Cwtch Corner – Privacy Policy

Last Updated November 14th 2025

1. Introduction.
Welcome to Cwtch Corner, developed by Cwtch & Code. We are committed to protecting the privacy of all our users, especially children and vulnerable adults with Additional Learning Needs (ALN), Special Educational Needs (SEN), neurodivergent conditions, and learning disabilities.
This app is designed to be a safe, supportive digital space. We comply with the UK GDPR, the Children’s Code (Age-Appropriate Design Code), and data protection laws.
2. Who We Are.
Data Controller: Cwtch & Code
Developer: Carl Hendy
Contact: [email protected]
Location: United Kingdom
Data Protection Officer: Carl Hendy
3. Who This App Is For.
Cwtch Corner is designed for:
• Children of all ages
• Vulnerable adults
• Individuals with ALN, SEN, neurodivergent conditions, or learning disabilities
• People who just want a moment of calm in their lives
There is no minimum age requirement. Parents, guardians, or carers must set up the administrator account and confirm they have parental responsibility or caring authority before creating user profiles.
4. What Data We Collect
Free Tier (Local Storage Only)
• User profiles (names, avatars, preferences)
• Messages between profiles (encrypted)
• Diary entries (encrypted)
• App settings and theme choices
• Approved YouTube channels (titles only, no thumbnails or watch history)
• All data is stored locally on your device only
Premium Tier (£2.99/month – Cloud Sync)
• Account email address (for sign-in)
• Display name (optional, for Google Sign-In users)
• All free tier data (synced to secure cloud storage)
• Subscription status (managed by Google Play or payment provider)
We DO NOT collect:
• Location data
• Device identifiers for tracking
• Browsing history
• Video watch history
• Behavioral data for profiling or advertising
5. How We Use Your Data
We use your data only to:
• Provide the app’s core features (profiles, messages, diary, games)
• Enable cloud sync for premium users
• Manage user authentication and subscriptions
• Ensure app security and prevent misuse
We DO NOT use data for:
• Advertising or marketing
• Profiling or behavioral tracking
• Sharing with third parties (except as required for core functionality)
6. Data Storage & Security
Free Tier:
• All data stored locally on your device using encrypted storage
• Messages and diary entries encrypted with AES-256 encryption
• No data leaves your device
Premium Tier:
• Data synced to Firebase Firestore (hosted in Europe/EU region)
• All data encrypted in transit (HTTPS/TLS)
• Messages and diary entries encrypted before storage
• Access protected by Firebase Authentication
Security Measures:
• Admin PIN protection for account management
• End-to-end encryption for sensitive content
• Secure authentication (email/password or Google Sign-In)
• Regular security updates
7. Third-Party Services
We use the following trusted services:
Firebase (Google) – Premium users only:
• Authentication (sign-in)
• Cloud Firestore (data storage, EU-hosted)
• Privacy Policy: https://firebase.google.com/support/privacy
Google Sign-In – Optional
• Allows sign-in with Google account
• Privacy Policy: https://policies.google.com/privacy
Google Play Billing – Premium subscriptions:
• Handles payment processing securely
• We do NOT see your payment card details
• Privacy Policy: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice
Google Fonts:
• Provides fonts for display only
• No user data collected
YouTube API – For approved channels:
• Only caches channel names and video titles
• No thumbnails, watch history, or user tracking
• Privacy Policy: https://policies.google.com/privacy
We do NOT use:
• Analytics or crash reporting services
• Advertising networks
• Social media integrations
• Marketing or tracking tools
8. Your Rights (GDPR)
You and your child have the right to:
✓ Access your data – Use “View My Data” in this screen
✓ Download your data – Use “Download My Data” (JSON export)
✓ Delete your data – Use “Delete My Data” (requires admin PIN)
✓ Correct inaccurate data – Edit profiles and content in-app
✓ Withdraw consent – Delete account via Account Settings
✓ Object to processing – Contact us to discuss concerns
✓ Data portability – Download data in machine-readable format
For premium users, data deletion removes BOTH local and cloud data.
To exercise these rights, use the tools in this Privacy & Credits screen, or contact: [email protected]
9. Parental Rights & Controls
Parents, guardians, and carers have:
• Full admin account access with PIN protection
• Ability to create, edit, and delete all user profiles
• Control over approved YouTube channels
• Access to all messages and diary entries
• Ability to delete all account data
• Right to request data on behalf of children
By setting up an admin account, you confirm you have parental responsibility or caring authority for the app’s users
10. Children’s Code Compliance
We comply with the UK Age-Appropriate Design Code:
✓ Privacy by default – Free tier stores everything locally
✓ No profiling or tracking – We don’t build behavioral profiles
✓ No location tracking – We never access location data
✓ No advertising – The app is completely ad-free
✓ Clear language – This policy uses plain, understandable terms
✓ Parental controls – Admin PIN protects all management functions
✓ Data minimization – We only collect what’s needed for features
✓ Encryption – Messages and diaries are encrypted
✓ No data sharing – Your data stays within the app ecosystem
11. Data Retention
Free Tier:
• Data remains on your device until you delete it
• Uninstalling the app removes all local data
Premium Tier:
• Active accounts: Data retained while subscription is active
• Account deletion: All data (local and cloud) deleted immediately and permanently
• Inactive accounts: If legally required, we will delete data after 3 years of inactivity
When you delete data using our GDPR tools, it is removed immediately and cannot be recovered.
12. Data Sharing
We do NOT sell, rent, or share your personal data with third parties.
Data is only shared when:
• Required by law (e.g., court order, safeguarding concerns)
• You explicitly request it (e.g., data export)
Service providers (Firebase, Google Play) process data on our behalf under strict contracts and only for the purposes described in this policy
13. Cookies & Tracking
We do NOT use:
• Marketing cookies
• Advertising cookies
• Tracking pixels
• Analytics cookies
We DO use:
• Local storage (SharedPreferences) for app settings
• Essential authentication tokens (for premium sign-in)
All storage is functional and necessary for the app to work.
14. Changes to This Policy
We may update this privacy policy to reflect:
• Changes in the law
• New features or services
• User feedback
When we make changes:
• We’ll update the “Last Updated” date at the top
• For significant changes, we’ll notify you via the app
• You can always view the latest version in this screen
15. Contact Us
If you have questions about privacy, data protection, or this policy:
Email: [email protected]
Developer: Carl Hendy, Cwtch & Code
Location: United Kingdom
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Helpline: 0303 123 1113
16. Summary
Cwtch Corner is built with privacy at its heart:
🔒 Your data is encrypted and secure
🏠 Free users\’ data never leaves their device
☁️ Premium users choose cloud sync (EU-hosted)
🚫 No advertising, tracking, or profiling
👪 Full parental controls and transparency
✅ GDPR and Children’s Code compliant
💚 Designed for safety, comfort, and trust
Thank you for trusting Cwtch & Code with your family’s digital wellbeing.