This page explains how Shiminly Inc. ("Shiminly," "we") obtains, verifies, and honours parental consent for learners under 18—meeting the requirements of COPPA (USA), DPDPA 2023 (India), and PDPL 2021 (UAE).
1. When Consent Is Required
2. Consent Methods We Accept
3. Step by Step E mail Verification Flow
4. School Managed Bulk Consent
5. How Parents Can Review or Revoke Consent
6. Data Retention & Audit Logs
7. Contact
•
USA: Learners under 13 (COPPA).
• India: Learners under 18 (DPDPA).
• UAE: Learners under 18 (PDPL).
• School accounts: A school may act as the parent’s agent if it signs our Student Data Agreement and provides notice to parents.
| Method |
Availability |
Meets Legal Standard |
| Parent email verification |
Global (default) |
COPPA “e mail + follow up” |
| Credit card micro charge (USD 0.50) |
USA only (optional) |
COPPA § 312.5(b)(2) |
| Signed school waiver (bulk) |
Schools in USA, UAE, India |
FERPA exception + PDPL Art 9 |
For Phase 1, Shiminly uses the parent e mail verification flow by default.
1. Child signs up with first name, age band, and parent/guardian e mail.
2. Consent e mail sent to the parent with:
- a summary of data collected,
- a link to this notice, and
- a “Grant Consent” button.
3. Parent clicks the button → redirected to a consent page.
4. Parent checks a box “I am the legal guardian and consent to data collection for educational purposes.”
5. Audit log records timestamp, IP, consent language, and hashed e mail.
6. Child’s account is unlocked; parent receives confirmation.
If the parent does not respond within 7 days, the child account and any temporary data are automatically deleted.
Schools may submit a spreadsheet of enrolled students + parent contacts and sign our Student Data Processing Agreement. The school affirms it has notified parents and collected requisite consent. Shiminly stores the signed agreement as proof of consent.
| Action |
How to Do It |
SLA |
| Review data |
Log in to parent dashboard → Download Report |
Real time |
| Correct data |
E mail support@shiminly.com with changes |
10 days |
| Delete account |
Parent dashboard → Delete Account or e mail privacy@shiminly.com |
30 days |
| Revoke consent |
Same as delete, or toggle Revoke Consent in dashboard |
30 days |
Revoking consent permanently deactivates the learner’s account and deletes personal data, except records we must keep for legal or tax reasons.
- Consent logs are stored for 6 years to comply with COPPA recordkeeping rules.
- Logs include parent e mail, date/time, consent method, and IP hash.
- Only the Data Protection Officer and Security team can access raw logs.
• USA (COPPA): support@shiminly.com
• India (DPDPA): DPDPA@shiminly.com
• UAE (PDPL): PDPL@shiminly.com
• General privacy: privacy@shiminly.com
