KIDSCIENT
Privacy Policy
Product: Kidscient
Last updated: 2026-04-28
Operator: Yogaforce Consultancy LLC
Contact: privacy@kidscient.com
Audience
Kidscient is a learning companion for children, including children under 13. We comply with COPPA (US), GDPR-K (EU), and the UK Age Appropriate Design Code. The primary user is the child; the legal data subject is the parent or guardian.
What we collect
Required for the service
| Data | Source | Why | Where it lives |
|---|
| Parent email + Clerk user id | Parent at signup |
Account, parental consent | Postgres (users) |
| Child first name + grade level | Parent at child setup |
Personalize tutor responses | Postgres (child_profiles) |
| Child voice utterances (raw audio) | Microphone during session |
Speech-to-text transcription |
Never persisted. Buffer is sent to Azure Speech and discarded after the request returns. |
| Child voice transcripts | Azure Speech-to-Text output |
The tutor needs to know what the child said | Postgres (session_turns.transcript_text) |
| Tutor messages | Anthropic Claude output |
Show the kid the conversation; let the parent review |
Postgres (session_turns, neat_work_outputs) |
| Session signals (hint count, app-overhelped flag, parent takeaway) |
Computed from the conversation |
Parent dashboard | Postgres (sessions) |
| School documents (report cards, IEP progress reports, MAP score reports, Lexile letters) |
Parent voluntarily uploads via Compass |
Extract measured skills + map to a personalized practice project |
Azure Blob Storage (encrypted at rest, parent-owned). Extracted skills + scores in Postgres (compass_documents, compass_skill_extractions). |
| Extracted skill labels + scores + dates |
Anthropic Claude vision extraction of the uploaded document |
Build the personalized Compass project + generate IEP evidence pack PDFs on demand |
Postgres (compass_skill_extractions) |
What we do NOT collect
- No precise location.
- No advertising identifier (IDFA / GAID).
- No contact list, photos, calendar.
- No third-party analytics SDKs (no Firebase, no Mixpanel, no Sentry as of this version).
- No behavioral or interest-based ad targeting — ever.
- No cross-app tracking.
Third-party processors
Data is shared only with the following processors, and only for core service operation:
- Anthropic (Claude API) — receives tutor prompts including the child's transcript. Anthropic does not train on API customer data. Data is processed in the US.
- OpenAI (Realtime API, model
gpt-realtime) — used by the Real World module for voice role-play sessions. The child's voice is streamed directly to OpenAI's Realtime endpoint via WebRTC for in-character role-play; OpenAI returns synthesized voice + transcripts. OpenAI does not train on API customer data per the enterprise terms. Data is processed in the US.
- Azure Speech Services (Microsoft) — receives the child's audio for transcription, and tutor text for synthesis (for the non-Real-World tutoring flows). Audio is processed ephemerally (no Microsoft retention beyond request lifetime per the customer-managed key configuration).
- Clerk — handles parent authentication only. Stores parent email and password / OAuth tokens; never receives child data.
- Azure Postgres — stores everything in the table above. Located in East US, encrypted at rest.
- Azure Blob Storage — stores Compass document uploads (report cards, IEP progress reports, etc.) for as long as the parent keeps the child profile. Encrypted at rest, parent-owned via the same Postgres FK chain.
- Resend — transactional email delivery for parent notifications (Compass extraction outcomes, project readiness). Receives parent email + child first name only; never receives child practice data or transcripts.
Real World module — voice role-play specifics
Real World lets the child practice real-life situations (ordering at a restaurant, negotiating bedtime, talking to a coach, etc.) by voice-role-playing with our cheetah character "Curio." The child speaks; Curio plays the other person; afterwards Curio gives a short reflection grounded in what the child actually said.
- Voice flow. The child's voice is streamed directly to OpenAI's Realtime API via WebRTC for the in-character role-play. Our servers are in the signalling path only (we never receive raw audio).
- Transcripts. Each turn's transcript is captured (PII auto-redacted server-side — street addresses, phone numbers, school names, family contact info) and stored for up to 90 days by default. Parents can extend or shorten this per-child in Real World settings.
- Audio recordings. Not stored beyond the live session in v1. (Native iOS audio recording is on the roadmap; this clause updates when it lands.)
- Parent visibility. By default, parents can read every Real World transcript their child completed. Parents can opt out per-child in Real World settings (kid-only privacy mode).
- Safety filter. Every Curio turn (and every child turn) passes through a safety-classification pass before being persisted or spoken. Flagged turns are blocked and the session is gracefully closed.
- Curated content. All scenarios in the library are server-curated. The child cannot type or invite a custom role-play. Parents can request custom scenarios for situations specific to their child; those drafts go through the same safety + critique pipeline and require parent approval before the child sees them.
- Voice never used for AI training. Per our enterprise contracts with OpenAI + Anthropic.
Retention
- Parent account: kept until the parent deletes it.
- Child profile + sessions + turns + neat-work outputs: kept until the parent deletes the child profile (cascades automatically).
- Raw audio (non-Real-World): never persisted (buffer-only during request).
- Real World transcripts: 90 days by default (parent-configurable per-child).
- Real World audio recordings: not stored in v1.
- Logs: 30 days, no PII other than session ids.
Right to deletion
A parent can delete a child profile (and all associated data) directly from the app's Profiles screen. The cascade wipes sessions, session_turns, neat_work_outputs, and parent_reviews in a single transaction.
For the parent's own account (and all children under it), deletion is via the app's account-deletion flow → triggers the cascade.
Parental consent
The parent creates an account with a verified email address. By creating the account, the parent confirms they are the parent or legal guardian of the child(ren) added to the account. Account creation is the verifiable consent moment.
Contact for privacy questions
Email privacy@kidscient.com — the
inbox monitored by the Kidscient team. We respond within 7 days for
data-deletion or access requests.