Trust Centre

Child Safety

How we design every product that touches a child’s data. The specific commitments, how they’re enforced in the code, and what we’d do differently from many of our peers.

The frameworks we align with

Three legal frameworks govern our children’s products: the U.S. Children’s Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation special-category protections for children (GDPR-K, primarily Article 8), and the Australian Privacy Principles (APPs) as applied to children under Australian law. We also design against the National Principles for Child Safe Organisations published by the Australian Government, these are not law, but they’re the operating standard for responsibly-run organisations that work with children, and they apply just as cleanly to a software product as to a swimming club.

We don’t treat these as compliance checkboxes. They shape what the products do and what they don’t. The commitments below are commitments we’ve made in the code, not commitments we’ve made in a PDF.

Children don’t have accounts

In My Crescender Family, children cannot sign up. They don’t have email addresses in our system. They don’t have passwords. The only way a child accesses the app is via a 6-digit parent-issued code that unlocks kid mode on a specific device. The child’s record exists in our database (with their name, date of birth, instrument, practice history), but it’s authenticated to the parent, not to the child.

This is the cleanest architectural answer to COPPA’s core requirement of verifiable parental consent: the parent is the only authenticated principal who can act on the child’s data. The child uses the surface, but they’re never the legal data subject from the app’s perspective.

The same model extends to Creduca: in school deployments, students under 13 are added by their teachers (or parents); they don’t self-register; their data lives under the school’s account.

No advertising in child-facing surfaces

My Crescender Family and child-facing Crescender surfaces have zero advertising SDKs linked in. No AdMob, no Facebook Audience Network, and no third-party measurement frameworks that exist primarily to feed advertising systems.

Other Crescender products may include advertising for non-paying users, but that does not extend to the Family app or to child data. We do not use children’s behaviour data for ad targeting or retargeting.

No third-party analytics SDKs that profile kids

Our kid surfaces ship without any third-party SDK that constructs a behavioural profile of a child user (no session-replay, no heatmap, no event-stream products from the user-profiling analytics category). The only diagnostic tool we use captures crash stack traces + transaction timings, not user actions, not screen flows, not engagement events. Diagnostic breadcrumbs are configured to strip identifiers; the per-event payload carries no PII.

We do count aggregate metrics (how many practice sessions happen per day across the user base, how many families have been created this week), these are computed from our own database, not from a third-party feed, and they don’t attach to individual children.

No dark patterns in the kid surface

The kid surface (and the parent surface for that matter) ships with no streak-shaming, no “don’t break your streak” pressure, no celebration animations engineered to feel like slot machines, no comparing your kid’s progress to other kids’, no leaderboards, no chat. There is no notification we send to a child. The only notifications go to the parent, and only the ones the parent explicitly opts into.

We made these design choices because the literature on streak-shaming and engagement-maxing for children is consistent: it’s harmful, and the apps that do it most aggressively to kids have worse downstream outcomes for the kids and the parents who buy them. We’re not building one of those apps.

Designed for Families (Google Play) and Made for Kids (Apple)

My Crescender Family is submitted to Google Play under the Designed for Families programme, which enforces a long checklist of child-safe design requirements including ad restrictions, in-app-purchase restrictions, and specific privacy disclosures. It’s submitted to the App Store under the Made for Kids category with the age band 6-8 as primary, which similarly enforces Apple’s Kids Category guidelines: no third-party advertising, no behavioural advertising of any kind, no tracking, no out-of-app links without parental gate.

We meet both platforms’ bars by a comfortable margin. The bars exist for good reasons; we wouldn’t want to be a borderline case.

National Principles for Child Safe Organisations

The Australian Government’s National Principles for Child Safe Organisations (published by the National Office for Child Safety) are a 10-principle framework most often applied to schools, sports clubs, religious organisations, and youth services. They apply to us too: we have child users; we have a responsibility to design and operate the service in a way that keeps them safe.

Our application of the principles, principle by principle:

  • Child safety as an organisational value, explicitly named in our company values; reflected in product design decisions.
  • Children participate in decisions affecting them , we user-test the kid surface with actual children of relevant ages, with parental consent. Their feedback directly shapes the UI (the original timer screen had a progress ring; kids found it stressful; we removed it).
  • Families and communities informed and involved , privacy notice is short and parent-readable; parents see everything their children do in the app; export and delete are one tap from Settings.
  • Equity and diverse needs respected, kid surface designed for the cognitive load of 6-year-olds; works on lower-end devices; works offline; doesn’t require ongoing connectivity that lower-income families may struggle to provide.
  • Staff and volunteers trained and supported , engineering and product staff have child-safety training in onboarding; reviewers of any feature touching the kid surface check it against the explicit list of red-line behaviours.
  • Complaints handled fairly, any user can email hello@crescender.com.au with a concern; we respond within 48 hours; serious safety concerns escalate internally same-day.
  • Online safety, no chat, no social, no user-generated public content, no external links inside the kid surface.
  • Physical and online environments safe, the app is the environment; the design constraints above are the implementation.
  • Continuous improvement, child-safety review is on the agenda for every product release; this page updates when the underlying practice changes.
  • Policies documented and accessible, this page is the policy. The legal version is thefamily privacy notice.

Things we’ll do if something goes wrong

Any safety incident involving a child user gets escalated immediately to the founder team. We’ll notify affected parents within 24 hours of confirming an incident (faster if the OAIC’s Notifiable Data Breaches scheme requires it, which for serious incidents is “as soon as practicable”, we operate to a 72-hour target). We publish post-incident summaries on our Incident Response page.

← Trust CentreFamily privacy notice →COPPA + GDPR-K detail →

Last updated: 24 May 2026

Child Safety | how we design products for children | Crescender