Privacy Policy

1. Information We Collect

Parent / Caregiver Information

• Name and email address (for account creation and communication)
• Authentication credentials (managed securely via our auth provider)
• Billing and payment information (processed by Stripe; we do not store card numbers)

Child Information

• Display name or nickname (we do not require a child's real name)
• Age range (used to adapt content difficulty and tone)
• Learning preferences and subject selections

Usage Data

• Tutoring session transcripts (conversations with the AI tutor)
• Quiz results, progress metrics, and mastery levels
• Session timestamps and duration

2. How We Use Information

• Provide and personalise AI tutoring sessions for each child
• Track learning progress and generate reports for parents
• Adapt content difficulty based on demonstrated mastery
• Process payments and manage subscriptions
• Ensure the safety and security of our platform
• Improve our educational content and platform features

We do not use children's data for advertising, profiling, or any purpose unrelated to their education.

3. COPPA Compliance

Aletheia is designed to comply with the Children's Online Privacy Protection Act (COPPA). We take the following measures:

• Parental consent: Only a verified parent or caregiver can create child profiles and grant access to the platform.
• Minimal data collection: We collect only what is necessary to provide the tutoring service. Children are identified by nicknames, not legal names.
• No third-party tracking: We do not embed third-party advertising or analytics trackers in the child-facing portions of the platform.
• Parental control: Parents can review, download, or delete all data associated with their child's profile at any time.
• PIN-based child access: Children authenticate with a family code and PIN — no email or personal identifiers required.

4. Data Security

We implement industry-standard security measures including:

• TLS encryption for all data in transit
• Encrypted database storage for sensitive fields
• Rate limiting and brute-force protection on authentication endpoints
• Role-based access control separating parent and child data
• Regular security reviews and dependency updates

5. Third-Party Services

We use the following categories of third-party providers. Each receives only the minimum data required to perform its function:

• AI providers (e.g., Anthropic, OpenAI, Google) — receive conversation context to generate tutoring responses. No child PII is included in prompts.
• Payment processing (Stripe) — handles billing securely. We never store credit card numbers.
• Authentication (NextAuth / OAuth providers) — manages parent sign-in. Child authentication is handled entirely by Aletheia.
• Text-to-speech (OpenAI) — receives text content to generate audio responses. No identifying information is included.
• Bot protection (Google reCAPTCHA v3) — protects login forms from abuse. Subject to Google's Privacy Policy and Terms of Service.
• Database hosting (MongoDB Atlas) — stores application data in encrypted, access-controlled cloud infrastructure.

6. Data Retention

We retain account and learning data for the lifetime of your account. You may request deletion at any time. Upon account deletion:

• Parent profile and credentials are permanently deleted
• All child profiles and associated learning data are permanently deleted
• Conversation transcripts are permanently deleted
• Billing records are retained as required by law (typically 7 years)

7. Cookies and Local Storage

Aletheia uses essential cookies and browser local storage for:

• Maintaining your authenticated session
• Remembering child session context (family code, active profile)
• Storing UI preferences (e.g., theme, language)

We do not use advertising cookies or third-party tracking cookies.

8. Your Rights

You have the right to:

• Access all data we hold about you and your children
• Correct inaccurate information
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent for data processing at any time

You can manage most of these through the Parent Dashboard. For requests we cannot handle in the UI, contact us directly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Last Updated" date above. Continued use of the platform after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: privacy@aletheiatutor.com