The Children’s Online Privacy Protection Act (COPPA) is a US law that controls how online services treat personal information from kids under 13. Tell and Show is built for households where the parent is the account owner; we comply with COPPA by design rather than by retrofit.
We do not collect personal information directly from a kid before a parent has made an account, paid, and explicitly created the kid’s profile. Kids do not have email addresses on our system, do not use third-party social logins, and never reach the studio as an unsupervised first-time user.
After parent setup, the personal information we do collect from a kid is the content they create in the studio: project files, wizard drafts, AI-decision history, badges, and XP. We do not run advertising on kid profiles, we do not build behavioral profiles, and we do not share any of it with third parties for purposes other than running the studio.
As the parent, you have the right to review every piece of data we hold on your kid, ask us to delete it, ask us to stop further collection, and revoke your consent altogether. You can do all of this from your dashboard or by emailing hello@tellandshow.ai from the address on your account.
If you have any COPPA-specific question or concern, the contact below goes straight to a real human. Full legal text follows in nine sections.
1. Scope and definitions.
This page describes how Tell and Show complies with the United States Children’s Online Privacy Protection Act of 1998 ("COPPA") as amended, and 16 CFR Part 312 ("the Rule"). It applies to all use of Tell and Show by households where a profile is associated with a kid under thirteen years old.
In this page:
- "We," "us," "our," "Tell and Show" means Tell and Show, the operating entity providing the service at
tellandshow.aiand related Tell and Show subdomains. - "Parent" means the verified account holder — either a legal parent or guardian — who created the household account and is responsible for any kid profiles within it.
- "Kid," "child" means an individual under the age of thirteen whose profile lives within a parent’s household account.
- "Personal information" has the meaning given in 16 CFR § 312.2.
2. Verifiable parental consent.
We obtain verifiable parental consent before collecting any personal information from a kid under thirteen. Our consent process uses a combination of methods permitted under 16 CFR § 312.5(b), specifically:
- Payment-based verification. The parent provides a payment instrument (credit card or equivalent) to a verified payment processor (Stripe) and a non-zero transaction is processed to confirm that the consenter is an adult.
- Email confirmation. The parent confirms their email address by clicking a one-time link sent to that address.
- Continued account control. Subsequent parent-only actions (creating a kid profile, approving a publish) are gated behind the same authenticated parent session.
A kid does not have a separate sign-in to our service. There is no kid email, no kid OAuth, no kid SMS, and no kid-readable consent flow. The first time a kid interacts with our service, they are inside a profile that the parent created on a household the parent paid for.
If you believe a kid has accessed the service without your verifiable consent, contact us at hello@tellandshow.ai and we will delete any associated information promptly.
3. Information we collect from children.
After parental consent is obtained, the following categories of personal information are collected during a kid’s use of the studio. We collect only what is necessary to operate the product.
- Profile data: the name the parent or kid chose for the profile (recommended first name only), age band, profile color or avatar, and the salted-and-hashed kid PIN (the plaintext PIN never leaves the kid’s device).
- Project content: the files, drafts, wizard inputs, AI proposals, and keep / revise / undo decisions the kid creates while using the studio.
- Progression data: XP, level, badges, completed quests, and feature unlock state.
- Approval and publishing records: when a kid requested a publish, what was approved, what is currently live, and at which public URL.
- Operational data: session timestamps and device-class signals required to enforce time caps and reliability monitoring.
- Safety log entries: when one of the nine safety filters triggered, including the category, direction, rating in effect, timestamp, and a redacted excerpt of the offending content (plaintext is never stored — only a SHA-256 hash).
- AI add-on data, only if enrolled: the prompt content sent to the configured AI provider, the response received, and token-usage metrics. AI providers are contractually prevented from training on this data.
We do not collect from a kid:
- Email address, phone number, home address, or precise geolocation.
- Photographs of the kid’s face or voice recordings of the kid.
- Social-network identifiers or any third-party login credentials.
- Any persistent identifier whose primary purpose is online behavioral advertising.
4. How we use that information.
We use the personal information collected from a kid only to:
- Operate the studio and persist the kid’s creative work across sessions and devices.
- Enable parent approval and publishing flows.
- Surface the safety log to the parent and send safety-alert emails.
- Enforce the parent-configured time and content limits.
- Provide customer support requested by the parent.
- Detect and prevent fraud or abuse of the service.
- Comply with applicable law.
We do not use a kid’s personal information for behavioral advertising, targeted marketing, or to build a marketing profile for any purpose.
5. Disclosure and third parties.
We disclose a kid’s personal information only as follows:
- Service providers acting on our behalf. The vendors named in our privacy posture process data only as necessary to provide their function (payments, hosting, email delivery, AI-add-on inference, scheduling). They are contractually bound to confidentiality and data-minimization terms consistent with COPPA.
- Public publishing, only with parent approval. When a parent approves a publish, the relevant project files are copied to a public Tell and Show subdomain. The kid’s name is not displayed on the public site unless the kid or parent chose to include it inside the project content.
- Legal compliance. We may disclose information when compelled by law, in response to a valid legal process, or to protect the rights, safety, or property of Tell and Show, our users, or the public.
We do not sell, license, or rent personal information collected from a kid to any third party for any purpose.
6. Parental rights.
As the parent of a kid whose profile lives on Tell and Show, you have the following rights under COPPA. To exercise any of them, email hello@tellandshow.ai from the address on your account or use the corresponding tool in your dashboard.
- Review. You can review the personal information we have collected about your kid. Most of it is visible directly in your dashboard; on request, we will compile and send a complete copy within seven business days.
- Refuse further collection. You can ask us to stop collecting additional personal information from your kid. Doing so will materially reduce or end the kid’s ability to use the studio.
- Delete. You can ask us to delete the personal information we have collected about your kid. We will complete deletion within seven business days, subject to limited retention for legal and tax obligations on the parent account’s billing records.
- Revoke consent. You can revoke your previously-given consent at any time. This is equivalent to deleting the kid profile and is honored within seven business days.
We do not condition a kid’s participation in the studio on the disclosure of more personal information than is reasonably necessary for the activity.
7. Retention and deletion.
We retain a kid’s personal information only as long as is reasonably necessary to fulfill the purpose for which it was collected, and we delete it on parental request as described in section 6.
- Active profiles: retained while the household account is active and the parent has not revoked consent.
- Deleted profiles: erased from primary storage within seven business days of the deletion request. Backups containing the data are subject to a 30-day cycle and are then overwritten in the normal course.
- Safety log: each kid’s safety log retains up to 50 events at any time. Older events are aged out automatically.
- Public URLs: a published URL is taken down within minutes of the parent unpublishing it from the dashboard, or on receipt of an emailed takedown request.
- Billing records: parent-account purchase records are retained as required by US tax and accounting law (typically seven years). Those records are isolated from operational systems.
8. Notice of material changes.
If we make a material change to how we collect, use, or disclose personal information from kids, we will notify the parent on every affected household account by email and re-obtain verifiable parental consent before applying the change to any kid profile under thirteen.
Non-material changes (typographical fixes, additions of new vendor disclosures consistent with the existing posture, clarifications) may be made without notification. Every change to this page updates the "last updated" date at the bottom.
9. How to contact us.
For COPPA-specific questions, complaints, deletion requests, or to revoke consent:
- Email: hello@tellandshow.ai — a real person reads every COPPA email and we respond within one business day on weekdays.
- Subject line tag: prepend
[COPPA]to your subject line to make sure your message is routed to our compliance handler. - Mailing address: provided on request — the operating entity’s registered address is available in our terms of service.
Last updated 2026-05-15. Material changes are dated and announced via email to active accounts.