Children’s Privacy Policy – Aimathic

Effective date: November 25, 2025

Aimathic (“we”, “us”) is committed to protecting the privacy of children who use our services. This Children’s Privacy Policy explains how we collect, use and protect personal data of children in accordance with the U.S. Children’s Online Privacy Protection Act (COPPA) and other applicable data protection laws (including the EU/UK GDPR where they apply).

This policy applies to our direct-to-consumer (B2C) offering where a parent or guardian purchases Aimathic for their child.

1. Who we are

Aimathic is an AI-powered tutoring platform operated by:

Aimathic
Igor Kogan
Karwendelstr. 25
81369 Munich, Germany
Email: support@aitmathic.com

For privacy questions, please contact us at the email above.

2. What data we collect

We distinguish between parent data and child data.

2.1 Data about parents / guardians

When you buy Aimathic or create a family account, we collect:

• Full name
• Email address
• Billing address and country
• Account login details (e.g. password, if we host login)
• Payment-related information (e.g. Stripe customer ID, payment method type, last 4 digits and expiry date of the card – we do not store full card numbers; Stripe processes payments for us)
• Communication data (support requests, emails)

We use this data to provide the service to you, manage your subscription and communicate with you.

2.2 Data about children

When you set up an account or profile for your child, we typically collect:

• Child’s name (for personalization – “Great job, Anna!”)
• Account identifiers (internal user ID, class or group)

During use of the tutor, we collect:

• Content of interactions with Aimathic
  • Questions and answers typed by your child
  • Explanations and feedback from the AI tutor
  • Results of exercises (correct/incorrect, hints used, time spent)
• Voice data (if voice is enabled)
  • Audio of your child’s voice is streamed to our speech-to-text provider to obtain text
  • We do not keep raw audio recordings in production longer than necessary to process the request
  • The text transcripts of what your child said are stored like any other chat message
• Technical and usage data
  • IP address, device/browser type, approximate location based on IP (e.g. country/city)
  • Cookies / identifiers needed for sign-in, session continuity and security
  • Log data such as timestamps, error logs, and performance metrics

Important: We do not require your child’s last name, email address, phone number or postal address for them to use Aimathic. However, these details might appear indirectly if you enter them (for example in profile fields or free-text messages). If that happens, we will treat them as personal data and protect them accordingly.

We do not intentionally collect special categories of data about children (e.g. health, religion, political views). If such information is accidentally provided, we do not use it and may delete or anonymise it.

3. Why and how we use the data

We use personal data only as needed to provide and improve the tutoring service and to comply with legal obligations.

For children’s data, our main purposes are:

• Provide the tutoring service
  • Generate and display AI tutoring responses
  • Track learning progress, strengths and weaknesses
  • Save session history so the child (and parent) can revisit explanations
• Personalize learning
  • Adapt difficulty level and content to the child’s performance
  • Show the child’s name in the interface
• Ensure security and proper functioning
  • Prevent abuse, fraud and attacks
  • Diagnose technical problems and maintain service quality

For parent data, our main purposes are:

• Contract & billing
  • Create and manage your account
  • Process payments and subscriptions via Stripe
  • Send receipts, renewal reminders and important service notices
• Support & communication
  • Answer questions and provide customer support
  • Inform you about changes to the service or this policy

We do not:

• Show advertising to your child
• Sell your child’s personal data
• Use your child’s data to build marketing profiles
• Share children’s data with advertisers or data brokers

If we ever wish to use children’s data for a new purpose not described here, we will update this policy and, where required, ask for new parental consent.

4. Legal bases (for GDPR countries)

Where the GDPR/UK GDPR applies (e.g. EU, EEA, UK), we rely on:

• Art. 6(1)(b) GDPR – Contract
  • For processing parent data to provide the service you purchased.
• Art. 6(1)(a) GDPR – Consent
  • For processing children’s personal data where parental consent is required (typically under age 16, depending on country).
  • You give consent during signup (checkbox + payment) and can withdraw it at any time.
• Art. 6(1)(f) GDPR – Legitimate interests
  • For necessary security and anti-abuse logs, improving stability and performance, and product improvement using aggregated/anonymised data – always balanced against children’s rights and expectations.

5. Service providers and data sharing

We use carefully selected processors (service providers) to run Aimathic, including:

• Cloud hosting providers (e.g. Oracle Cloud)
• AI model providers (e.g. Google Cloud / Vertex AI)
• Speech-to-text and text-to-speech providers (e.g. Deepgram, Google)
• Payment provider (Stripe)
• Error monitoring / logging tools

These providers:

• Act only on our instructions
• Are bound by data processing agreements and confidentiality
• Are not allowed to use children’s data to train public models, advertise, or sell data

We may also share data where required by law (e.g. to comply with a court order) or to protect someone’s vital interests or our legal rights. In such cases we limit disclosure to what is strictly necessary.

We do not share children’s personal data with third parties for their own marketing purposes.

6. International transfers

Our servers and some service providers may be located outside your country (for example in the European Union and/or the United States).

Where data is transferred internationally:

• We ensure there is an appropriate legal mechanism (e.g. Standard Contractual Clauses approved by the European Commission and, where relevant, UK equivalents).
• We take additional measures where necessary to protect the data.

By using Aimathic, you understand that your and your child’s data may be processed in these countries in accordance with this policy and applicable law.

7. How long we keep data

We keep personal data only as long as needed for the purposes described above:

• Active subscription: we keep parent and child data for the lifetime of the account so the service works as expected.
• After cancellation or prolonged inactivity: we delete or anonymise personal data after a reasonable period (e.g. [X months] after the end of the subscription), unless we are required by law to keep it longer (e.g. accounting records).
• Backups: data may remain for a limited time in backup archives, but these are protected and automatically overwritten.

You can request deletion earlier at any time (see next section).

8. Parents’ rights

Regardless of where you live, as a parent or legal guardian you can:

• Access: ask what personal data we have about your child and receive a copy
• Rectify: ask us to correct inaccurate or incomplete data
• Delete: request deletion of your child’s personal data
• Withdraw consent: stop us from further processing your child’s data (we will then deactivate the child’s account and delete data, except where the law requires retention)

If GDPR applies, you may also have:

• Restriction of processing
• Data portability (for data you provided to us)
• Right to object to certain processing (e.g. legitimate interests)
• Right to lodge a complaint with a supervisory authority (e.g. your local data protection authority)

To exercise these rights, contact us at support@aitmathic.com. We may need to verify your identity to protect your child’s privacy.

For school accounts, some requests may need to go via the school; we will support you and the school in handling them.

9. Changes to this policy

We may update this Children’s Privacy Policy from time to time. If we make material changes (especially concerning how we handle children’s data), we will:

• Update the “Effective date” above, and
• Inform you by email or an in-app notice, and
• Obtain new consent if required by law.

10. Contact

If you have questions or concerns about this policy or about your child’s data, please contact:

Aimathic
Igor Kogan
Karwendelstr. 25
81369 Munich, Germany
Email: support@aitmathic.com

Notes

If you like this, you can:

• Replace the square-bracket placeholders with your real details and specific retention period.
• Reuse the wording in your Stripe flow (summary + link to this policy).

If you want, I can next help you shrink this into a super-short “parent consent box text” that directly references this full policy.