PrepCraft Privacy Policy

Effective Date: [January 1, 2025]

TL;DR (Too Long; Didn't Read) We take your child's privacy seriously. Our platform collects only the information needed to provide personalized learning experiences (like first names, grade levels, and learning progress). We never sell personal information that could identify your child, and we use industry-standard security to protect all data. Parents have complete control over their child's information and can review or delete it at any time. We comply with all major privacy laws (COPPA, GDPR, CCPA) and aim to exceed standard privacy requirements for children's educational technology. Think of us as your trusted educational partner who treats your child's privacy as carefully as you would.

This Privacy Policy explains how PrepCraft ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when users access and use our online educational platform and related services ("Services"). PrepCraft is designed for children aged 4 to 14, as well as their parents, guardians, and educators. We adhere to stringent privacy standards, including compliance with the Children's Online Privacy Protection Act (COPPA) in the United States, the General Data Protection Regulation (GDPR) in the European Economic Area (EEA) and the UK, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and other applicable laws. Where possible, we also strive to meet or exceed the standards set by reputable children's privacy and safety certification programs (e.g., kidSAFE Seal Program or PRIVO certification).

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

1. Scope and Applicability

This Privacy Policy applies to all users worldwide, including children, their parents or guardians, and educators. It also addresses privacy concerns arising from different legal frameworks:

  • COPPA (U.S.): For children under 13 in the U.S., we obtain verifiable parental consent before collecting personal information.
  • GDPR (EEA, UK): For users in these regions, we rely on lawful bases for data processing, ensure appropriate safeguards for data transfers, and grant data subject rights as required by the GDPR.
  • CCPA/CPRA (California): California residents enjoy specific rights over their personal information, including the right to know, delete, and opt out of certain sales or sharing of personal data. We extend these rights to all qualifying users where required by law.
  • Children's Privacy Certifications: Where possible, we align our practices with standards set by independent children's privacy and safety certification bodies, ensuring our approach is transparent, accountable, and child-friendly.

2. Information We Collect

2.1 Personal Information Provided by Parents/Guardians or Educators

  • Registration Data: Parent or guardian name, email address, payment details (for subscriptions), and child's first name (or screen name), age or grade level.
  • Educator or School Accounts: Teacher or administrator name, email, and school affiliation, along with basic student roster info (student first name or screen name, grade).

We do not require children to provide more personal data than is reasonably necessary. In many cases, we rely on parents, guardians, or educators to provide information on behalf of the child.

2.2 Automatically Collected Information We collect certain technical information automatically:

  • Usage Data: Pages visited, time spent on features, performance metrics on educational activities.
  • Device Data: IP address, browser type, device identifiers, operating system.
  • Cookies and Tracking Technologies: Used for functionality, maintaining sessions, personalization, and analytics. Parents can disable cookies via browser settings, though this may affect certain features.

2.3 AI Interaction Data When users interact with our AI-driven tutoring or chatbot features:

  • Interaction Logs: User queries, responses, and selected topics.
  • Performance Metrics: AI-driven suggestions, adaptation of content difficulty.

We take steps to minimize personal data in these interactions and do not attempt to identify a child personally from their AI interaction data.

3. How We Use the Information

We use collected information to:

  • Provide and Personalize Services: Deliver tailored lessons, quizzes, and educational activities according to skill level, interests, and performance.
  • Maintain and Improve the Platform: Use aggregated data and analytics to enhance user experience, develop new features, and improve the quality of educational content.
  • Support and Communication: Respond to inquiries, provide technical assistance, and share relevant updates with parents or guardians.
  • Legal Compliance and Safety: Comply with applicable laws, protect users' data, enforce our Terms of Service, and prevent fraudulent or harmful activities.

Our goal is to create a trusted, child-friendly environment that respects privacy and fosters learning. We never condition a child's participation in activities on disclosing unnecessary personal information.

4. Legal Bases for Processing (For EEA, UK Users)

  • Consent: Particularly for processing children's data, we require verifiable parental consent.
  • Contract: We process data as needed to provide the services agreed upon with parents, guardians, or educational institutions.
  • Legitimate Interests: For improvements, security, and fraud prevention, balanced against user rights and interests.
  • Legal Obligations: Compliance with laws, including COPPA, GDPR, and others, may require processing certain personal data.

5. Rights of Users (Including Under GDPR and California Laws)

EEA/UK Users:

  • Access, Correct, Delete: Request access to, correction, or deletion of personal data.
  • Restrict or Object to Processing: Limit our use of data in certain circumstances.
  • Data Portability: Receive personal data in a structured, commonly used format.
  • Withdraw Consent: At any time, without affecting the lawfulness of prior processing.

California Residents (CCPA/CPRA):

  • Right to Know: About categories and specific pieces of personal information collected.
  • Right to Delete: Request deletion of personal information.
  • Right to Opt-Out: Of the sale or sharing of personal information, if applicable.
  • Right to Non-Discrimination: We do not discriminate against users who exercise their privacy rights.

Parents of child users can exercise these rights on behalf of their children. Contact us as described in the "Contact Us" section. We verify identity and respond according to applicable laws.

6. Disclosure of Information

We do not sell children's personal information.

We disclose data only in these circumstances:

  • Service Providers: To trusted vendors performing functions on our behalf (e.g., hosting, payment processing, analytics). They must comply with our data protection requirements and cannot use data for their own purposes.
  • Legal Compliance: To comply with laws, court orders, or government requests, or to protect the rights, safety, or property of our users or our business.
  • Corporate Transactions: In the event of a merger, acquisition, bankruptcy, or similar transaction, user data may be transferred. We will notify users if policies change as a result.

7. Children's Privacy and Parental Controls

  • Parental Consent: We obtain verifiable parental consent prior to collecting personal data from children under the appropriate age thresholds as required by COPPA and equivalent laws.
  • Review and Deletion: Parents or guardians can review their child's personal data, request its deletion, and revoke consent at any time, potentially limiting access to some features.

We employ child-centric privacy controls and communicate privacy practices in a manner understandable to parents and, where appropriate, to children, fostering an environment of trust and safety.

8. Data Security and Retention

We implement industry-standard security measures (encryption, secure authentication, auditing) to protect personal information. While we cannot guarantee absolute security, we continuously work to enhance safeguards.

We retain personal data only as long as necessary for educational and operational purposes or as required by law. When no longer needed, data is securely deleted or anonymized.

9. International Data Transfers

For users outside the United States, personal data may be transferred to and processed in other countries. We comply with the GDPR, employing appropriate safeguards (e.g., Standard Contractual Clauses) for data transfers, ensuring a level of data protection consistent with applicable laws.

10. Compliance with Child-Friendly Standards

We strive to meet or exceed the requirements of reputable children's privacy and online safety organizations. We may seek certifications or seals (e.g., from kidSAFE or PRIVO) to demonstrate our commitment. Any certification obtained will be noted on our website, along with links to relevant guidelines and complaint procedures.

11. Third-Party Links and Integrations

Our Services may contain links to third-party sites or integrations. We are not responsible for the privacy practices of these third parties. We encourage reviewing their privacy policies before sharing personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will post the updated policy with a new "Effective Date" and, where required, provide additional notice. Continued use of our Services after such updates constitutes acceptance of the revised terms.

13. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, including those related to GDPR, CCPA/CPRA, or other regulations, please contact us at:

Email: privacy@prepcraft.ai

We will promptly address inquiries and work in good faith to resolve any privacy-related issues, aiming to uphold the highest standards in protecting children's data and maintaining the trust of our community.

PrepCraft Logo

Empowering your child’s education through AI-powered learning, interactive practice exams, and engaging educational games—making learning both effective and enjoyable.

Platform

Stay Updated with PrepCraft

Subscribe for educational tips, platform updates, and learning resources

© 2025 PrepCraft. All Rights Reserved

30 N Gould St Ste N
Sheridan, WY 82801 USA

The Cognitive Abilities Test™ (CogAT®) and Iowa Assessments™ (Iowa Tests®, ITBS®) are a registered trademarks of Riverside Assessments, LLC, and its affiliates ("Riverside"). Riverside does not sponsor or endorse any PrepCraft.ai products or programs, nor have PrepCraft.ai products or programs been reviewed, certified, or approved by Riverside. PrepCraft.ai's practice questions are proprietary, independently developed materials based on publicly available information, and do not contain actual CogAT or Iowa Assessments test questions.

All trademarks referenced herein belong exclusively to their respective owners and are used solely for nominative and informational purposes. PrepCraft.ai is not affiliated with nor endorsed by any trademark holders or test publishers mentioned.