Privacy Policy

Last updated: February 2026

AppAcademia ("we," "us," or "our") is committed to protecting the privacy of all users of our AI-powered K-12 education platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, web application, and mobile applications (collectively, the "Service").

1. Information We Collect

We collect information to provide and improve our educational services. The types of information we collect include:

• Account Information: Name, email address, role (student, teacher, parent, or administrator), school affiliation, and password credentials.
• Student Educational Data: Learning progress, assessment results, exam scores, study plan data, AI tutor interactions, and adaptive learning pathway information.
• School Data: School name, branding preferences, administrative settings, teacher rosters, and class configurations.
• Usage Data: Log data, device information, browser type, IP address, pages visited, features used, session duration, and interaction patterns.
• Communication Data: Messages exchanged between teachers, parents, and students through our in-platform communication tools.
• Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide personalized, adaptive learning experiences powered by our AI engine.
• To generate AI-powered study plans, assessments, and learning recommendations.
• To enable teachers to manage classrooms, create lessons, and monitor student progress.
• To allow parents and guardians to track their child's educational progress.
• To operate gamification features including XP tracking, badges, leaderboards, and streaks.
• To process payments and manage subscriptions.
• To communicate important updates about the Service.
• To improve our platform, algorithms, and educational content.
• To comply with legal obligations and enforce our Terms of Service.

3. Data Protection & Compliance

AppAcademia is designed with privacy and compliance at its core. We adhere to the following regulations:

• GDPR (General Data Protection Regulation): For users in the European Union, we process data lawfully, transparently, and for specific purposes. We provide data access, portability, and deletion rights as required.
• FERPA (Family Educational Rights and Privacy Act): We protect the privacy of student education records. Schools retain control over student data, and we act as a "school official" under FERPA when providing services to educational institutions.
• COPPA (Children's Online Privacy Protection Act): We comply with COPPA requirements for users under 13 years of age. See Section 4 for details.
• EU AI Act 2025: Our AI systems are designed to be transparent, fair, and accountable, in compliance with the EU AI Act requirements for educational AI applications.

4. Children's Privacy

AppAcademia takes children's privacy very seriously. Our platform serves K-12 students, and we implement the following safeguards:

• For children under 13, we require verifiable parental or guardian consent before collecting any personal information.
• Student accounts for children under 13 must be created by a parent, guardian, or authorized school administrator.
• We collect only the minimum information necessary to provide educational services to young learners.
• Parents and guardians can review, modify, or request deletion of their child's information at any time.
• We do not display targeted advertising to children under 13.
• AI tutor interactions with minors are subject to additional content safety filters.

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Authentication is managed through Keycloak with OAuth2/OIDC protocols and PKCE for enhanced security.
• Role-based access control (RBAC) ensures users can only access data appropriate to their role.
• We conduct regular security audits and vulnerability assessments.
• Database backups are encrypted and stored securely with geographic redundancy.
• Our infrastructure runs on secure, non-root containers with regular patching.

6. Third-Party Services

We integrate with the following third-party services to provide our platform:

• OpenAI & Anthropic (Claude): AI language models power our AI tutor and content generation features. Prompts and responses are processed according to their respective privacy policies. We do not share personally identifiable student information with AI providers.
• Stripe: Secure payment processing for subscriptions. Stripe handles all payment card data in compliance with PCI DSS standards.
• Keycloak: Identity and access management for secure authentication and single sign-on.
• SendGrid: Email delivery for account verification, notifications, and communications.
• Sentry: Error monitoring to improve platform stability. No personal educational data is sent to Sentry.

7. Cookies

We use cookies and similar technologies to:

• Maintain your session and authentication state.
• Remember your preferences (language, theme, accessibility settings).
• Analyze platform usage to improve our services.
• Ensure security and prevent fraud.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Export: Request a portable copy of your data in a machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent where processing is based on consent.

Schools and administrators can manage data for their institution's users through the admin dashboard. Parents can manage their children's data through the parent portal.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy. Student educational records are retained for the duration of the school's subscription plus a reasonable period for account recovery. Upon account deletion or subscription termination, personal data is permanently removed within 90 days, unless retention is required by law.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: hello@myappacademia.com
• Subject Line: "Privacy Request — [Your Name]"

We will respond to all privacy-related inquiries within 30 days.