Legal

Privacy
Policy

Your family's privacy is not just a feature. It is the foundation of everything we build.

Effective Date: February 14, 2026

1. Introduction

This Privacy Policy describes how WonderSpell ("we," "us," or "our") collects, uses, stores, and protects information when you use the WonderSpell mobile application and related services (collectively, the "Service"). WonderSpell is a parent-managed spelling test application.

By creating an account or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

WonderSpell operates on one principle: your family's data belongs to your family. We do not sell it. We do not share it with marketers. We do not use it for advertising. That will never change.

2. Information We Collect

WonderSpell collects only the minimum information necessary to provide and operate the Service. We collect the following categories of data:

2.1. Parent Account Information

  • Name: Your first and last name, provided through Sign in with Apple, used for account identification and communication.
  • Email address: Provided through Sign in with Apple (you may choose to share your real email or use Apple's private relay address). Used for essential service-related communications.

Parents authenticate exclusively through Sign in with Apple. No passwords are created, stored, or managed by WonderSpell for parent accounts.

2.2. Child Profile Information

  • First name: Used to personalize the child's experience and display in the parent dashboard.
  • Age: Used to determine the appropriate visual theme (playful mascot or explorer adventure) and difficulty calibration.

We do not collect email addresses, passwords, last names, physical addresses, photographs, device identifiers, or any other personally identifiable information from children. Children never create accounts and never interact with the Service outside of the supervised "kid mode" test-taking experience.

2.3. Educational Usage Data

  • Spelling test results: Words attempted, correct/incorrect answers, hint usage, and scores.
  • Word mastery analytics: Weighted performance averages used to track learning progress over time.
  • Test session history: Dates and times of completed tests.

This data is used solely to power the learning analytics features visible to parents and to enable features such as dynamic test generation based on word mastery.

2.4. Subscription Information

WonderSpell subscriptions are processed entirely through Apple's App Store. We do not collect, process, or store any payment information such as credit card numbers, billing addresses, or financial account details. Apple handles all payment processing, and we receive only a confirmation of subscription status.

3. Information We Do Not Collect

WonderSpell explicitly does not collect:

  • Location or GPS data
  • Device advertising identifiers (IDFA)
  • Contacts, photos, or camera/microphone data
  • Browsing history or data from other applications
  • Social media profiles or credentials
  • Biometric data
  • Any personal information from children beyond a first name and age

4. How We Use Your Information

Information collected by WonderSpell is used exclusively for the following purposes:

  • Providing the Service: Authenticating your account, managing child profiles, delivering spelling tests, generating audio pronunciations, and displaying learning analytics.
  • Improving the Service: Analyzing aggregate, anonymized usage patterns to identify and fix bugs, improve performance, and develop new educational features.
  • Essential Communications: Sending critical security notifications and significant service updates. We do not send marketing emails.

We do not use your data for targeted advertising, behavioral profiling, marketing campaigns, or any purpose unrelated to providing the WonderSpell educational service.

5. Information We Do Not Sell or Share

WonderSpell does not sell, rent, trade, lease, or otherwise provide your personal information to any third party for any reason, including but not limited to:

  • Advertising networks or platforms
  • Marketing agencies or data brokers
  • Analytics companies that profile users for commercial purposes
  • Social media companies
  • Any third party for their own commercial benefit

We do not embed third-party advertising SDKs, tracking pixels, analytics beacons, or social media widgets in our application or website. We do not participate in data exchanges or advertising consortiums.

The only circumstance under which we would disclose personal information to a third party is if compelled to do so by a valid legal process such as a court order or subpoena, and even then only to the minimum extent required by law.

6. Data Encryption and Security

Protecting your family's data is a core engineering priority, not an afterthought. We implement multiple layers of security:

6.1. Encryption in Transit

All communication between the WonderSpell app and our servers is encrypted using Transport Layer Security (TLS). This means every request, response, and data transfer is protected from interception during transmission. The app enforces secure connections and will not communicate over unencrypted channels.

6.2. Encryption at Rest

All sensitive personal data stored in our database is encrypted at rest using industry-standard encryption algorithms. This includes names, email addresses, and any other identifiable information. Even in the unlikely event of unauthorized access to our database storage, encrypted fields cannot be read without the encryption keys, which are stored separately and securely managed.

6.3. Authentication Security

Parent accounts authenticate exclusively through Sign in with Apple. No passwords are created, stored, or managed by WonderSpell for iOS app users. Apple handles all authentication securely, and we receive only the information necessary to identify your account (name, email, and a unique Apple identifier). This eliminates password-related risks such as credential stuffing, password reuse, and phishing attacks.

6.4. Authentication and Session Security

  • Authentication is handled through Sign in with Apple, leveraging Apple's industry-leading security infrastructure.
  • Session tokens are stored in the iOS Keychain, Apple's secure credential storage mechanism.
  • Server-side sessions use secure, HTTP-only cookies with strict same-site policies.

Your data is encrypted both in transit and at rest. Parents authenticate securely through Sign in with Apple, so no passwords are stored or managed by WonderSpell.

6.5. Infrastructure Security

Our servers are maintained with regular security updates and patches. Access to production systems is restricted and audited. We follow the principle of least privilege across our infrastructure.

7. AI-Generated Content

WonderSpell uses artificial intelligence in three limited, specific ways:

  • Audio pronunciation: A self-hosted text-to-speech engine (Kokoro) generates spoken audio for spelling words. This engine runs entirely on our own infrastructure.
  • Example sentences: AI generates age-appropriate sentences to provide context for each spelling word. This processing also runs on our own servers.
  • Image-to-words extraction: Parents can photograph a spelling list and AI extracts the words automatically. Images are processed entirely on our own servers and are deleted after processing. No images are retained, stored, or used for any other purpose.

No user data is sent to third-party AI services. No external AI companies receive your spelling words, images, test results, child names, or any other information from your account. All AI processing is self-contained within our infrastructure.

AI-generated content is used exclusively for educational purposes and is never used for profiling, advertising, or any non-educational purpose.

8. Children's Privacy

WonderSpell is designed with children's privacy as a primary concern. We are committed to compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulations worldwide.

  • No child accounts: Children do not create accounts, provide email addresses, or set passwords.
  • Minimal data: The only information associated with a child is a first name and age, both provided by the parent.
  • Supervised use: Children interact with the app only through a parent-initiated "kid mode" session that is limited to the test-taking experience.
  • No direct contact: We never communicate directly with children. All communications go to the parent's email address.
  • No third-party sharing: Child profile data and educational performance data are never shared with any third party.
  • Parental control: Parents can view, edit, and delete all child profiles and associated data at any time through the app.

Children never create accounts, never provide personal information, and never interact with the app outside of parent-supervised test-taking sessions.

9. Data Retention

We retain your data only as long as your account is active and the data is necessary to provide the Service. Specifically:

  • Account data: Retained for the lifetime of your active account.
  • Child profiles and test history: Retained for the lifetime of your active account or until you delete them.
  • Audio files: Generated audio for spelling words may be shared across users (the same word pronunciation is generated once and reused) and is retained as long as the word is in active use.

Upon account deletion, all personal data associated with your account, including child profiles, test results, and educational analytics, is permanently deleted from our systems. Shared resources such as word audio files that may be used by other accounts are not deleted, as they contain no personally identifiable information.

10. Your Rights

You have the following rights regarding your personal data:

  • Access: You can view all data associated with your account through the app's settings and analytics features.
  • Correction: You can update your name and child profile information at any time through the app. Your email address is managed through your Apple ID.
  • Deletion: You can delete individual child profiles, test history, or your entire account. Account deletion permanently removes all associated data.
  • Data portability: You may request a copy of your data by contacting us at support@wonderspell.app.
  • Withdrawal of consent: You may stop using the Service and delete your account at any time.

To exercise any of these rights or if you have questions about your data, contact us at support@wonderspell.app.

11. International Compliance

While WonderSpell is operated from the United States, we are committed to meeting the spirit of international privacy regulations, including:

  • COPPA (United States): Children's Online Privacy Protection Act. We do not collect personal information from children under 13 without verifiable parental consent. Our design ensures children never directly provide personal information.
  • GDPR (European Union): General Data Protection Regulation. We collect minimal data, provide transparency about its use, offer data deletion and portability, and do not engage in profiling or automated decision-making.
  • CCPA/CPRA (California): California Consumer Privacy Act / California Privacy Rights Act. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

12. Third-Party Services

WonderSpell integrates with the following third-party services, and only these:

  • Sign in with Apple: For parent account authentication. Apple provides your name and email address (or a private relay address, if you choose) upon first sign-in. Apple's privacy policy governs their handling of your Apple ID data.
  • Apple App Store / StoreKit: For subscription management and payment processing. Apple's privacy policy governs their handling of payment data. We receive only subscription status confirmations.

We do not integrate with any advertising networks, third-party analytics platforms, social media SDKs, or external tracking services.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page.
  • Provide notice through the app or via email for significant changes.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or WonderSpell's data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.