KidzLight – Privacy Policy

“Let your light so shine…” — Matthew 5:16 (NKJV)

Last updated: April 2026

KidzLight is operated by Manifest Works LLC ("we," "us," or "our"), a faith-based organization based in New York State. We are committed to protecting the privacy of all users, with special care given to children and families. This Privacy Policy explains how we collect, use, store, and protect your information, and describes your rights under applicable federal and New York State law.

This policy applies to all users of the KidzLight platform, including parents, guardians, church administrators, and ministry volunteers. By using KidzLight, you agree to the practices described in this policy.

Children's Privacy (COPPA Compliance)

KidzLight is designed for children ages 3–12 and their families. We comply with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC's COPPA Rule, 16 C.F.R. Part 312.

• We do not knowingly collect personal information directly from children under 13 without verifiable parental consent.
• Accounts are created and managed by parents, guardians, or authorized church administrators — not by children themselves.
• We do not require children to disclose more personal information than is reasonably necessary to use the platform.
• We do not use children's information for advertising, profiling, or behavioral tracking of any kind.
• Parents and guardians may review, correct, or request deletion of their child's information at any time by contacting us at [email protected].
• If we discover we have inadvertently collected personal information from a child under 13 without parental consent, we will promptly delete it.

New York Child Data Protection

In addition to COPPA, we comply with New York State's child data protection principles and the NY Child Data Protection Act. Consistent with these standards:

• We collect only the minimum data necessary to operate the platform (data minimization).
• We do not sell, share, or disclose children's data to third parties for commercial or advertising purposes.
• We do not use children's activity data to build behavioral profiles.
• All third-party service providers who handle data are bound by contractual data protection obligations.

Information We Collect

Account Information
When you create an account, we may collect your name, email address, and profile image through our authentication provider. This information is used solely to manage your account and provide access to the platform.

Subscription and Payment Information
If you subscribe to a paid plan, payment processing is handled securely by Stripe, Inc. We do not store credit card numbers or full payment details on our servers. We retain your subscription status, billing tier, and Stripe customer ID solely for account management and renewal purposes.

Organization Information
If you create or join a church or organization account, we collect the organization name, member email addresses, and member roles. This information is used exclusively to manage group access and shared subscriptions.

Usage Information
We may collect general, non-identifying usage data such as features accessed and session duration to improve the platform. We do not track individual children's activity for advertising or profiling purposes and we do not use third-party behavioral analytics.

Communications
If you contact us by email, we retain that correspondence to respond to your inquiry and improve our service.

How We Use Your Information

• To provide, maintain, and improve the KidzLight platform
• To manage your account, subscription, and billing
• To manage church and organization group access
• To respond to your questions or support requests
• To send important service-related communications (e.g., billing notices, policy updates)
• To comply with legal obligations under applicable federal and New York State law

We do not use your information for targeted advertising, behavioral marketing, or sale to third parties.

We Do Not Sell Your Data

We will never sell, rent, trade, or lease your personal information or your children's information to any third party. We do not monetize user data in any form. Your information is used solely to operate this ministry platform.

Third-Party Service Providers

We may use trusted third-party service providers to operate and improve our platform, including:

• Hosting and infrastructure providers to store and deliver our application
• Payment processors to securely handle transactions
• Analytics and performance tools to improve user experience
• AI-powered tools and services to support content delivery and platform functionality

These providers may process limited user data solely to perform services on our behalf and are required to maintain appropriate security and confidentiality measures.

We may also disclose information if required by law, court order, or to protect the rights, property, or safety of our users, the public, or Manifest Works LLC.

Data Security — NY SHIELD Act Compliance

Pursuant to the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), N.Y. Gen. Bus. Law § 899-bb, we maintain a comprehensive data security program that includes:

• Technical safeguards: Encrypted connections (HTTPS/TLS), secure session management, password hashing, and secure database storage. Regular review of our information systems for vulnerabilities.
• Administrative safeguards: Limiting data access to authorized personnel only; training on data security best practices; contractual data protection requirements for all service providers.
• Physical safeguards: Hosting infrastructure is maintained in secure data centers by our hosting provider with industry-standard physical access controls.

While no system can guarantee absolute security, we are committed to maintaining reasonable safeguards proportionate to the sensitivity of the information we hold.

Data Breach Notification — NY GBL § 899-aa

In the event of a security breach involving your personal information, we will notify affected New York residents as required by New York General Business Law § 899-aa in the most expedient time possible and without unreasonable delay. Notification will be provided by email to the address on your account or, where email notification is not practicable, by substitute notice as permitted by law. We will also notify the New York Attorney General's office as required. Where applicable, we will notify other state regulators and law enforcement in accordance with their respective state requirements.

Data Retention

We retain your personal information for as long as your account is active or as necessary to provide our services. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain certain records by law (e.g., financial records for tax compliance purposes). Subscription and billing records are retained for up to seven (7) years as required by law.

Cookies and Sessions

We use essential session cookies solely to manage your login session and keep you securely signed in. We do not use tracking cookies, advertising cookies, or third-party behavioral analytics. These session cookies are necessary for the platform to function and are automatically deleted when your session ends or you sign out.

Your Rights

As a user of KidzLight — and particularly as a New York State resident — you have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and associated personal data, subject to legal retention requirements.
• Portability: Request your data in a commonly used, machine-readable format.
• Objection / Withdrawal of Consent: Withdraw consent for data processing where processing is based on consent.
• Non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to verifiable requests within 30 days.

Parental Controls and Rights

Parents and guardians maintain full control over their children's use of KidzLight. At any time, you may: (1) review the information we hold about your child's account; (2) request correction or deletion of that information; (3) revoke your consent and close your child's access to the platform; and (4) refuse to permit further collection or use of your child's information. To exercise these rights, contact us at [email protected]. We encourage parents to participate actively in their children's online learning experience.

Governing Law

This Privacy Policy is governed by the laws of the State of New York, including but not limited to the NY SHIELD Act (N.Y. Gen. Bus. Law § 899-bb), NY GBL § 899-aa, and applicable federal privacy laws including COPPA. Any disputes regarding this policy shall be subject to the exclusive jurisdiction of the state and federal courts located in New York State.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date and, where required by law, by providing direct notice to registered users via email at least 30 days before the changes take effect. Your continued use of the platform after the effective date of changes constitutes your acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about your child's privacy, please contact us: