PROTOTYPE · Not for commercial or therapeutic use · Educational preview only

Legal

Privacy Policy

Last updated: April 30, 2026

1. Who We Are

FOKYES ("we", "us", "the Platform") is an independent cognitive training platform. We are the data fiduciary (under India's Digital Personal Data Protection Act, 2023 — "DPDP") and controller (under GDPR) for personal data you provide.

2. Data We Collect

  • Account: name, email, Google profile picture (via OAuth)
  • Age & consent: date of birth, jurisdiction, consent timestamps and IP
  • Cognitive data: session attempts, scores, accuracy, time spent, BrainMap dimensions
  • Parent/child links: if you're a parent, your child's account reference
  • Screen-time logs: voluntarily logged by parents for correlation analysis
  • Technical: cookies (session token), IP for consent audit trail

3. Children's Privacy (Under 18)

We treat any user under 18 as a child and require verifiable parental consentbefore processing any personal data. This satisfies:

  • DPDP Act 2023 (India) — Section 9 parental consent for under-18s
  • COPPA (USA) — parental consent for under-13s
  • GDPR-K (EU) — parental consent for under-16s

Parents can at any time: review their child's data, request deletion, or revoke consent via the Parent Dashboard or by emailing privacy@storytellercharles.com. We do not show behavioural or targeted ads to children.

4. How We Use Your Data

  • Deliver cognitive training sessions and calculate your BrainMap Score
  • Adapt difficulty using AI (OpenAI API — data sent is session performance only, not identity)
  • Enable parent monitoring (only for linked parents with consent)
  • Send transactional email (welcome, parent consent, weekly digest if opted in)
  • Improve platform and aggregate (de-identified) peer benchmarks

5. Your Rights

Under DPDP, COPPA, and GDPR, you (or a parent on a child's behalf) may:

  • Access — export all your data (Settings → Export)
  • Correct — edit profile from Settings
  • Delete — erase account and all linked data (Settings → Delete Account)
  • Withdraw consent — contact us anytime
  • Lodge a complaint — with your national data protection authority

6. Retention

We retain your data while your account is active. On deletion, personal data is removed within 30 days. Consent audit logs (IP + timestamp) are retained for 7 years for legal defense as permitted under DPDP Rule 5.

7. Security

Data is encrypted in transit (TLS). Access is restricted and session tokens expire in 7 days.

8. Third Parties

  • Google (OAuth sign-in) — their policy
  • OpenAI (anonymised session data for adaptive AI)
  • MongoDB (managed database hosting)

9. Contact

Grievance Officer, FOKYES — privacy@storytellercharles.com

See also: Terms of Service

We use essential cookies (session token) to keep you signed in. No ads, no tracking. See our Privacy Policy.