Skip to content
BrainkitobrAInkito
Log InSign Up

Privacy Policy

Last updated: February 28, 2026

1. Introduction

Brainkito ("we", "us", "our") is an AI education platform designed for children aged 6–16, operated by parents. We are committed to protecting the privacy of children and their families. This Privacy Policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

  • Parent account: email address and password (hashed)
  • Child profiles: display name, avatar choice, age mode, and optional birth year
  • Learning progress: lesson completions, XP, badges, streak data, and daily challenge completions
  • Studio projects: project names, descriptions, and code created using the AI builder
  • AI usage: prompts sent to the AI builder and safety moderation logs (we do not store AI-generated content beyond what is saved in projects)
  • Activity data: session times and feature usage for parental oversight

3. COPPA Compliance

Brainkito complies with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information directly from children under 13 without verifiable parental consent. All child accounts are created and managed by a parent or legal guardian. Children do not provide email addresses or any personally identifiable information — only display names chosen by their parents.

4. How We Use Data

  • To provide the learning and creation experience
  • To track learning progress and award achievements
  • To enable parental oversight and safety monitoring
  • To improve our platform and educational content
  • To ensure content safety through AI moderation

5. Data Storage & Security

All data is stored in Supabase, a secure cloud database platform. Data is encrypted in transit (TLS) and at rest. Passwords are hashed using industry-standard algorithms. Child PINs are hashed and never stored in plain text. We use Row Level Security (RLS) policies to ensure parents can only access their own children's data.

6. Data Sharing

We do not sell, rent, or share personal data with third parties for marketing. Data may be shared with:

  • AI providers: prompts are sent to AI services for content generation (no personal data is included in prompts)
  • Infrastructure providers: Supabase (database), Vercel (hosting) — as necessary to operate the service

7. Your Rights

  • Access: You can view all data we hold about you and your children through the parent dashboard
  • Export: You can export your data at any time from Settings
  • Deletion: You can delete your account and all associated data. We will permanently remove all personal data within 30 days of a deletion request
  • Correction: You can update profile information at any time

8. Cookies & Tracking

We use essential cookies only for authentication and session management. We do not use advertising trackers. We may use privacy-friendly analytics (such as PostHog) to understand how the platform is used — no personal data is shared with analytics providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered parents. The "Last updated" date at the top reflects the most recent revision.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: hello@brainkito.com