COPPA Compliance

Our Commitment to Children's Privacy

Historical Adventures by Mail is committed to protecting the privacy and safety of children who use our service. We comply fully with the Children's Online Privacy Protection Act (COPPA), a federal law designed to protect the privacy of children under 13 years of age.

This page explains how we comply with COPPA and what measures we take to safeguard children's personal information.

What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law enacted in 1998 and enforced by the Federal Trade Commission (FTC). COPPA requires websites and online services directed at children under 13 to:

• Obtain verifiable parental consent before collecting personal information from children
• Provide clear notice of their information collection practices
• Give parents the ability to review, delete, or refuse further collection of their child's information
• Maintain reasonable security measures to protect children's information
• Limit the collection of children's information to what is reasonably necessary for the service

How Historical Adventures by Mail Complies with COPPA

1. Parental Consent

We require verifiable parental consent before collecting any personal information from children under 13. Our service is designed so that:

• All subscriptions must be purchased by a parent or legal guardian (age 18+)
• Parents provide their own contact information during registration
• Parents provide limited information about their child (first name, age, reading level, era preference) to personalize the service
• All communication regarding subscriptions, billing, and service updates is sent exclusively to the parent's email address

2. Limited Information Collection

We collect only the minimum information necessary to provide our service. The information we collect about children is limited to:

• First name: Used to personalize letters (e.g., "Dear Emma")
• Age or grade level: Used to ensure age-appropriate content and reading level
• Selected historical era: Used to determine which character will write to the child
• Mailing address: Used to deliver physical letters (provided by parent/guardian)

We do NOT collect:

• Children's email addresses
• Children's phone numbers
• Children's photographs or images
• Children's geolocation data
• Children's social security numbers or other sensitive identifiers
• Any information directly from children without parental consent

3. No Direct Communication with Children

Historical Adventures by Mail does not communicate directly with children online. Our service operates as follows:

• Children receive physical letters via postal mail (not email or digital communication)
• All digital communication (subscription confirmations, billing notices, customer support) is sent to the parent's email address
• Children do not have login credentials or access to online accounts
• We do not provide chat features, forums, or any means for children to communicate with us or other users online

4. No Targeted Advertising to Children

We do not use children's personal information for targeted advertising or marketing purposes. Specifically:

• We do not track children's online behavior
• We do not use cookies or tracking technologies to collect information from children
• We do not share children's information with third-party advertisers
• Marketing communications are sent only to parents/guardians, with opt-out options

5. Parental Rights and Controls

Parents have full control over their child's information and can exercise the following rights at any time:

• Review: Request to review the personal information we have collected about your child
• Delete: Request that we delete your child's personal information from our records
• Refuse Further Collection: Refuse to allow further collection or use of your child's information (this will result in cancellation of the subscription)
• Update: Update or correct your child's information (e.g., change reading level or era preference)

6. Data Security

We implement industry-standard security measures to protect children's information, including:

• Secure Socket Layer (SSL) encryption for all data transmission
• Restricted access to personal information on a need-to-know basis
• Regular security audits and updates
• Secure storage of physical and digital records
• Employee training on privacy and data protection

7. Third-Party Service Providers

We work with a limited number of third-party service providers to deliver our service. These providers are carefully selected and contractually obligated to:

• Use children's information only for the specific services they provide to us
• Maintain the confidentiality and security of children's information
• Comply with COPPA and other applicable privacy laws
• Not use children's information for their own purposes or share it with others

Our third-party service providers include:

• Payment processing: Stripe (PCI-compliant payment processor)
• Printing and mailing: [Printing Partner Name] (letter production and USPS delivery)
• Website hosting: [Hosting Provider Name] (secure server hosting)

Information Sharing and Disclosure

We do not sell, rent, or trade children's personal information to third parties. We may disclose children's information only in the following limited circumstances:

• With parental consent: If a parent explicitly authorizes us to share information
• To service providers: As described above, for the sole purpose of providing our service
• Legal requirements: If required by law, court order, or government regulation
• Safety and security: To protect the safety and security of children, our service, or others

Data Retention

We retain children's personal information only for as long as necessary to provide our service or as required by law. Specifically:

• Active subscriptions: Information is retained for the duration of the subscription
• Canceled subscriptions: Information is retained for up to 90 days to allow for reactivation, then deleted unless required for legal or business purposes
• Upon request: Parents may request immediate deletion of their child's information at any time

Changes to Our COPPA Practices

If we make material changes to how we collect, use, or disclose children's personal information, we will:

• Update this COPPA Compliance page
• Notify parents via email at least 30 days before the changes take effect
• Obtain new parental consent if required by COPPA

Questions or Concerns

We take children's privacy very seriously. If you have any questions, concerns, or complaints about our COPPA compliance practices, please contact us:

Historical Adventures by Mail
Email: [email protected]
Website: historicaladventuresbymail.com

You may also contact the Federal Trade Commission if you believe we are not complying with COPPA:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
Phone: 1-877-FTC-HELP (1-877-382-4357)
Website: www.ftc.gov