Privacy Policy

SmileyRead operates the SmileyRead application, a Mandarin vocabulary learning platform for Singapore primary school students. For privacy-related enquiries, contact us at hello@smileyread.com.

We collect only what is necessary to provide the service:

• Account data: Parent or guardian email address and password (stored securely via Supabase Auth).
• Profile data: Child's first name and selected learning level (P1–P6).
• Learning data: Session history, word practice records, correct/incorrect attempt counts, daily streak, and vocabulary mastery status.
• Voice input: Speech recognition is processed entirely by your device's browser (Web Speech API). We do not record, transmit, or store any audio data.

We use your data solely to:

• Provide and personalise the learning experience for your child.
• Track learning progress and adapt the daily session to your child's level.
• Maintain your login session and daily practice streak.
• Improve the application's performance and content quality.

We do not use your data for advertising, profiling, or any purpose unrelated to the educational service.

SmileyRead is designed for children but accounts are registered and managed by parents or legal guardians. We do not knowingly collect personal data directly from children without verifiable parental consent.

The only child-related data we store is the child's first name and learning records, provided by the parent during account setup.

Your data is stored securely using Supabase, a cloud infrastructure provider. Data is encrypted in transit (HTTPS/TLS) and at rest. Access to your data is restricted by row-level security policies ensuring only your account can access your family's records.

Supabase infrastructure may be hosted in data centres outside Singapore. By using SmileyRead, you consent to this transfer, which is conducted with appropriate safeguards.

We do not sell, rent, or share your personal data with third parties for commercial purposes. We may share data only with:

• Supabase — our database and authentication infrastructure provider.
• Authorities — if required to do so by Singapore law or court order.

We retain your personal data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Under the Singapore Personal Data Protection Act, you have the right to:

• Access the personal data we hold about you.
• Correct any inaccurate or incomplete personal data.
• Withdraw consent for the collection, use, or disclosure of your personal data (noting that this may affect your ability to use the service).

To exercise these rights, contact us at hello@smileyread.com. We will respond within 10 business days.

SmileyRead uses browser local storage to save your in-progress session state (e.g., resume position if you leave mid-session). No third-party tracking cookies are used.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above. Continued use of the service constitutes acceptance of the updated policy.

For any privacy-related questions or PDPA requests, please contact our Data Protection Officer at:

hello@smileyread.com