Privacy Policy

Last updated May 24, 2026. This policy includes our COPPA Direct Notice to parents.

In plain English

  • We only collect what we need to run lessons: your child's first name, age, grade, and their answers in lessons.
  • We never sell or share your child's data with advertisers.
  • You can review, export, or permanently delete your child's account from your account page.
  • Lesson questions and answers are sent to Anthropic (the AI vendor) to generate responses. Anthropic does not use this data to train models when accessed through the API we use.

1. Who collects the data

Homeschool Hub (“we”) is the operator of this service and the data controller. Contact: [email protected].

2. What we collect about the parent

  • Name and email address.
  • A bcrypt-hashed password (we never store your plain password).
  • Billing identifiers from Stripe if you subscribe (we never store your card number).
  • Standard server logs (IP, user agent, timestamps) for security and abuse prevention.

3. What we collect about your child

For each child profile you create we store only what is needed to deliver lessons:

  • First name (or nickname) and age, to pick grade-level content.
  • Grade level and learning preferences you set.
  • Lesson answers, mastery scores, and progress records — needed to give the next lesson at the right difficulty.
  • If you enable audio: short audio clips of your child reading or speaking, which are sent to ElevenLabs for transcription and then discarded. We do not retain audio after grading.

We do not collect home address, phone number, social-security number, photo, geolocation, or contact lists from your child.

4. How we use the data

  • To pick the next appropriate lesson and grade answers.
  • To show you your child's progress on the parent dashboard.
  • To process your subscription payment.
  • To respond when you email us for support.

We do not use your child's data for advertising, profiling, or model training.

5. Who we share it with

We share data only with vendors that help us run the service:

  • Anthropic — generates AI lesson content and grades answers. Lesson prompts and answers are sent over the API and are not used to train Anthropic models.
  • ElevenLabs — converts text to speech (audio lessons) and grades short spoken answers. Audio is discarded after transcription.
  • Stripe — processes subscription payments. We never see your full card number.
  • Hosting — our servers are hosted on bare-metal infrastructure that we manage directly. Database backups are encrypted.

We will never sell your or your child's personal information.

6. COPPA Direct Notice (children under 13)

The Children's Online Privacy Protection Act (COPPA) requires us to give parents specific information before collecting personal information from a child under 13. Here it is:

  • What we collect — first name, age, grade, and lesson answers, as described in section 3.
  • Why — solely to deliver and personalize lessons.
  • Disclosure — only to the vendors in section 5, solely to operate the service.
  • Parental consent — you must check the COPPA consent box when signing up before any child profile can be created. This serves as your verifiable parental consent under COPPA.
  • Your rights — you can review what we hold, refuse further collection, and request permanent deletion at any time from your account page or by emailing [email protected]. Deletion completes within 30 days.
  • No conditioning — we do not condition your child's participation on disclosing more personal info than is reasonably necessary.

7. How long we keep it

We keep account and lesson data for as long as the account is active. When you delete a child profile, all related learning data is removed within 30 days. When you delete your entire account, the same applies for every profile under it. Backups are rotated within 90 days.

8. Security

Passwords are hashed with bcrypt. Connections to the site are encrypted with TLS. Database access is restricted to the application servers. No system is perfectly secure, but we follow industry-standard practices.

9. International users

The service is hosted in the United States. If you use it from another country, you understand that your data will be processed in the US. EU/UK users have the rights described in GDPR (access, rectification, erasure, portability) — exercise them from your account page or by email.

10. Changes

If we materially change this policy, we will email you and post the change in the app at least 14 days before it takes effect.

11. Contact

For any privacy question, including COPPA requests, email [email protected].