- "Personal information" means information that identifies or could reasonably identify an individual.
2. Our Commitment to Children's Privacy
ReadingFox is designed for children in Australian school Years 3 to 7 (approximately ages 8 to 12). We take children's privacy extremely seriously.
- Children cannot create their own accounts. Only a parent or guardian can create an account and add child profiles.
- We collect only the minimum data needed to provide the educational service.
- We do not serve advertising of any kind.
- We do not use advertising identifiers (IDFA or equivalent).
- We do not include third-party analytics or tracking SDKs.
- We do not enable social features, messaging, or any form of child-to-child communication.
- We do not sell, rent, or share children's personal information with third parties.
- We do not collect location data, photos, contacts, or other device data.
3. Information We Collect
3.1 Parent Account Information
When you create an account, we collect:
- Email address — used for account authentication, password resets, and important service communications.
- Display name — shown within the app so your child sees a familiar name.
- Password — stored in hashed form; we never have access to your plain-text password. If you sign in with Apple, we receive an authentication token from Apple instead of a password.
3.2 Child Profile Information
When you add a child profile, we collect:
- Child's first name — used only for display within the app. This name is never shared outside your account.
- Year level — the child's Australian school year (Years 3 to 7), used to select age-appropriate reading content.
- Reading preferences — up to three interest tags chosen from a fixed list, used to personalise story topics.
3.3 Educational Activity Data
As your child uses ReadingFox, the app records:
- Reading session data — comprehension scores, vocabulary progress, response times, and reading speed. This data is used to adapt difficulty and track learning progress.
- Game data — word scramble progress, solve times, number of hints used, and stars earned.
- Story ratings — thumbs up or thumbs down on stories, used to improve content selection.
3.4 Information We Do Not Collect
- No advertising identifiers (IDFA or equivalent)
- No location or GPS data
- No photos, camera, or gallery access
- No contacts or address book data
- No browsing history or data from other apps
- No audio recordings — the app declares microphone permission solely for the operating system's built-in text-to-speech feature; we do not record or transmit audio
- No third-party analytics, cookies, or tracking pixels
4. How We Use Information
We use the information described above solely to:
- Provide the service — authenticate your account, display child profiles, and deliver reading content.
- Personalise learning — adapt story difficulty, vocabulary levels, and content topics to each child's assessed reading level and preferences.
- Track progress — show parents and children how reading skills are developing over time.
- Improve the service — analyse aggregated, non-identifying usage patterns to improve content quality and app features.
- Communicate with you — send essential service emails such as account verification, password resets, and critical service updates. We do not send marketing emails.
5. How We Store and Protect Information
5.1 Infrastructure
All data is stored in a PostgreSQL database hosted by Supabase, a cloud infrastructure provider. Authentication is handled by Supabase Auth. Our website is hosted by Cloudflare. Both providers maintain industry-standard security certifications.
5.2 Security Measures
- All data is transmitted over encrypted connections (TLS/SSL).
- Passwords are cryptographically hashed and never stored in plain text.
- Row-Level Security (RLS) policies enforce that each parent can only access data belonging to their own account and their own children.
- Access to backend systems is restricted to the Elentus developer only.
5.3 Data Location
Supabase infrastructure may process and store data in the United States and/or Singapore. By using the service, you consent to the transfer of data to these locations. These transfers are necessary to provide the service and are protected by the security measures described above.
6. Third-Party Services
| Service | Purpose | Data Shared |
|---|
| Supabase |
Database hosting, authentication |
Account and activity data as described in Section 3 |
| Apple (Sign In with Apple) |
Optional authentication on iOS |
Authentication token and, on first sign-in only, your name if you choose to share it |
| Cloudflare |
Website hosting |
Standard web request data processed transiently |
We do not use any advertising networks, analytics platforms, or data brokers. No personal information is sold or shared with third parties for their own purposes.
7. Parental Rights and Controls
7.1 Access
You can view all of your child's data within the app at any time, including reading progress, vocabulary levels, and game achievements.
7.2 Correction
You can update your child's first name, year level, and reading preferences within the app at any time.
7.3 Deletion
You can delete your entire account and all associated children's data from within the app at any time. All data is permanently deleted with no retention period. You may also contact us at support@elentus.com to request deletion.
7.4 Withdrawal of Consent
You may withdraw consent at any time by deleting your account. Because the data we collect is necessary to provide the service, withdrawal will result in account termination.
7.5 Data Portability
You may request a copy of all personal data by contacting support@elentus.com. We will provide it in a machine-readable format within 30 days.
7.6 Complaint
Australian residents may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. EU residents may contact their local data protection authority.
8. Data Retention
- Active accounts — we retain data for as long as your account is active.
- Deleted accounts — all data is permanently deleted. No data is retained after deletion.
- Inactive accounts — we may contact you before taking any action regarding prolonged inactivity.
9. Compliance
9.1 Australian Privacy Act 1988
We comply with the Australian Privacy Principles (APPs). As a small business, we may be exempt from certain provisions, but we voluntarily adhere to the APPs because our services involve children's data.
9.2 COPPA (United States)
We comply with COPPA by requiring parental account creation, collecting only necessary data, not conditioning participation on excess collection, providing parental review and deletion rights, and not sharing children's data with third parties.
9.3 GDPR (European Union)
For EEA users, we process data on the basis of consent (account creation), contract (providing the service), and legitimate interest (aggregated service improvement). You have rights to access, rectify, erase, restrict, object, and portability as described in Section 7.
10. Changes to This Policy
If we make material changes, we will notify you by email or by a prominent notice within the app before the changes take effect. The date at the top indicates when the policy was last updated.
11. Contact Us