Parent COPPA FAQ

Frequently Asked Questions About Your Child's Privacy

Last Updated: December 26, 2025

Welcome, Parents!

We know privacy laws can be confusing. This FAQ explains how we protect your child's information in simple, straightforward language. We take children's privacy very seriously and comply with all federal laws protecting children online.

Questions? — we respond within 5 business days.

Understanding COPPA

Q1: What is COPPA and why does it matter?

A: COPPA stands for the Children's Online Privacy Protection Act. It's a federal law that protects children under 13 from having their personal information collected online without parental permission.

COPPA requires websites and apps that collect information from children to get verifiable parental consent before collecting any data. It also gives you (the parent) control over what information is collected and how it's used.

Q2: Does COPPA apply to my child?

A: It depends on your child's age:

  • Under 13: Yes, COPPA fully applies. We need your consent before collecting any information from your child.
  • Ages 13-17: COPPA doesn't apply, but we still require parents to create and manage accounts for all minors. We treat all students' data with the same high level of protection.

Q3: How do I give parental consent?

A: When you create a parent account and add a student profile, you automatically provide consent by:

  1. Creating a parent account with your verified email address
  2. Agreeing to our End User License Agreement (EULA)
  3. Creating a student profile for your child

By completing these steps, you acknowledge that you are the parent/legal guardian and consent to the collection and use of your child's information as described in our Privacy Policy.

Q4: Can I withdraw my consent later?

A: Absolutely! You can withdraw consent at any time by deleting your child's student profile or by . When you withdraw consent, we will delete your child's data within 30 days.

What Information We Collect

Q5: What information do you collect from my child?

A: We only collect information necessary to provide tutoring services:

We Collect:

  • Student first name (for personalization)
  • Grade level and age (to adapt teaching style)
  • Subject preferences (what they want to learn)
  • Tutoring session conversations (questions and answers)
  • Assessment responses (to track progress)
  • Uploaded study materials (worksheets, homework, etc.)
  • Technical data (device type, browser, IP address for security)

We Do NOT Collect:

  • Student last names or full names
  • Home addresses or phone numbers
  • Social Security numbers
  • Photos or videos
  • Precise location data (GPS)
  • Social media accounts

Q6: Why do you need to collect this information?

A: Each piece of information serves a specific educational purpose:

  • Name & Grade: So the AI tutor can address your child personally and adjust teaching to their age level (a 2nd grader needs different explanations than an 8th grader)
  • Conversations: To provide tutoring and generate progress reports for you
  • Assessments: To measure learning and identify areas where your child needs help
  • Uploaded Files: To help with specific homework or study materials
  • Technical Data: For security (detecting fraud/abuse) and improving the Service

Q7: Do you sell my child's information?

NO. NEVER.

We do NOT sell, rent, or trade student data to anyone. We do NOT use student data for advertising. Student information is used only for providing tutoring services and generating your progress reports.

How We Protect Your Child's Data

Q8: How do you keep my child's information secure?

A: We use multiple layers of security:

  • Encryption: All data is encrypted when sent over the internet (like a secure bank website) and when stored in our database
  • Secure Passwords: Your password is encrypted and cannot be seen by anyone, including our staff
  • Access Controls: Only authorized personnel can access student data, and all access is logged
  • Security Audits: We regularly test our systems for vulnerabilities
  • SOC 2 Compliance: Our data centers meet industry security standards
  • Written Security Program: We maintain formal security policies and procedures (required by COPPA 2025)

Q9: Who else has access to my child's information?

A: We only share data with trusted service providers who help us run the platform:

Google Gemini (AI Tutor)

Processes session conversations to generate tutoring responses

✓ Does NOT use student data to train their AI models

Supabase (Database)

Stores student data securely with encryption

✓ SOC 2 Type II certified

Stripe (Payments)

Processes payments securely

✓ Does NOT receive student names or data

DigitalOcean (Hosting)

Provides secure server infrastructure

✓ Enterprise-grade security

All service providers are contractually required to protect student data and comply with COPPA.

Q10: What happens if there's a data breach?

A: If any student information is compromised, we will:

  • Notify you by email within 72 hours of discovering the breach
  • Explain what information was affected
  • Describe steps we're taking to fix the problem and prevent future breaches
  • Provide credit monitoring services if financial data was involved
  • Cooperate fully with law enforcement

Your Parental Rights

Q11: What rights do I have as a parent?

A: Under COPPA, you have complete control over your child's information:

✓ Right to Review

Access and review all information collected about your child, including session transcripts, assessments, and progress reports

✓ Right to Delete

Request deletion of your child's personal information at any time

✓ Right to Withdraw Consent

Stop collection of your child's data by withdrawing consent

✓ Right to Export

Download all your child's data in a portable format (CSV/PDF)

✓ Right to Refuse Further Collection

Stop collection of additional information (note: this may limit Service functionality)

Q12: How do I review my child's data?

A: You have two options:

Option 1: Parent Dashboard (Instant Access)

  1. Log in to your parent account at aistudybuddy.academy/dashboard
  2. Click on your child's profile
  3. View "Session History" to see all past sessions
  4. Click any session to read the full transcript and assessment results
  5. View "Progress Reports" for aggregated performance data

Option 2: Contact Request (Complete Data Export)

with:

  • Subject: "Request Child Data Review"
  • Your account email address
  • Child's first name and student ID (if known)

We'll send you a complete data export within 5 business days.

Q13: How do I delete my child's data?

A: You have two deletion options:

Option 1: Delete Student Profile (In Dashboard)

  1. Log in to Parent Dashboard
  2. Click on your child's profile
  3. Scroll to bottom and click "Delete Student Profile"
  4. Confirm deletion

Data is deleted within 30 days (or immediately upon request).

Option 2: Contact Request (For Immediate Deletion)

with:

  • Subject: "Delete Child Data"
  • Your account email
  • Child's name
  • Reason for deletion (optional)

We'll confirm deletion within 5 business days.

Q14: What gets deleted when I delete my child's account?

A: We delete ALL personal information:

  • Student name, grade level, age
  • All session transcripts and conversations
  • Assessment responses and scores
  • Uploaded files (worksheets, homework)
  • Progress reports and learning analytics
  • All associated metadata

What we keep: We may retain aggregated, de-identified data for service improvement (e.g., "Students in 5th grade struggled with fractions"). This data cannot be linked back to your child.

AI Tutoring & Technology

Q15: How does the AI tutor work?

A: Our AI tutor uses Google Gemini, an advanced language model that:

  • Reads your child's questions and uploaded materials
  • Adapts its teaching style based on your child's grade level
  • Provides explanations, examples, and practice problems
  • Asks follow-up questions to check understanding
  • Generates assessments at the end of each session

Q16: Is the AI always accurate?

A: No. AI tutors are not perfect. The AI may occasionally:

  • Provide incorrect information
  • Misinterpret your child's questions
  • Generate nonsensical responses ("hallucinations")
  • Miss important misunderstandings

⚠️ Important: The AI is a supplement to classroom instruction, not a replacement for human teachers. We recommend reviewing session transcripts, especially for younger children.

Q17: Does Google use my child's data to train their AI?

No.

Google Gemini processes session conversations in real-time but does NOT use student data to train or improve their AI models. Conversations are processed only to generate tutoring responses and are not retained by Google after the session ends.

Q18: Should I supervise my child during sessions?

A: We recommend parental supervision based on age:

  • Ages 5-10: Direct supervision recommended. The AI adapts to their level, but younger children may need help navigating the interface
  • Ages 11-13: Periodic check-ins recommended. Review session transcripts regularly to ensure appropriate content
  • Ages 14+: Light oversight recommended. Encourage independence but review progress reports monthly

You can review session transcripts anytime from your Parent Dashboard.

Data Retention & Storage

Q19: How long do you keep my child's information?

A: We retain data only as long as necessary:

Active Accounts:

  • Session data: Retained indefinitely while account is active (for progress tracking)
  • Assessment results: Retained for academic records and progress reports
  • Uploaded files: Retained until you delete them

Inactive Accounts:

  • After 12 months of inactivity, we'll email a reminder to either use the Service or delete the account
  • After 24 months of inactivity, data is automatically deleted

Deleted Accounts:

  • Data deleted within 30 days (or immediately upon request)
  • Backups purged within 90 days
  • Aggregated, de-identified data may be retained for analytics

Q20: Where is my child's data stored?

A: Data is stored in secure, encrypted databases hosted by Supabase (PostgreSQL) in SOC 2 compliant data centers located in the United States. Server infrastructure is provided by DigitalOcean with enterprise-grade physical and network security.

Contact & Support

Q21: How do I contact you about privacy concerns?

A: For any privacy concerns, COPPA requests, or general support questions, please use our contact form:

We handle all types of requests:

  • Privacy & COPPA requests (data review, deletion, consent withdrawal)
  • Technical issues and billing questions
  • Legal concerns and compliance questions

Response Time: We respond to all requests within 5 business days.

Q22: What if I see concerning content in a session?

A: Report it immediately:

  1. with the session ID
  2. Describe the concerning content
  3. We'll investigate within 24 hours and take appropriate action

Examples of concerning content: Inappropriate language, harmful misinformation, safety concerns

Q23: Where can I learn more about COPPA?

A: These resources can help:

Our Commitment to Your Child's Privacy

✓ Full COPPA Compliance

Parental consent, transparency, and control

✓ Never Sell Student Data

Your child's information is not for sale

✓ Strong Security

Encryption, audits, and SOC 2 compliance

✓ Parental Rights Respected

Review, delete, and control data anytime

✓ Minimal Data Collection

Only what's necessary for tutoring

✓ Fast Response Times

Privacy requests answered in 5 business days

For complete legal details, please see:

Privacy Policy|EULA|Terms of Service|Parent Dashboard

Still Have Questions?

We're here to help protect your child's privacy.

Response within 5 business days

aiStudyBuddy.academy