Last updated: July 2026
When you create an account, we collect:
We do not sell, trade, or rent your personal information to third parties. Profile information visible to other users is limited to: name, avatar, grade level, and school name. Chat messages are stored securely and can be reported for moderation.
Passwords are hashed using bcrypt with a high cost factor. All API communication uses security headers (CSP, HSTS). Authentication tokens expire after 30 days.
You can request to view, update, or delete your account and associated data at any time by contacting us. Progress data may be retained for analytics purposes after account deletion.
We use localStorage for theme preferences and session data. No third-party tracking cookies are used. Google Sign-In uses its own cookie policy governed by Google's Privacy Policy.
If you have questions about this policy, please contact us.