Effective Date: March 27, 2026 | Last Updated: March 27, 2026
Overview
This Data Retention Policy describes what personal information Finley collects, how long we keep it, and how it is deleted. This policy applies to all users of Finley Reading Quest (finleyreads.com) and is part of our commitment to COPPA compliance.
Operator: Finley is operated by Lorenzo Harris. Contact: hello@finleyreads.com
What We Collect
COPPA| Data Type | Who | How Collected |
|---|---|---|
| Child's first name | Child | Entered by parent during onboarding |
| Child's age | Child | Entered by parent during onboarding |
| Reading activity data (accuracy, timing, level, words practiced) | Child | Recorded automatically during reading sessions |
| Device identifiers (localStorage IDs, Supabase UUIDs) | Child | Generated automatically to maintain session continuity |
| Parent's email address | Parent | Voluntarily provided for progress reports or account creation |
| Payment information | Parent | Processed by Stripe -- not stored by Finley |
How Long We Keep It
| Data Type | Retention Period | Notes |
|---|---|---|
| Child profile data (name, age, reading activity) | Duration of active account | Deleted within 30 days of account deletion request |
| Device identifiers | Duration of active account | Deleted within 30 days of account deletion request |
| Parent email address | Duration of active account | Deleted within 30 days of account deletion request |
| Payment records | Retained by Stripe per their retention policy | Finley does not store payment data directly |
| Anonymous aggregate analytics | Indefinitely | No personal information -- used for product improvement only |
We do not retain personal information longer than reasonably necessary to fulfill the purposes for which it was collected, as required by COPPA.
Deletion Process
Parents can delete their child's data at any time through the following methods:
- In-app: Settings → Delete Child Data -- removes all data from the device immediately and queues server deletion
- By email: Send a deletion request to hello@finleyreads.com with subject "Privacy Request -- Delete Data"
Upon deletion, all child profiles, reading history, mastery data, and session logs are permanently removed from both local storage and our servers within 30 days.
Deletion is irreversible. Deleted data cannot be recovered.
Legal Basis
COPPAThis policy complies with the Children's Online Privacy Protection Act (COPPA) and the FTC's updated COPPA Rule (16 C.F.R. Part 312), effective April 22, 2026.
COPPA requires operators of child-directed services to:
- Retain children's personal information only as long as reasonably necessary
- Delete personal information after it is no longer needed
- Implement reasonable security measures to protect children's data
- Disclose data retention practices in their privacy policy
Finley is committed to full compliance with these requirements.
Contact
For questions about this policy or to submit a data deletion request:
Operator
Lorenzo Harris
hello@finleyreads.com
Subject
"Privacy Request"
Response Time
Within 30 days
See our full Privacy Policy for complete details on data collection and your parental rights.