ZORA

SOUND AND KNOW

ZORA Privacy Notice

Effective Date: May 7, 2026
Last Updated: May 7, 2026

ZORA is a brand of LIBERTY COMPLIANCE, INC., located at 6008 Lansdowne Avenue, Philadelphia, PA 19151 ("we," "us," or "our"). This Privacy Notice describes how we collect, use, and protect information when you use the ZORA application and related services. We are committed to protecting the privacy of every family — and especially every child — who uses ZORA.

1. Who This Notice Covers

This Privacy Notice applies to parents and legal guardians who create ZORA accounts and to the child profiles created within those accounts. ZORA does not permit children to create accounts independently. All account creation and data management is performed by a verified adult.

2. Information We Collect

From parents and guardians:

  • Email address (required for account creation)
  • Payment information (processed and stored exclusively by Paddle.com — LIBERTY COMPLIANCE, INC. does not store your card details at any point)
  • Parent PIN (stored as a one-way hashed value — we are technically unable to read your PIN)
  • Optional: parent name, notification preferences

From child profiles:

  • Child first name (required to personalize the Village experience)
  • Avatar configuration (skin tone, hair style selections — stored as a preference object, not linked to any biometric data)
  • Learning progress data: sounds mastered, trace accuracy, blend puzzle results, Soul Stones earned, streak count, and lesson completion timestamps
  • Voice recordings (only if the "Create Your Own Anthem" feature is activated by a parent through verified high-level parental consent — this feature is disabled by default and requires explicit activation)

Automatically collected:

  • Device type and operating system (for compatibility and performance purposes)
  • App usage timestamps (to calculate streaks and Village progress)
  • Crash reports and anonymized error logs (to improve the Service)

We do not collect: precise geolocation data, social media identifiers, behavioral advertising data, or biometric data of any kind beyond voice recordings explicitly consented to as described above.

3. Cookies and Tracking Technologies

ZORA uses functional cookies and local storage solely to maintain your authenticated session and store app preferences on your device. We do not use advertising cookies, tracking pixels, or behavioral analytics cookies.

Our third-party service providers use cookies and similar technologies as follows:

Paddle.com: Uses functional cookies to manage checkout sessions and subscription status. Paddle's cookie practices are governed by Paddle's Privacy Policy at paddle.com/legal/privacy.

Supabase: Uses functional session tokens to authenticate your account. Supabase's data practices are governed by Supabase's Privacy Policy at supabase.com/privacy.

Neither Paddle nor Supabase uses your data for advertising purposes on our behalf. We do not permit third-party advertising cookies on any ZORA page or screen.

4. How We Use This Information

We use the information we collect solely to:

  • Operate and personalize the ZORA Village experience for your child
  • Calculate and display learning progress in the Parent Portal
  • Process subscription payments through Paddle
  • Send optional push notifications you have explicitly enabled
  • Improve the pedagogical effectiveness of the app through anonymized, aggregated usage analysis that cannot be linked back to any individual child or family
  • Respond to your support and billing inquiries
  • Comply with applicable law including COPPA, CCPA, and Pennsylvania consumer protection statutes

We do not sell your information or your child's information to any third party. We do not use your child's data for advertising purposes. We do not share your data with data brokers, social media platforms, or marketing agencies. Ever.

5. Children's Privacy and COPPA Compliance

ZORA is designed for children under 13 and is operated in full compliance with the Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule.

We do not knowingly collect personal information directly from children. All data associated with a child profile is collected with the knowledge and consent of the parent or legal guardian who created the account.

Voice recordings through the "Create Your Own Anthem" feature constitute personal information and may constitute biometric data under applicable law. This feature requires verified high-level parental consent — including a credit card transaction confirmation or government-issued identification verification — before microphone access is enabled for any child profile. This feature is disabled by default and cannot be enabled by a child independently.

Parents may at any time: review all data associated with their child's profile through the Parent Portal, request correction of any inaccurate information, request complete deletion of their child's profile and all associated data, or withdraw consent for the voice recording feature. To exercise any of these rights, contact hello@zoravillage.com.

LIBERTY COMPLIANCE, INC. · 6008 Lansdowne Avenue · Philadelphia, PA 19151 is the designated COPPA operator contact for all children's privacy inquiries.

6. California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

  • The right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (not applicable — we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, contact LIBERTY COMPLIANCE, INC. at hello@zoravillage.com or 6008 Lansdowne Avenue, Philadelphia, PA 19151. We will respond to verified requests within 45 days as required by law.

7. Data Sharing

We share data with the following third parties solely to operate the Service:

Paddle.com: Our merchant of record. Handles all payment processing, tax collection, and billing. No child learning data is shared with Paddle — only the account email and subscription status necessary for billing. Paddle's privacy policy: paddle.com/legal/privacy.

Supabase: Our database and authentication infrastructure provider. Account credentials, child profiles, and learning progress data are stored in Supabase's secure, encrypted cloud infrastructure. Supabase processes this data solely on our behalf and is contractually prohibited from using it for any other purpose. Supabase's privacy policy: supabase.com/privacy.

Suno: We use Suno-generated audio tracks as pre-produced educational content within the app. No user data of any kind is transmitted to or shared with Suno.

We do not share data with advertisers, data brokers, social media platforms, analytics resellers, or any third party not listed above.

8. Data Security

We implement industry-standard security measures including encrypted data transmission via TLS, one-way hashed storage of sensitive credentials including parent PINs, row-level security policies within our Supabase database limiting data access to authenticated account holders, and internal access controls limiting employee access to user data on a need-to-know basis.

No method of data transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

9. Data Retention

We retain your account and child profile data for as long as your account is active. Upon account deletion request, we will delete your account and all personally identifiable child profile data within 30 days. Anonymized, aggregated learning analytics containing no personally identifiable information may be retained indefinitely for research, product improvement, and efficacy reporting purposes.

Child progress data — including Soul Stones, mastered sounds, and Village history — is preserved for 90 days following account deactivation or subscription cancellation, allowing families to reinstate their account without loss of progress.

10. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information and your child's information. To exercise any privacy right, contact hello@zoravillage.com. We respond to all verified privacy requests within 30 days. For COPPA-specific requests regarding your child's data, we respond within 30 days as required by the FTC's COPPA Rule.

11. Changes to This Privacy Notice

We may update this Privacy Notice as the Service evolves. We will notify you of material changes by email or prominent in-app notice at least 14 days before changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

12. Contact and Data Controller

LIBERTY COMPLIANCE, INC. is the data controller for all personal information processed through ZORA.

6008 Lansdowne Avenue · Philadelphia, PA 19151 · hello@zoravillage.com

See also: Terms of Service · Refund Policy

ZORA is a brand of LIBERTY COMPLIANCE, INC. · 6008 Lansdowne Avenue · Philadelphia, PA 19151 · hello@zoravillage.com