Kidscient is a learning companion for children, including children under 13. We comply with COPPA (US), GDPR-K (EU), and the UK Age Appropriate Design Code. The primary user is the child; the legal data subject is the parent or guardian.
| Data | Source | Why | Where it lives |
|---|---|---|---|
| Parent email + Clerk user id | Parent at signup | Account, parental consent | Postgres (users) |
| Child first name + grade level | Parent at child setup | Personalize tutor responses | Postgres (child_profiles) |
| Child voice utterances (raw audio) | Microphone during session | Speech-to-text transcription | Never persisted. Buffer is sent to Azure Speech and discarded after the request returns. |
| Child voice transcripts | Azure Speech-to-Text output | The tutor needs to know what the child said | Postgres (session_turns.transcript_text) |
| Tutor messages | Anthropic Claude output | Show the kid the conversation; let the parent review | Postgres (session_turns, neat_work_outputs) |
| Session signals (hint count, app-overhelped flag, parent takeaway) | Computed from the conversation | Parent dashboard | Postgres (sessions) |
Data is shared only with the following processors, and only for core service operation:
A parent can delete a child profile (and all associated data) directly from the app's Profiles screen. The cascade wipes sessions, session_turns, neat_work_outputs, and parent_reviews in a single transaction.
For the parent's own account (and all children under it), deletion is via the app's account-deletion flow → triggers the cascade.
The parent creates an account with a verified email address. By creating the account, the parent confirms they are the parent or legal guardian of the child(ren) added to the account. Account creation is the verifiable consent moment.
Email privacy@kidscient.com — the inbox monitored by the Kidscient team. We respond within 7 days for data-deletion or access requests.