Privacy Policy

Last updated: April 2026

Your privacy matters to us. This policy explains what information we collect and how we use it, in simple language. We take extra care to protect younger users.

What We Collect

Account Information

  • Name, email address, password (securely encrypted)
  • Language preference (auto-detected)
  • Class code (optional — if provided by a teacher)

Learning Data

  • Which books and chapters you've read
  • Quiz scores and game results
  • Time spent reading
  • XP points, streaks, and achievements

Technical Data

  • IP address (for security and country detection)
  • Browser type (for login security tracking)
  • Login history (success/failure, for account protection)

Payment Data

  • Purchase history and book access records
  • Payment processing is handled by a trusted third-party provider — we never see or store your credit card number

How We Use Your Data

PurposeWhat We Use
Running your accountName, email, password
Personalizing your experienceAge, language preference, reading progress
Teacher dashboardStudent progress, quiz scores (visible to linked teacher only)
Admin analyticsAggregate statistics (no individual data shared publicly)
SecurityIP address, login history (to detect suspicious activity)
CommunicationContact form messages, feedback submissions
Improving the platformAggregate usage patterns (which books are popular, where students struggle)

Legal Basis for Processing

  • Contract performance: we process your data to provide the service you signed up for (account, reading, progress tracking)
  • Consent: you consent to data processing when you create an account and agree to these terms
  • Legitimate interest: we process security data (IP, login history) to protect your account and our platform
  • For users under 16: processing is based on parental/guardian consent provided during registration

Data Controller

Inside the AI Mind is the data controller responsible for your personal data. For privacy inquiries, contact our privacy team at support@insidetheaimind.com

Privacy for Younger Users

  • We comply with the Children's Online Privacy Protection Act (COPPA) and GDPR provisions for children's data (Article 8)
  • We collect the minimum data needed for the platform to work (data minimization)
  • We never sell user data to anyone — including children's data
  • We never show ads or engage in behavioral advertising
  • Users under 13 must provide a parent/guardian email during registration — a consent notification is sent to the guardian
  • Users aged 13-15 (EU) or 13-17 (elsewhere) are encouraged to register with parental oversight
  • Parents/guardians can request to view, export, or delete their child's data at any time by emailing support@insidetheaimind.com
  • Parents/guardians can withdraw consent and request account deactivation at any time
  • We do not condition a child's participation on providing more personal data than is reasonably necessary

Who Can See Your Data

  • Your teacher (if linked): can see your reading progress, quiz scores, and last active time
  • Platform admins: can see account information for support and moderation purposes
  • No one else: we don't sell, rent, or share your personal data with advertisers or third parties

Third-Party Services We Use

  • Payment processing (has its own privacy policy)
  • Website hosting and content delivery
  • Content management system (no user data)
  • Security and bot protection
  • Email delivery for verification, password resets, and notifications
  • Error monitoring (EU region, no personally identifiable information stored)

Cookies & Local Storage

  • We use one secure cookie for authentication (not tracking)
  • We save your progress locally on your device for offline access
  • We do NOT use advertising cookies or tracking pixels

Data Retention

  • Account data: kept while your account is active. Deleted within 30 days of account deletion request.
  • Learning progress: kept while your account is active. Deleted with your account.
  • Login history: kept for 12 months for security purposes, then automatically deleted.
  • Payment records: kept for 7 years as required by financial regulations.
  • Contact form messages: kept until resolved, then archived.

International Data Transfers

Your data may be processed outside the EU/EEA by our service providers, primarily in the United States and EU (Ireland).

All international transfers are protected by Standard Contractual Clauses (SCCs) and the providers' security certifications.

Automated Decision-Making

  • No AI-generated content is used to make decisions that affect your rights
  • Bot protection is used to prevent spam — it runs silently and does not affect your experience
  • No automated decisions are made that have legal or significant effects on users

Your Rights (GDPR)

Under European data protection law, you have the right to:

  • Access: request a copy of all your personal data in a portable format
  • Rectification: ask us to correct inaccurate information
  • Erasure: ask us to delete your account and all associated data
  • Withdraw consent: stop us from processing your data at any time
  • Data portability: receive your data in a machine-readable format
  • Lodge a complaint: you have the right to complain to your local data protection authority

To exercise any of these rights, email: support@insidetheaimind.com

Data Security

  • Passwords are securely encrypted — we can never see your password
  • All data transmitted over HTTPS (encrypted in transit)
  • Database access restricted to authorized systems only
  • Regular security reviews and updates

Changes to This Policy

  • We'll update this page when our practices change
  • Significant changes will be communicated via email
  • The "last updated" date at the top always reflects the current version

Contact

Questions about your privacy? Email support@insidetheaimind.com