SmartLearningBack to Home

Privacy Policy

Last updated: March 5, 2026

1. Information We Collect

SmartLearning collects information necessary to provide personalized adaptive learning services for your children. This includes:

  • Account information: Parent name, email address, and password (hashed).
  • Student profiles: Child name, grade level, MAP RIT scores, Lexile level, Quantile level, and learning preferences.
  • Learning data: Task responses, essay submissions, grading results, mastery scores, vocabulary entries, golden sentences, and time-on-task metrics.
  • Billing information: Processed securely by Stripe. We do not store credit card numbers.

2. How We Use Your Information

  • To calibrate adaptive difficulty to each student's exact academic level.
  • To track mastery progression (BKT model) and generate growth reports.
  • To produce portfolio materials, executive summaries, and admissions documents.
  • To process subscriptions and billing through Stripe.
  • To improve our AI models and question generation quality.

3. Data Sharing

We do not sell, rent, or share your personal information or your children's learning data with third parties, except:

  • Stripe: For secure payment processing.
  • OpenAI: Student responses are sent to OpenAI APIs for grading and content generation. No personally identifiable information (names, emails) is included in API calls.
  • Supabase: Our database and authentication provider, hosted in the United States.
  • Legal requirements: If required by law or to protect our rights.

4. Children's Privacy (COPPA)

SmartLearning is designed for use by parents on behalf of their children. Only parents create accounts and manage subscriptions. Student accounts are created by parents, and all billing and data management is controlled by the parent account. We comply with the Children's Online Privacy Protection Act (COPPA) by obtaining parental consent through the account creation process.

5. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), hashed passwords via Supabase Auth, row-level security on database tables, and session-based authentication with secure cookies. All API routes require authentication and enforce role-based access control.

6. Data Retention & Deletion

Your data is retained while your subscription is active. Upon account deletion (available through admin or by contacting support), all personal data and student learning records are permanently removed from our systems. Anonymized, aggregated usage statistics may be retained for service improvement.

7. Your Rights

  • Access and download your data at any time through your dashboard.
  • Request correction of inaccurate information.
  • Request deletion of your account and all associated data.
  • Opt out of non-essential communications.

8. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact us at privacy@smartlearning.dev.