Effective date: May 21, 2026
Stand Kids, Inc. ("Stand," "we," "us," "our") operates the website standkids.com and the web application at app.standkids.com (together, the "Service"). This policy explains what data we collect, how we use it, and how we protect it — especially when it comes to children.
Stand is designed for children to learn entrepreneurship with parent supervision, primarily ages 8 to 16. We comply with the Children's Online Privacy Protection Act ("COPPA") and do not collect personal information from children without verified parental consent.
Children may use Stand only with the permission and supervision of a parent or legal guardian. Before a child creates a profile or uses child-facing Stand features, we ask the parent to provide consent.
By creating a child profile, purchasing a Stand membership for your child, approving your child's participation, or allowing your child to use Stand, you consent to Stand collecting, using, and disclosing your child's information as described in this notice.
We may collect from parents or legal guardians:
We collect limited information from children to provide the Stand experience.
Before parental consent: Everything a child creates in Stand is stored only on their device (browser localStorage). We do not send any child data to our servers until a parent or guardian provides consent and completes a purchase. A child can use the full onboarding experience — naming a business, designing a brand, setting prices — without us ever seeing their data.
After parental consent, we may collect:
Stand is designed to avoid collecting unnecessary sensitive information from children. Children should not provide:
Parents should help children avoid entering this information into Stand tools, storefronts, messages, AI features, or uploaded content. Stand's content moderation automatically filters obviously identifying text from kid-entered fields where it can.
| Data | Purpose |
|---|---|
| Child's first name & age | Personalize the experience (age-appropriate content, greetings) |
| Business details | Power the platform: generate logos, lessons, tasks, and coaching tailored to the kid's business |
| Parent name & email | Consent verification, order confirmation, account communication |
| Phone number | Account access; SMS marketing only if explicitly opted in |
| Shipping address | Deliver physical starter kits and products |
| IP address | COPPA consent audit trail only |
We do not sell, rent, or share personal information with advertisers. We do not use data for behavioral advertising or ad targeting.
Stand allows families to publish a public storefront page at standkids.com/store/[slug]. When a storefront is published:
Stand may remove public-facing content that we believe is unsafe, inappropriate, infringing, misleading, or otherwise not allowed.
We do not sell children's personal information. We share limited information with service providers that help us operate Stand. Each provider is listed below with what we share and a link to their privacy policy.
We send your child's business details (name, category, tagline, mission, creative preferences) to Anthropic's Claude API to generate text content like taglines, mission statements, pitch materials, and lesson content. We do not send the child's name, age, or any parent data to Claude. Anthropic does not use API inputs for model training. See Anthropic's Privacy Policy.
We send business concept details (name, colors, style preferences) to Recraft's API to generate logos and brand images. No personal information about the child or parent is included. See Recraft's Privacy Policy.
When Recraft is unavailable, we may fall back to Google Gemini for image generation with the same business-concept details. See Google's Privacy Policy.
Stand offers optional voice-based lessons powered by ElevenLabs. No personal data is sent to ElevenLabs — only a secure session token is generated server-side. See ElevenLabs' Privacy Policy.
Parent payment information (credit card, billing and shipping address) is collected and processed entirely by Stripe. We never see or store your full card number. See Stripe's Privacy Policy.
For families who choose to publish their child's storefront and accept real orders, the parent creates a Stripe Connected Account (Express). Stripe collects identity verification information (name, date of birth, last four of SSN, bank account) directly from the parent. Stand never sees or stores this information. See Stripe's Connected Account Agreement.
We use Resend to send transactional emails (parent join links, order confirmations). Parent email addresses are shared with Resend for delivery purposes only. See Resend's Privacy Policy.
We use Klaviyo to send marketing emails and, where you have opted in, marketing text messages. Klaviyo receives the email address and (if you opt in) phone number you provide at signup, along with engagement data (opens, clicks). We do not share child data with Klaviyo. See Klaviyo's Privacy Policy.
When a customer places an order through a kid's storefront, we share the shipping name, address, and product details with our print-on-demand fulfillment provider so they can print and ship the order. Today this is Printful (apparel, stickers) or Printify (jewelry: pendant, bracelet). No child personal information is included in fulfillment requests beyond the kid's chosen business name and product design.
Our database is hosted on Supabase. All data described in this policy is stored in Supabase's infrastructure. See Supabase's Privacy Policy.
Our website and application are hosted on Vercel. See Vercel's Privacy Policy.
We use PostHog for product analytics to understand in aggregate how families use Stand so we can improve it. PostHog receives session identifiers and feature usage events; we do not send a child's name, age, or other personal information to PostHog. See PostHog's Privacy Policy.
We may also disclose information if required by law, to protect the safety of children or users, to prevent fraud or misuse, to enforce our terms, or in connection with a business transaction such as a merger, acquisition, financing, or sale of assets.
Stand does not use cookies or similar technologies to deliver third-party advertising to children, build behavioral profiles of children for advertisers, or track children across other sites or apps for advertising purposes.
If you check the SMS opt-in box at signup, Stand may send you recurring automated marketing text messages — for example: launch announcements, kit availability, your child's storefront milestones, and occasional promotional offers. You will receive no more than 6 messages per month.
Stand does not send marketing text messages to anyone under 18. Phone numbers are only collected from parents and guardians.
Stand uses AI-powered tools to help children and parents brainstorm business ideas, names, branding, copy, products, and learning activities.
When a kid signs in to Stand at standkids.com/sign-in, we use a small, secure HTTP cookie to remember that the device has been verified by a parent. This cookie:
This use of a persistent identifier is permitted under COPPA's "support for the internal operations" exception (16 CFR §312.5(c)(7)), which allows persistent identifiers without separate verifiable parental consent when used to authenticate the user and maintain the integrity of the service.
The kid's 4-digit PIN is stored as a salted HMAC-SHA-256 hash with a server-side pepper — we cannot read the PIN. After 5 incorrect tries the profile is locked for 15 minutes, and a parent's involvement (via a fresh email code) is required to reset it.
Stand is designed for children ages 8 to 16. Under COPPA, we are required to obtain verifiable parental consent before collecting personal information from children under 13. Here's how we do it:
Parents and guardians have the right to:
To make a request, email hello@standkids.com. We may need to verify your identity and relationship to the child before completing a request. If you withdraw consent or request deletion, your child may no longer be able to use some or all Stand features.
If you or your child is a California resident, you may have specific rights under California privacy law (CCPA / CPRA), including the right to know, access, correct, delete, and limit certain uses of personal information.
To exercise California privacy rights, email hello@standkids.com. We may need to verify your identity and relationship to the child before completing a request.
We retain child and parent data for as long as the subscription is active. After a subscription ends:
Parents can request deletion of their child's data at any time by emailing hello@standkids.com. Upon receiving a verified request, we will:
Data stored only in the child's browser (localStorage) is not on our servers and can be cleared by the user at any time.
We protect your data with:
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. No system is 100% secure. If we discover a breach that affects personal information, we will notify affected parents by email within 72 hours.
Parents should help children use Stand safely, keep login information private, and avoid sharing personal information.
Stand may include links or integrations with third-party services. We are not responsible for the privacy practices of third-party services that we do not control. Parents should review third-party terms and privacy policies where applicable.
Stand may update this Privacy Policy from time to time. If we make material changes — especially to how we handle children's data — we will notify parents by email and post the updated policy here with a new effective date.
Questions or requests about privacy may be sent to:
Stand Kids, Inc.
1875 Century Park East, 12th Floor
Los Angeles, CA 90067
Email: hello@standkids.com