Privacy Notice

📋 Special notice for parents and guardians AESOP AI Academy is used by learners of all ages, including children under 13. We take our COPPA obligations seriously. This notice explains exactly what we collect from your child, how it is used, and how you can access or delete it. Jump to the children's privacy section →

Who We Are
What Information We Collect
How We Use Your Information
Special Protections for Children Under 13 (COPPA)
Third-Party Services
How Long We Keep Your Data
How We Protect Your Data
Your Rights
Contact Us

1. Who We Are

AESOP AI Academy is an AI literacy curriculum operated at aesopacademy.org. The platform provides structured courses teaching learners of all ages how artificial intelligence works, how to use it responsibly, and how to think critically about its impact on society.

For questions about this notice, contact us at scott@aesopacademy.org.

2. What Information We Collect

Data Type	Examples	Purpose	Required?
Account information	Display name, email address, date of birth (age range only)	Create and manage your account	Yes
Course progress	Completed lessons, quiz scores, current module	Remember where you left off; unlock next lessons	Yes
Usage data	Pages visited, time spent, device type	Improve curriculum quality; identify broken pages	Automatic
For under-13 learners	Parent/guardian name and email	Send and record COPPA parental consent	Required by law

We do not collect: social security numbers, payment information, photos, precise location, or any sensitive health information.

3. How We Use Your Information

To operate the platform — account login, progress tracking, unlocking course modules.
To improve the curriculum — understanding which lessons learners find difficult, which pages have errors, and how long modules take to complete.
To communicate with you — account-related emails only (consent confirmation, password reset). We do not send marketing emails.
To comply with the law — maintaining parental consent records as required by COPPA.

We never use your information for advertising, never sell it to third parties, and never use it to build advertising profiles.

4. Special Protections for Children Under 13 (COPPA)

The Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §6501) requires us to obtain verifiable parental consent before collecting personal information from children under 13. Here is exactly how we handle that:

Age gate Every new user enters their date of birth during sign-up. Users under 13 are routed to our parental consent flow before any account is created. We do not collect information from under-13 users before consent is received.

Parental consent process We send a verifiable parental consent (VPC) email to the parent or guardian email address provided. The email contains a unique, time-limited link. Clicking the link constitutes verifiable parental consent. We record the consent with a timestamp and the parent's email. Module access beyond Module 0 is blocked until consent is confirmed.

What we collect from children under 13:

Display name and email address (for account login)
Course progress (lessons completed, quiz scores)
Date of birth (stored as age range only, not exact date)
Parent/guardian name and email (for consent record only)

What we do NOT collect from children under 13:

Precise location
Photos or video
Advertising identifiers
Social media profiles
Any information not listed above

Parental rights (COPPA §312.6): At any time, parents and guardians may:

Review the personal information we have collected about their child
Request that we correct or delete their child's personal information
Withdraw consent and request that we stop collecting information
Delete their child's account entirely

To exercise these rights, visit our Parent Portal or email scott@aesopacademy.org.

5. Third-Party Services

We use the following third-party services. We do not share personal data with any advertising networks.

Service	Purpose	Data Shared	COPPA Status
Firebase (Google)	User authentication, course progress storage, usage analytics	Email, display name, usage events	Firebase Analytics runs in child-directed mode (no advertising IDs collected). Google is a COPPA Safe Harbor participant.
fal.ai	AI-generated video content in select lessons	Text prompts only (no personal information)	Prompts are sanitized before transmission. No user PII is sent.
Mocahost	Web hosting and email delivery	Server logs (standard)	Standard web hosting; no special data access.

6. How Long We Keep Your Data

Data Type	Retention Period
Account data (name, email, progress)	While account is active, plus 90 days after deletion request
Analytics data (Firebase)	14 months (Firebase default, reduced to 2 months on next configuration update)
Parental consent records	3 years from date of consent (FTC guidance requirement)
Server access logs	30 days (Mocahost standard)

When an account is deleted, all associated personal data and course progress is permanently deleted within 90 days. Parental consent records are retained for 3 years as required by FTC guidance, but all personally identifiable information beyond the consent timestamp is removed.

7. How We Protect Your Data

Security measures in place: All data is transmitted over HTTPS (TLS encryption). Passwords are managed by Firebase Authentication (industry-standard hashing). Parental consent tokens are single-use, time-limited (72 hours), and stored server-side. We do not store plaintext passwords.

No method of data transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at scott@aesopacademy.org.

8. Your Rights

You have the right to: Access a copy of your personal data · Correct inaccurate information · Request deletion of your account and data · Withdraw consent (for under-13 learners, parents may do this) · Receive a copy of your data in a portable format

To exercise any of these rights, email scott@aesopacademy.org or visit the Parent Portal. We will respond within 30 days.

We do not discriminate against users who exercise their privacy rights.

9. Contact Us

Privacy Questions & Requests

For any questions about this Privacy Notice, to exercise your rights, or to submit a parental access or deletion request:

Email: scott@aesopacademy.org

Parent Portal: aesopacademy.org/parent-portal.html

We will respond to all privacy requests within 30 days. For urgent requests involving children's data, we aim to respond within 5 business days.

Contents

1. Who We Are

2. What Information We Collect

3. How We Use Your Information

4. Special Protections for Children Under 13 (COPPA)

5. Third-Party Services

6. How Long We Keep Your Data

7. How We Protect Your Data

8. Your Rights

9. Contact Us

Privacy Questions & Requests