COPPA Compliance

What we commit to

• When we have actual knowledge that a user is under 13, we obtain verifiable parental consent before collecting, using, or disclosing any personal information from that child.
• We do not disclose a child's personal information to third parties except as strictly necessary to provide our service (e.g. hosting, AI inference), and only with providers who have signed COPPA-compatible data processing terms with us.
• We never condition a child's participation in our services on disclosing more information than is reasonably necessary.
• Parents can review, export, or delete the personal information we have stored about their child at any time, and can withdraw consent.
• We store child information with at-or-above industry-standard safeguards: row-level security, encryption in transit, access controls, and immutable access audit logs.
• We retain child information only as long as needed to provide the service to the child, and automatically delete data that exceeds our published retention windows.

What we collect from children

After parental consent, we may collect the following from a child during normal use of our services:

• Account info: name, email, password hash, the courses or institution they belong to, age.
• Learning activity: assignment submissions (including written responses), quiz answers, mock exam results, mastery state, misconception profile.
• Tutoring interactions: chat threads with the AI Study Buddy, feedback received from grading.
• Technical info: login times, device type, derived IP signals (truncated), security and audit logs.

Parent rights

Parents have the right to, at any time:

• Review all personal information we have stored about their child.
• Request an export of that information in a readable format.
• Ask us to permanently delete that information (the child's account is closed and all related data is removed from our production database within 7 days).
• Withdraw previously-given consent and stop further collection and use of the child's information.

To exercise any of these rights, email us at coppa@fintellect-learning.com.

School authorization

When Fynl Classroom is deployed at a K-8 school, COPPA permits the school to authorize collection on behalf of parents for educational use only. For each such deployment we require the school administrator to confirm in writing:

• The school has sent direct notice to parents describing what Fintellect will collect and why.
• The data is used only for the school's educational purposes — never for commercial purposes or external advertising.
• If a parent withdraws authorization, the school will notify us and we will execute the deletion of that individual student's data.

Third-party processors

A small number of trusted vendors are involved in delivering the service to your child:

• Supabase — Postgres database, authentication, and object storage hosting.
• Our AI inference provider — for AI grading and tutoring features (per-call use, with explicit no-training-retention terms).
• Stripe — for adult-payer billing. No child information passes through Stripe.
• Vercel + CDN — website hosting.

Each processor is bound by its own contracts with us, including COPPA-compatible data-processing terms. We review their policies and contract terms at least annually.

Contact us

If you have any questions about our child-data practices or want to exercise parent rights, contact us: