Built for Children, Backed by Safety

Stamplo is designed to align with the ICO Children's Code and UK GDPR, while respecting the spirit of COPPA. Every child is protected through a parent-supervised system. Every parent stays in control.

🔐 Our Security Commitments

Stamplo is built with a zero-trust mindset and secure-by-default architecture:

Parent identity verification is required before children can exchange letters, ensuring only real, accountable adults can approve communication.
Strong encryption at rest for letters and uploaded images
Strict session and cookie policies (HttpOnly, Secure, SameSite=Lax)
Full CSRF protection using server-backed session tokens (not exposed to JavaScript).
No ads. No tracking. No third-party scripts for advertising or behavioural analytics.
No behavioral profiling or engagement-based personalisation.
Private, access-logged backend with audit-ready logs.
All letter content is rendered as plain text, links are not clickable and cannot redirect users.
Letter and pen pal approvals require both parents (Four-Eyes Check)

While no system can promise perfection, Stamplo is designed to protect children like your own — because that's exactly who it was built for.

📋 How We Meet the ICO Code

The ICO Children's Code contains 15 principles. We've built Stamplo to honour all of them — thoughtfully, thoroughly, and transparently.

1. Best Interests of the Child

The child’s best interests must be a primary consideration when designing and developing online services.

How Stamplo Meets This:

No ads, no algorithms, no dopamine traps — ever.
Letters are intentionally delayed to promote patience and wellbeing.
Every interaction is reviewed by both sets of parents before delivery.
Upcoming kindness campaigns and collectible stamps are designed to encourage empathy and creativity, not compulsive use.

2. Data Protection Impact Assessments

Undertake a DPIA to assess and mitigate risks to the rights and freedoms of children who are likely to access your service.

How Stamplo Meets This:

A full DPIA was completed before Stamplo launched, assessing risks to children across all processing activities.
The DPIA accounts for differing ages, capacities, and developmental needs within our 7–14 age range.
We review and update our DPIA whenever we introduce new processing activities or materially change how data is used.

3. Age Appropriate Application

Take a risk-based approach to recognising the age of individual users and apply the standards in this code to child users.

How Stamplo Meets This:

Stamplo applies the full protections of this code to every user on the platform — there is no adult mode or reduced-protection tier to fall through into.
Every child account is created by a parent or legal guardian who has completed biometric identity verification through our third-party provider, Didit. Stamplo never stores identity documents or biometrics — we receive only a verified/not-verified status.
Children’s date of birth is validated server-side and enforced to the 7–14 age range. Parental attestation of their child’s age is proportionate given that the same verified parent approves every letter, image, and connection on the platform.
UX is optimised for ages 7–14, with a balance of simplicity and expressiveness suited to that developmental range.

4. Transparency

Children and parents must be provided clear information about how their data is used, in language suited to the age of the child.

How Stamplo Meets This:

We publish a plain-language privacy policy for parents and a separate child-friendly privacy policy written for children aged 7–14.
When a parent adds a child to Stamplo, a clear notice explains exactly what data is collected and why — before any child data is submitted.
In-dashboard prompts explain what is shared and why at the point it becomes relevant.
We do not track or profile users.

5. Detrimental Use of Data

Children’s data must not be used in ways that are harmful to their wellbeing.

How Stamplo Meets This:

We don’t use data for advertising, targeting, or ranking.
Messages are encrypted at rest and only decrypted for the parental approval flow.
There is no behavioural analysis or engagement scoring.

6. Policies and Community Standards

Services must uphold their own published terms, policies and community standards that protect children.

How Stamplo Meets This:

Strict letter content rules are enforced and both parents must approve every letter before it is delivered.
Prohibited behaviour is outlined clearly and reinforced in UX.
Repeated violations trigger suspension, logging, and parent alerts.

7. Default Settings

Settings must be set to high privacy by default, unless there is a compelling reason otherwise taking account of the best interests of the child.

How Stamplo Meets This:

Children do not appear in Friend Finder until their parent or legal guardian has completed identity verification. This gate cannot be bypassed. Once verified, children are discoverable by default — showing only first name, avatar, country, and hobbies chosen by the child. This default exists because Friend Finder cannot serve its purpose — connecting children with pen pals — if no children appear in it, and discoverability is already gated behind mandatory identity verification of the parent. Parents can disable discoverability at any time from their child management page.
Image sending and receiving are both disabled by default and must be explicitly enabled by a parent.
All communication is parent-reviewed by default — children cannot bypass this.

8. Data Minimisation

Only the minimum amount of personal data necessary to provide the service should be collected.

How Stamplo Meets This:

Children do not create usernames or public profiles.
We use offline-only invite codes to connect pen pals.
We never require email addresses or surnames for children — only a first name, date of birth, country, avatar, and optional hobbies.

9. Data Sharing

Children’s data must not be disclosed unless there is a compelling reason to do so, taking account of the best interests of the child.

How Stamplo Meets This:

No third-party data sharing for advertising or commercial purposes. Data is processed only by carefully selected service providers under strict Data Processing Agreements.
Encrypted messages are used only for parent-reviewed delivery.
All sensitive content is stored encrypted at rest.

10. Geolocation

Geolocation options must be switched off by default and children must be given an obvious sign when location tracking is active.

How Stamplo Meets This:

Stamplo does not use geolocation at any point. No location APIs are called and no precise location data is collected or stored.
We collect only country-level information, entered manually by the parent during account creation.
EXIF metadata — which can contain GPS coordinates — is stripped from all uploaded images before they are stored or shared.
A Permissions-Policy HTTP header explicitly disables geolocation, camera, and microphone access at the browser level across the entire platform.

11. Parental Controls

If you provide parental controls, give the child age appropriate information about this. Provide an obvious sign to the child when they are being monitored.

How Stamplo Meets This:

Every letter, image, and friend request passes through our Four-Eyes Check — both sets of parents must approve before anything is delivered.
Parents control profile visibility, image permissions, and pen pal connections from their dashboard.
Children are told clearly in the kids’ privacy policy and during onboarding that their grown-ups see every letter they send and receive.
We notify parents of all pending actions securely.

12. Profiling

Profiling options must be switched off by default and only enabled where appropriate measures are in place to protect children from harmful effects.

How Stamplo Meets This:

No engagement-based personalisation, ranking, or tracking of children.
No data is analysed for engagement or optimisation.
Each child’s experience is equal and calm by design — there is no algorithmic feed or content ranking.

13. Nudge Techniques

Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or weaken their privacy protections.

How Stamplo Meets This:

We don’t prompt children to reveal anything unnecessary.
Stamp collecting is calm and achievement-based — not compulsive.
Kindness campaigns reward empathy, not frequency of use.

14. Connected Toys and Devices

Where applicable, connected products must include effective tools to enable conformance to this code.

How Stamplo Meets This:

Stamplo is browser-based only. No cameras, microphones, or location data are used.
No third-party integrations that enable direct child-to-child communication or external contact.

15. Online Tools

Provide prominent and accessible tools to help children exercise their data protection rights and report concerns.

How Stamplo Meets This:

Children can flag any letter that worries them directly from their inbox. Flagged letters are immediately surfaced to their parent for review, and parents can mark them safe, archive them, or escalate to our support team.
The kids’ privacy policy explains children’s rights in plain language and tells them they can ask their grown-up to delete their account, correct their details, or contact us on their behalf.
Parents can contact our team via secure form or email at support@stamplo.kids. We aim to reply to all support requests within 24–48 hours.

Additional Rights

Beyond the ICO Children's Code, Stamplo also honours the following data rights under UK GDPR.

Data Portability

Children and parents should be able to access or move their data under UK GDPR Article 20.

How Stamplo Meets This:

Parents can request a structured data export of their child’s messages.
All data exports are decrypted only at the parent’s request and are readable only to them.
We never retain decrypted content outside of the parent approval context.

Account Deletion

It should be easy to delete accounts and associated data under UK GDPR Article 17 (right to erasure).

How Stamplo Meets This:

Parents can delete all data securely via their dashboard.
Backups are managed by our infrastructure providers and retained only for disaster recovery purposes, in line with their managed retention policies.
Every deletion is logged and verified.

Independently Reviewed

Stamplo has been reviewed by Screenwise, an independent platform helping parents find safe, enriching digital experiences for children. Stamplo received a WISE score of 85/100, with Safety rated 93 and Wholesome rated 91.