Skip to content

Privacy Policy

Last updated: March 1, 2026

1. Introduction

This Privacy Policy describes how CanReadNow (hereinafter — "Service", "we", "us", "our") collects, uses, stores, and protects user information. The CanReadNow Service is operated by Veniamin Bakalinskiy, ID 337858989.

Address: 50 HaRav Alnekave, Tel-Aviv Yaffo, 6765597, Israel.

Contact email: [email protected]

This policy applies to all services related to CanReadNow, including the website canreadnow.com, the application app.canreadnow.com, and all related subdomains and services.

CanReadNow is a web service for teaching children ages 2 to 10 to read using a scientifically grounded whole-word reading methodology. Our Service is primarily designed for children with special needs, including children with Down syndrome, autism spectrum disorders, cerebral palsy, ADHD, severe speech disorders, and visual/hearing impairments. We understand the special responsibility of protecting the personal data of our young users and their families.

2. Data We Collect

We strive to collect the minimum data necessary for the Service to function. Below are the categories of data we process:

2.1. Account Data

  • Parent's email address (used for login and communication)
  • Password (stored only as a bcrypt cryptographic hash; we do not have access to your password in plain text)

2.2. Child Profiles

  • Child's nickname — we do NOT collect or request children's real names
  • Child's age (optional field, used to adapt the learning process)
  • Learning preferences (language, flashcard display speed, word category preferences)

2.3. Learning Data

  • Words learned and progress on each word
  • Session timestamps (date and time of lessons)
  • Progress metrics (number of views, success rate, memorization speed)

2.4. Technical Data

  • Browser type and version
  • Device type (computer, tablet, smartphone)
  • IP address (anonymized — last octet is zeroed)
  • Locale preferences (preferred interface language)

2.5. Payment Data

Payments are processed by the third-party payment service Allpay (allpay.co.il). We do NOT store credit card numbers, CVV codes, or other payment details on our servers. We receive from Allpay only payment confirmation, transaction identifier, and subscription type.

2.6. Data We Do NOT Collect

We want to explicitly state the data we never collect or request:

  • Photos or videos of children
  • Voice recordings
  • Biometric data
  • Location data
  • Social media profiles
  • Children's real names (only nicknames are used)

3. How We Use Data

We use the collected data exclusively for the following purposes:

  • Providing and operating the Service — user authentication, displaying learning materials, saving progress
  • Personalizing the learning experience — selecting words and categories based on the child's age and level, adapting learning pace
  • Generating progress reports for parents and therapists (speech therapists, special education professionals)
  • Sending service communications (only to the parent's email) — notifications about Service changes, policy updates, important subscription information
  • Improving word selection algorithms and teaching methodology based on aggregated (anonymized) data
  • Detecting and preventing fraud, abuse, and security breaches

We clearly state:

  • We NEVER sell user personal data to third parties
  • We do NOT use data for advertising or marketing purposes
  • We do NOT share personal data with third parties except as described in Section 8 of this Policy

4. Children's Privacy (COPPA / GDPR)

Protecting children's privacy is our highest priority. Our Service is designed in accordance with the strictest standards for children's data protection.

  • Our Service is designed for teaching children ages 2–10, however, the Service is operated exclusively by parents (legal guardians)
  • Only parents (persons over 18 years of age) can create and manage accounts
  • Children never interact directly with the account, payment system, or account settings
  • We do NOT collect personal data from children — only nicknames are used in profiles, not real names
  • A parent can review, delete, or export all of a child's data at any time
  • We comply with the Children's Online Privacy Protection Act (COPPA, United States)
  • We comply with Article 8 of the General Data Protection Regulation (GDPR, European Union) regarding the processing of children's data

If you believe that we have inadvertently collected personal data of a child without proper parental consent, please contact us immediately at [email protected], and we will promptly delete such data.

5. Data Storage and Security

We take all necessary technical and organizational measures to protect your data:

  • Data is stored on secure servers of the Railway cloud infrastructure
  • All data is transmitted via encrypted channels using the HTTPS/TLS protocol
  • Passwords are stored exclusively as bcrypt hashes — even we cannot recover your password
  • Database access is restricted to authorized personnel only
  • We conduct regular security audits of the system
  • Data is stored in data centers located in the EU and US in compliance with applicable regulatory requirements

6. Cookies and Tracking

We use the minimum number of cookies necessary for the Service to function:

6.1. Essential (Functional) Cookies

  • Authentication tokens (JWT) — necessary to maintain the authorization session
  • Language preferences — to save the preferred interface language

6.2. Analytics Cookies

  • Google Analytics 4 — used to collect anonymized Service usage statistics (IP addresses are anonymized)
  • Google Tag Manager — used exclusively for managing analytics scripts

6.3. What We Do NOT Use

  • We do NOT use third-party advertising cookies
  • We do NOT perform cross-site tracking
  • We do NOT create advertising profiles of users

7. Third-Party Services

To operate the Service, we use the following third-party services, each of which processes a limited amount of data in accordance with their own privacy policies:

  • Allpay (allpay.co.il) — payment processing. Allpay receives payment data (card number, expiration date) directly; we do not have access to it.
  • Google Analytics — anonymized Service usage statistics (number of visits, popular pages, session duration). IP addresses are anonymized.
  • Railway — cloud hosting. Our infrastructure is deployed on the Railway platform, which provides secure data storage and processing.
  • Cloudflare — content delivery network (CDN) and DDoS protection. Cloudflare may process technical data (IP addresses, HTTP headers) for security and performance.

We do not share users' personal data with any of these services beyond the minimum necessary for their operation.

8. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

  • Right to access — you can request a copy of all personal data we hold about you and your children
  • Right to rectification — you can request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — you can request complete deletion of your personal data from our systems
  • Right to data portability — you can request export of your data in a machine-readable format (JSON)
  • Right to restrict processing — you can request temporary restriction of the processing of your data
  • Right to object — you can object to certain types of processing of your data
  • Right to withdraw consent — you can withdraw previously given consent to data processing at any time

To exercise any of these rights, send a request to [email protected] with the subject "GDPR Request". Specify your email registered with the Service and the specific right you wish to exercise. We will process your request within 30 (thirty) calendar days.

9. Data Retention

We retain your data no longer than necessary for the purposes for which it was collected:

  • Account data — retained while the account is active plus 30 days after a deletion request (to allow recovery in case of accidental deletion)
  • Learning data — deleted when the child's profile or parent's account is removed
  • Technical logs — retained for a maximum of 90 days, after which they are automatically deleted
  • Payment records — retained as required by law (up to 7 years for tax and accounting reporting purposes)

10. International Data Transfers

Our Service is available to users worldwide. Accordingly, your data may be transferred to and stored in countries other than your country of residence, including but not limited to Israel, European Union countries, and the United States of America.

We ensure appropriate data protection safeguards for international transfers, including through Standard Contractual Clauses approved by the European Commission, as well as other applicable protection mechanisms.

11. Changes to This Policy

We may periodically update this Privacy Policy to reflect changes in our data processing practices, changes in legislation, or for other operational reasons.

In the event of significant changes, we will notify you by email (to the address provided during registration) at least 14 days before the changes take effect.

Continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may delete your account at any time.

12. Contact Information

If you have any questions, comments, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Responsible person: Veniamin Bakalinskiy

Address: 50 HaRav Alnekave, Tel-Aviv Yaffo, 6765597, Israel

Email: [email protected]

We aim to respond to all inquiries within 30 calendar days.

© 2026 CanReadNow. All rights reserved. Veniamin Bakalinskiy, ID 337858989.