Built for Children, Backed by Safety
Stamplo is designed to align with the ICO Children's Code and UK GDPR, while respecting the spirit of COPPA. Every child is protected through a parent-supervised system. Every parent stays in control.
How does Stamplo keep children safe?
Stamplo keeps children safe by verifying the identity of every parent before letters can be exchanged, encrypting every letter and image at rest, and requiring approval from both families before anything is delivered. There are no ads, no tracking and no open chat, because the whole platform is built around supervised letter writing.
What security measures does Stamplo use?
Stamplo is built with a zero-trust mindset and secure-by-default architecture:
- Parent identity verification is required before children can exchange letters, ensuring only real, accountable adults can approve communication.
- Strong encryption at rest for letters and uploaded images
- Strict session and cookie policies (
HttpOnly,Secure,SameSite=Lax) - Full CSRF protection using server-backed session tokens (not exposed to JavaScript).
- No ads. No tracking. No third-party scripts for advertising or behavioural analytics.
- No behavioral profiling or engagement-based personalisation.
- Private, access-logged backend with audit-ready logs.
- All letter content is rendered as plain text, links are not clickable and cannot redirect users.
- Letter and pen pal approvals require both parents (Four-Eyes Check)
While no system can promise perfection, Stamplo is designed to protect children like your own — because that's exactly who it was built for.
How does Stamplo meet the ICO Children's Code?
The ICO Children's Code contains 15 principles. We've built Stamplo to honour all of them — thoughtfully, thoroughly, and transparently.
1. Best Interests of the Child
The child’s best interests must be a primary consideration when designing and developing online services.
- No ads, no algorithms, no dopamine traps — ever.
- Letters are intentionally delayed to promote patience and wellbeing.
- Every interaction is reviewed by both sets of parents before delivery.
- Upcoming kindness campaigns and collectible stamps are designed to encourage empathy and creativity, not compulsive use.
2. Data Protection Impact Assessments
Undertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access your service.
- A full DPIA was completed before Stamplo launched, assessing risks to children across all processing activities.
- The DPIA accounts for differing ages, capacities, and developmental needs within our 7–14 age range.
- We review and update our DPIA whenever we introduce new processing activities or materially change how data is used.
3. Age Appropriate Application
Take a risk-based approach to recognising the age of individual users and apply the standards in this code to child users.
- Stamplo applies the full protections of this code to every user on the platform — there is no adult mode or reduced-protection tier to fall through into.
- Every child account is created by a parent or legal guardian who has completed biometric identity verification through our third-party provider, Didit. Stamplo never stores identity documents or biometrics — we receive only a verified/not-verified status.
- Children’s date of birth is validated server-side and enforced to the 7–14 age range. Parental attestation of their child’s age is proportionate given that the same verified parent approves every letter, image, and connection on the platform.
- UX is optimised for ages 7–14, with a balance of simplicity and expressiveness suited to that developmental range.
4. Transparency
Children and parents must be provided clear information about how their data is used, in language suited to the age of the child.
- We publish a plain-language privacy policy for parents and a separate child-friendly privacy policy written for children aged 7–14.
- When a parent adds a child to Stamplo, a clear notice explains exactly what data is collected and why — before any child data is submitted.
- In-dashboard prompts explain what is shared and why at the point it becomes relevant.
- We do not track or profile users.
5. Detrimental Use of Data
Children’s data must not be used in ways that are harmful to their wellbeing.
- We don’t use data for advertising, targeting, or ranking.
- Messages are encrypted at rest and only decrypted for the parental approval flow.
- There is no behavioural analysis or engagement scoring.
6. Policies and Community Standards
Services must uphold their own published terms, policies and community standards that protect children.
- Strict letter content rules are enforced and both parents must approve every letter before it is delivered.
- Prohibited behaviour is outlined clearly and reinforced in UX.
- Repeated violations trigger suspension, logging, and parent alerts.
7. Default Settings
Settings must be set to high privacy by default, unless there is a compelling reason otherwise taking account of the best interests of the child.
- Children do not appear in Friend Finder until their parent or legal guardian has completed identity verification. This gate cannot be bypassed. Once verified, children are discoverable by default — showing only first name, avatar, country, and hobbies chosen by the child. This default exists because Friend Finder cannot serve its purpose — connecting children with pen pals — if no children appear in it, and discoverability is already gated behind mandatory identity verification of the parent. Parents can disable discoverability at any time from their child management page.
- Image sending and receiving are both disabled by default and must be explicitly enabled by a parent.
- All communication is parent-reviewed by default — children cannot bypass this.
8. Data Minimisation
Only the minimum amount of personal data necessary to provide the service should be collected.
- Children do not create usernames or public profiles.
- We use offline-only invite codes to connect pen pals.
- We never require email addresses or surnames for children — only a first name, date of birth, country, avatar, and optional hobbies.
9. Data Sharing
Children’s data must not be disclosed unless there is a compelling reason to do so, taking account of the best interests of the child.
- No third-party data sharing for advertising or commercial purposes. Data is processed only by carefully selected service providers under strict Data Processing Agreements.
- Encrypted messages are used only for parent-reviewed delivery.
- All sensitive content is stored encrypted at rest.
10. Geolocation
Geolocation options must be switched off by default and children must be given an obvious sign when location tracking is active.
- Stamplo does not use geolocation at any point. No location APIs are called and no precise location data is collected or stored.
- We collect only country-level information, entered manually by the parent during account creation.
- EXIF metadata — which can contain GPS coordinates — is stripped from all uploaded images before they are stored or shared.
- A Permissions-Policy HTTP header explicitly disables geolocation, camera, and microphone access at the browser level across the entire platform.
11. Parental Controls
If you provide parental controls, give the child age appropriate information about this. Provide an obvious sign to the child when they are being monitored.
- Every letter, image, and friend request passes through our Four-Eyes Check — both sets of parents must approve before anything is delivered.
- Parents control profile visibility, image permissions, and pen pal connections from their dashboard.
- Children are told clearly in the kids’ privacy policy and during onboarding that their grown-ups see every letter they send and receive.
- We notify parents of all pending actions securely.
12. Profiling
Profiling options must be switched off by default and only enabled where appropriate measures are in place to protect children from harmful effects.
- No engagement-based personalisation, ranking, or tracking of children.
- No data is analysed for engagement or optimisation.
- Each child’s experience is equal and calm by design — there is no algorithmic feed or content ranking.
13. Nudge Techniques
Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken their privacy protections.
- We don’t prompt children to reveal anything unnecessary.
- Stamp collecting is calm and achievement-based — not compulsive.
- Kindness campaigns reward empathy, not frequency of use.
14. Connected Toys and Devices
Where applicable, connected products must include effective tools to enable conformance to this code.
- Stamplo is browser-based only. No cameras, microphones, or location data are used.
- No third-party integrations that enable direct child-to-child communication or external contact.
15. Online Tools
Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.
- Children can flag any letter that worries them directly from their inbox. Flagged letters are immediately surfaced to their parent for review, and parents can mark them safe, archive them, or escalate to our support team.
- The kids’ privacy policy explains children’s rights in plain language and tells them they can ask their grown-up to delete their account, correct their details, or contact us on their behalf.
- Parents can contact our team via secure form or email at support@stamplo.kids. We aim to reply to all support requests within 24–48 hours.
What data rights do families have on Stamplo?
Beyond the ICO Children's Code, Stamplo also honours the following data rights under UK GDPR.
Data Portability
Children and parents should be able to access or move their data under UK GDPR Article 20.
- Parents can request a structured data export of their child’s messages.
- All data exports are decrypted only at the parent’s request and are readable only to them.
- We never retain decrypted content outside of the parent approval context.
Account Deletion
It should be easy to delete accounts and associated data under UK GDPR Article 17 (right to erasure).
- Parents can delete all data securely via their dashboard.
- Backups are managed by our infrastructure providers and retained only for disaster recovery purposes, in line with their managed retention policies.
- Every deletion is logged and verified.
Has Stamplo been independently reviewed?
Stamplo has been reviewed by Screenwise, an independent platform helping parents find safe, enriching digital experiences for children. Stamplo received a WISE score of 85/100, with Safety rated 93 and Wholesome rated 91.