Stamplo

Privacy Policy

Last updated: August 2025

Data Controller

Stamplo Limited (Company No. 16555069)
ICO Registration No.: ZB927463
Contact: support@stamplo.kids

1. Information We Collect

We collect the following types of information:

  • Account Information: When a parent registers, we collect basic information such as name, email address, and the child's first name.
  • Pen Pal Information: When children add a pen pal, we collect and store the invite code and pen pal details (e.g., name, country).
  • Communication Data: We store the content of letters sent between pen pals, including any media (like photos) attached to the letters. All letters are stored encrypted; status fields (e.g., flaggedByChild) are recorded to track child reporting.
  • Preferences and Flags: Parent settings for features such as Friend Finder, image permissions, and AI mascot access, as well as any flag/reason reason provided when a child reports a letter.

2. How We Use Your Information

  • To Provide Our Service: Facilitating pen pal connections and letter exchanges.
  • Child Reporting: Enabling children to flag letters that worry them; updating letter status and notifying parents via email with a secure review link.
  • Escalation: If a parent escalates a flagged letter, we temporarily decrypt its content for our support team and send an email notification to support@stamplo.kids.
  • Parent Supervision: Ensuring all letters are reviewed by parents before final delivery.
  • Improvements: Using aggregated, anonymized data to improve Stamplo's services and user experience.

3. Legal Basis for Data Processing

Under GDPR, we process personal data based on:

  • Consent (e.g., account creation, communication, sponsored participation)
  • Contractual Necessity (providing Stamplo's services)
  • Legal Obligation (compliance with laws and regulations)

4. How We Protect Your Data

  • Encryption: All personal information is encrypted during transmission and at rest.
  • Access Control: Only authorized parents can manage their children's accounts, with double parental approval required for letter exchanges.
  • Data Minimization: We collect only the minimum information necessary to operate Stamplo.

5. Sharing Your Information

We do not sell, rent, or share your personal information except:

  • Parents: We share decrypted letter content only with the parent(s) who own that child account when a letter is flagged or being reviewed.
  • Support Team: When a letter is escalated, we share temporary decrypted access with our internal support atsupport@stamplo.kids under strict confidentiality.
  • Legal Requirements: If required by law.
  • Service Providers: With trusted providers under strict confidentiality agreements, only when necessary to operate Stamplo.

6. Data Retention

We retain personal information only as long as needed to fulfill our service obligations or comply with legal requirements.

  • When an account is deleted, all associated parent and child data is permanently deleted immediately.
  • Letters and attached media are retained for up to 12 months after they are fully delivered or resolved. Flagged or escalated letters follow the same retention policy.

7. Your Rights Under GDPR

As a user, you have the right to:

  • Access: Download your personal and family data via your account settings.
  • Rectification: Correct inaccuracies in your data.
  • Erasure: Delete your account and all related data (“Right to be Forgotten”).
  • Restriction of Processing: Request limits on data use.
  • Data Portability: Obtain your data in a machine-readable format.
  • Object: Object to certain types of processing, including marketing communications.

8. How to Exercise Your Rights

To exercise any rights, please contact us at support@stamplo.kids. We will respond within 30 days and may request verification of identity to protect your privacy.

9. Parent Control and Child Safety

Parents have full control over their child's account settings, including:

  • Managing Friend Finder visibility
  • Enabling or disabling image sending and receiving
  • Controlling access to AI mascot (Twitch) chat features
  • Approving or rejecting every pen pal letter

AI Mascot (Twitch) Interactions
Twitch is a pretend character operated by Stamplo - not a real person.
Every message to and from Twitch must be read and approved by the caregiver before the child sees it.
No personal data is shared with the AI provider, and all interactions remain fully sandboxed.

Stamplo staff do not access child messages, including those sent to the mascot character Twitch. Only parents can enable, view, and approve these messages and replies.

10. Cookies and Tracking Technologies

Stamplo uses only essential cookies required for secure login and basic functionality. We do not use analytics, third-party trackers, or personalized advertising cookies. Fonts are hosted locally to protect your privacy, and no external resources are loaded from tracking domains.

We are committed to data minimisation and comply fully with the ICO Children's Code.

11. Data Transfers

We may transfer personal data outside the EEA only when adequate safeguards (such as EU Standard Contractual Clauses) are in place to protect your information.

12. Automated Decision-Making

Stamplo does not use automated decision-making or profiling that affects users' legal rights or significant matters. All approvals and key decisions involve human review.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any updates here. Continued use of Stamplo after updates indicates your acceptance of the new terms.

14. Contact Us

Data Controller: Stamplo is developed and maintained by “Stamplo Limited” (Co. No. 16555069).

If you have any questions about this Privacy Policy, please contact us at:

support@stamplo.kids