This Privacy Policy explains how Thrive Digital Wellbeing Pty Ltd (“Thrive”, “we”, “us”, “our”) collects, uses, discloses, and protects information when you use the Thrive mobile app, website, and related services (together, the “Service”).
We build Thrive for families. We minimise data collection, do not use child personal data for marketing, and use anonymised/aggregated analytics to improve the Service and measure marketing effectiveness.
Controller: Thrive Digital Wellbeing Pty Ltd
Address:
805/220 Collins St
Melbourne, VIC 3000
Australia
Support: [email protected]
Privacy: [email protected]
EU/UK privacy contact (not an EU/EEA Article 27 representative):
Matthew Wood ([email protected]), Victoria, Australia
If we are required to appoint an EU/EEA and/or UK representative under GDPR/UK GDPR, we will appoint one and update this Policy accordingly.
– Data minimisation: we only collect and store what is necessary to provide and secure the Service.
– No child data for marketing: we do not use child personal data for marketing or targeted advertising.
– Anonymised/aggregated analytics: we use anonymised, de‑identified, and/or aggregated data for analytics and marketing measurement where possible.
– No sale of personal information: we do not sell personal information.
We collect information depending on how you use the Service:
A) Parent/Guardian account information
– Email address
– Account settings and preferences
– Subscription status (confirmation from Apple; we do not receive full payment card details)
B) Child profile information (minimum necessary)
– Child profile label or nickname (we encourage nicknames rather than real names)
– Device linking/configuration data necessary to provide core features
C) Activity and reward information (core functionality)
– Activities you create (e.g., “homework”, “draw”, “chores”)
– Activity completions, reward approvals, timestamps
– Reward rules and parameters you set (e.g., exchange rates)
D) Device and technical information (security and reliability)
– Device type, operating system version, app version, language
– Diagnostics, crash reports, and performance data
– Approximate region (derived from device settings or IP address for web access). We do not intentionally collect precise location.
E) Customer support information
– Information you provide when you contact us (messages and any attachments you choose to send)
F) Website data (if you use thrive.kids)
– Usage data (pages viewed, clicks, referrers)
– Cookies or similar technologies (see “Cookies & Website Analytics”)
We use information to:
– Provide the Service (connect devices, manage activities, grant rewards)
– Maintain security, prevent fraud/abuse, and troubleshoot issues
– Provide customer support
– Improve the Service using anonymised/de‑identified/aggregated analytics
– Measure marketing effectiveness using anonymised/de‑identified/aggregated data (for example, aggregated campaign performance and conversions)
We do not use child personal data for marketing or targeted advertising.
If you are in the EEA/UK, we process personal data under these legal bases:
– Contract: to provide the Service you request
– Legitimate interests: to secure, maintain, and improve the Service (balanced against your rights)
– Consent: where required (for example, non‑essential cookies on our website)
– Legal obligation: to comply with law and lawful requests
We share information only as needed to run and protect the Service:
– Service providers (processors) for hosting, security, analytics (in anonymised/de‑identified/aggregated form where possible), crash reporting, and customer support tools
– Platform providers (e.g., Apple) for purchases, subscription status, and device/platform functionality
– Legal and safety: if required by law, court order, or to protect users, rights, or safety
– Business transfers: if we are involved in a merger, acquisition, or asset sale (we will provide notice where required)
We do not sell personal information.
We use analytics to understand how the Service is used and to measure marketing performance.
– We aim to use anonymised, de‑identified, and/or aggregated data for analytics and marketing measurement.
– We do not use child personal data for marketing or behavioural advertising.
– We do not allow analytics providers to use child personal data for their own marketing purposes.
If we ever introduce practices that constitute “sale” or “sharing” under California law (for example, sharing for cross‑context behavioural advertising), we will:
– update this Policy; and
– provide required opt‑out controls (including recognising valid opt‑out signals where applicable).
Thrive is intended for use by parents/guardians.
– We collect the minimum child-related data necessary to provide the Service.
– We do not use child personal data for marketing.
– Parents/guardians can request access to, correction of, or deletion of child-related data (see “Your Rights”).
If you believe we have collected a child’s personal data inappropriately, contact [email protected].
Some parts of the Service may provide AI-powered suggestions or help content.
– AI can be incorrect, incomplete, or inappropriate.
– AI suggestions are not professional advice.
– Parents/guardians remain responsible for decisions involving children.
If you use our website, we may use cookies or similar technologies for:
– essential site functionality
– security
– anonymised/de‑identified/aggregated analytics
Where required by law, we request consent for non‑essential cookies and provide controls.
We are based in Australia and may store or process information in Australia and other countries where our service providers operate.
If you are in the EEA/UK and your personal data is transferred internationally, we use appropriate safeguards where required (such as Standard Contractual Clauses).
We keep personal data only as long as necessary to:
– provide and secure the Service
– comply with legal obligations
– resolve disputes and enforce agreements
When data is no longer needed, we delete it or anonymise it.
We use reasonable administrative, technical, and physical safeguards designed to protect personal data (including encryption in transit and access controls). No method is 100% secure, but we work to protect your information.
A) EEA/UK (GDPR/UK GDPR) RIGHTS
Depending on your location and circumstances, you may have the right to:
– Access your personal data
– Correct inaccurate data
– Delete data (“right to be forgotten”)
– Restrict or object to processing
– Data portability
– Withdraw consent (where we rely on consent)
– Lodge a complaint with your local data protection authority
We respond without undue delay and, in most cases, within one month. In complex cases, we may extend by up to two additional months, with notice as required.
B) CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
If you are a California resident, you may have the right to:
– Know what personal information we collect, use, and disclose
– Access a copy of your personal information
– Delete personal information (subject to exceptions)
– Correct inaccurate personal information
– Opt out of the sale or sharing of personal information (if applicable)
– Limit the use/disclosure of sensitive personal information (if applicable)
– Not be discriminated against for exercising your rights
We do not sell personal information and we do not share it for cross‑context behavioural advertising.
C) HOW TO EXERCISE YOUR RIGHTS
Email: [email protected]
Suggested subject line: “Privacy Request”
To protect you, we may need to verify your identity before fulfilling certain requests.
Parents/guardians may submit requests regarding their child’s data.
California authorized agents may submit requests on a consumer’s behalf, subject to verification.
If you are a California resident, we collect the categories of personal information described in Section 3 above for the purposes described in Section 4.
We do not sell personal information and do not share personal information for cross‑context behavioural advertising.
We do not use or disclose sensitive personal information beyond what is necessary to provide the Service, secure it, and comply with law.
We may update this Policy from time to time. If changes are material, we will provide notice within the Service or by other reasonable means. The “Effective date” will be updated.
Privacy questions or requests: [email protected]
Support: [email protected]
Mail:
Thrive Digital Wellbeing Pty Ltd
805/220 Collins St
Melbourne, VIC 3000
Australia
