Privacy Policy

Last updated: April 20, 2026 | Effective: April 20, 2026

AI Academy (AIA) is an educational platform for children. We take privacy seriously — especially children's privacy. This policy explains what data we collect, why, and how we protect it. We comply with COPPA (US), PIPEDA (Canada), and GDPR (EU/UK).

1. Who We Are

AI Academy ("AIA", "we", "us") is an AI-powered homeschool education platform. We are operated from Ontario, Canada.

Contact our Privacy Officer: admin@aisomad.ai

2. Who This Policy Applies To

This policy applies to all users of AIA, including:

Students (ages 7–15) using the learning platform
Parents and guardians who create and manage accounts for their children

If your child is under 13 (US) or under 16 (EU), a parent or guardian must create their account and provide consent.

3. What Data We Collect

Data	Why We Collect It	Required?	Shared?
Student name or username	Personalize lessons and greetings	Yes	No
Learning progress (subjects, levels, topics completed)	Track progress, enable adaptive learning	Yes	No
Quiz scores and performance history	Adapt lesson difficulty, identify weak areas	Yes	No
XP points and badges earned	Motivate and reward learning milestones	Yes	No
Parent email address (if provided)	Account recovery, consent verification, progress reports	Optional	No

🔒 We do not collect: photos, voice recordings, location data, device identifiers, or any sensitive personal information. We do not use advertising networks or tracking pixels. All AI processing happens on our private local servers — your child's data never leaves our infrastructure to third-party AI providers.

4. How We Use Data

Generate personalized AI lessons matched to your child's level and progress
Adapt lesson difficulty based on quiz performance (adaptive learning engine)
Display progress, XP, and badges to motivate learning
Generate progress reports for parents
Improve the platform (aggregated, anonymized analytics only)

We do not use student data for advertising, profiling, or any commercial purpose.

5. Children's Privacy (COPPA)

🇺🇸 COPPA — US Children's Online Privacy Protection Act

AIU complies with COPPA (16 CFR Part 312). For children under 13:

Parental consent is required before we collect any personal information. A parent or guardian must create the account.
We collect only the minimum data necessary to provide the educational service.
We do not condition participation on providing more information than necessary.
We do not share children's personal information with third parties.
We do not retain children's data longer than necessary for the educational purpose.

Parental Rights Under COPPA

As a parent or guardian, you have the right to:

Review all personal information collected about your child
Correct inaccurate information
Delete your child's account and all associated data
Refuse further collection or use of your child's information

To exercise these rights, email admin@aisomad.ai with your child's username. We will respond within 10 business days.

6. Canadian Privacy Rights (PIPEDA)

🇨🇦 PIPEDA — Personal Information Protection and Electronic Documents Act

AIA is operated from Canada and complies with PIPEDA. Under PIPEDA, you have the right to:

Know what personal information we hold about you or your child
Access that information and request corrections
Withdraw consent at any time (subject to legal or contractual restrictions)
File a complaint with the Office of the Privacy Commissioner of Canada: priv.gc.ca

Our lawful basis for processing is consent — provided by the parent on account creation.

7. EU/UK Privacy Rights (GDPR)

If you are located in the EU or UK, the GDPR applies to your data. Your rights include:

Right of access — request a copy of your data
Right to rectification — correct inaccurate data
Right to erasure — request deletion of your data ("right to be forgotten")
Right to data portability — receive your data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to restrict processing — limit how we use your data

For children under 16 in the EU (or under 13 in some member states), parental consent is required. Our account creation process obtains this consent.

Our lawful basis for processing is consent (Article 6(1)(a) GDPR). To exercise your GDPR rights, contact admin@aisomad.ai. You also have the right to lodge a complaint with your national data protection authority.

8. Data Storage and Security

All student data is stored on our private servers in Canada
AI lesson generation uses a local language model on our private infrastructure — no student data is sent to OpenAI, Google, or any external AI provider
Data is stored in encrypted JSON files with access restricted to the AIU application
We do not use third-party analytics, advertising networks, or tracking services
Server access is restricted by SSH key authentication and firewall rules

9. Data Retention

We retain student data for as long as the account is active. If an account is inactive for 2 years, we will delete the data. You may request deletion at any time by contacting us.

10. Cookies and Tracking

AIA uses only essential session cookies necessary for the platform to function (e.g., keeping you logged in). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required as we use only strictly necessary cookies.

11. Third Parties

We do not sell, rent, or share student personal information with any third party. The only "third party" involved in lesson generation is our local AI model (Ollama/Llama), which runs entirely on our private servers and does not transmit data externally.

12. Changes to This Policy

We may update this Privacy Policy. We will notify users of material changes by posting a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance.

13. Contact Us

For any privacy questions, requests, or complaints:

Email: admin@aisomad.ai
Website: aisomad.ai

We aim to respond to all privacy requests within 10 business days.