This policy covers Cerebryx Jr (our children's product). For our main privacy policy, see Privacy. You can also review our Terms of Service.

Cerebryx Jr
Build Your Brain, Brick by Brick

Privacy Policy for Children

Effective Date: April 20, 2026
Last Updated: April 20, 2026

Privacy Policy — Cerebryx Jr

This privacy policy is specifically for parents and guardians of children using Cerebryx Jr. We designed this policy in plain language so you can understand exactly what we collect, why we collect it, and how we protect your child's information.

COPPA Compliance Notice

Cerebryx Jr is designed for children ages 5-18 and complies with the Children's Online Privacy Protection Act (COPPA), which requires our apps to protect the privacy of children under 13. We also comply with Google Play Families Policy and Apple App Store Kids category requirements.

Table of Contents

What Information We Collect

Your child cannot use Cerebryx Jr without parental consent. You (the parent or guardian) must provide your email address to create the account. We collect the minimum information necessary to deliver our learning service.

Information Parents Provide

  • Parent/Guardian Email Address: Used to create the account, verify identity, send notifications, and manage the child's account. This is required.
  • Child's First Name: Used to personalize the learning experience (greeting, progress reports). Optional but recommended.
  • Grade Level (or Age Range): Used to tailor difficulty and content appropriateness. Optional.
  • Subject Preferences: Which learning tracks (Math, Science, Coding, etc.) the child is enrolled in. Optional.

Information Collected Automatically During Learning

  • Learning Progress Data:
    • Concepts mastered (mastery scores)
    • Questions answered (correct or incorrect)
    • Time spent on each question or concept
    • Session history (when the child used the app, how long)
  • Spaced Repetition Data:
    • Which concepts need review
    • When the next review is scheduled
    • Learning intervals and study pace
  • Gamification Data:
    • XP earned
    • Daily learning streaks
    • Badges unlocked
    • Progress on daily quests
  • Diagnostic Assessment Data:
    • Results from the initial skill diagnostic test (when first using the app)
    • Responses to diagnostic questions (to map knowledge gaps)
    • Accuracy scores by concept
  • AI Tutor Usage:
    • How many times the child requested AI help
    • Which concepts were discussed with the AI tutor
    • Tokens used (technical metric for API usage)
    • NOT STORED: The actual AI tutor conversation transcripts are NOT permanently retained in your account

Device & App Usage Data

  • Device Type: Whether your child uses iPhone, iPad, or Android device
  • App Version: Which version of Cerebryx Jr is installed
  • Crash Reports: If the app crashes, we collect technical error data to fix bugs
  • Aggregated Analytics: We use Firebase Analytics to track general usage patterns (e.g., "80% of users complete their daily goal"), but NOT user-level tracking
Bottom Line: We collect only learning and progress data necessary to deliver personalized education. We do NOT collect personal details beyond what the parent provides (no photo, name beyond first name, age beyond grade level, address, etc.).

How We Use Your Child's Information

Information Type How We Use It Legal Basis
Learning & Progress Data
(mastery scores, attempts, session history)		 • Personalize the learning experience
• Calculate spaced repetition intervals
• Recommend next concepts to study
• Generate progress reports for parents		 Service performance & parental consent
Diagnostic Results
(initial skill assessment)		 • Map knowledge gaps
• Tailor initial curriculum
• Identify concepts needing review		 Service performance & parental consent
Gamification Data
(XP, streaks, badges)		 • Display motivational feedback
• Maintain daily streaks
• Unlock achievements		 Service performance & parental consent
AI Tutor Usage
(concept discussed, tokens used)		 • Enforce daily AI limits (free tier)
• Track API costs
• Improve tutor accuracy for the child		 Service performance & fraud prevention
Device & Crash Data • Fix bugs and crashes
• Monitor app performance
• Improve stability		 Service performance & legitimate interest
Parent Email Address • Send progress updates (optional, can opt out)
• Send security alerts (e.g., login from new device)
• Send account notifications		 Service performance & parental consent

Aggregated Data

We may use aggregated, de-identified data to improve the app. For example: "Students who review Math daily improve 23% faster" or "Concept X is frequently skipped." This data cannot identify your child.

We Never Use Your Child's Data For:
  • Behavioral targeting or profiling
  • Selling to third parties for marketing
  • Training commercial AI models (see AI Tutor section below)
  • Discriminatory purposes
  • Creating user profiles for external companies

What We Do NOT Collect

The following information is explicitly NOT collected from your child, even for parental transparency:

  • Personal Identifiers (beyond first name): No last name, full name, birth date, Social Security number, student ID, or passport number
  • Location Data: No GPS, precise location, WiFi data, or IP address logging (for location purposes)
  • Biometric Data: No fingerprints, facial recognition, or voice data
  • Photos or Videos: No camera access, photos, or video from device
  • Contacts or Relationships: No access to address book, friends list, or social connections
  • Communications: No chat, email, SMS, or other messaging data
  • Financial Information: No credit card, bank account, or payment method data (parents handle all billing)
  • Advertising Identifiers: No IDFA (Apple) or GAID (Google) collection for behavioral advertising
  • Microphone or Audio: No audio recordings or voice processing
  • Precise Device Information: No IMEI, MAC address, or device serial numbers for tracking
  • Behavioral Profiling: No detailed personality assessment, psychological profiling, or interest categorization for ad targeting
Why? These restrictions are required by COPPA and app store policies to protect children's privacy. We believe in privacy by design — we collect only what's necessary for learning.
Third-party services we use

Third-Party Services & Data Sharing

Services We Use

Cerebryx Jr uses the following third-party services. No service receives your child's personal information beyond what's necessary to operate the app.

Supabase (Database & Authentication)

  • What it does: Stores all learning data, handles account login, manages real-time data sync
  • Data shared: Parent email, child first name (if provided), all learning progress data
  • Location: EU-based (GDPR compliant), with option to choose region
  • Privacy: Supabase Privacy Policy

Anthropic Claude (AI Tutor)

  • What it does: Provides AI-powered hints, explanations, and tutoring when your child requests help
  • Data shared: Only the current question/concept and the child's mastery level. No conversation history or personal data.
  • Data retention: Anthropic processes requests in real-time but does NOT train on or retain child data. See "AI Tutor Privacy" section below.
  • Privacy: Anthropic Privacy Policy

Firebase (Analytics & Crash Reporting)

  • What it does: Collects anonymous app usage metrics and crash reports
  • Data shared: Device type, app version, aggregated usage patterns. NO personal or learning data.
  • Privacy: Firebase is configured to NOT track individual users. Analytics are aggregated only.
  • Link: Firebase Privacy Policy

RevenueCat (Subscription Management — Mobile)

  • What it does: Manages Scholar/Champion subscription billing inside the mobile app
  • Data shared: Parent email, subscription status. No child data or learning information.
  • Privacy: RevenueCat Privacy Policy

Razorpay (Web Payments — India)

  • What it does: Processes subscription payments made on cerebryx.ai (UPI, cards, netbanking)
  • Data shared: Parent's name, email, and payment instrument details. Cerebryx never stores full card numbers or UPI credentials. No child data is shared.
  • Privacy: Razorpay Privacy Policy

App Stores (Apple & Google)

  • What it does: Distribution and in-app purchase processing
  • Data shared: Apple and Google receive your account email and subscription information. No child data.
  • Privacy: Apple Privacy | Google Privacy

What We Do NOT Share

  • We do NOT sell your child's data to advertisers, data brokers, or marketers
  • We do NOT share data with social media platforms
  • We do NOT share data with behavioral advertising networks
  • We do NOT use data brokers or third-party analytics beyond Firebase (aggregated)
  • Third parties are contractually prohibited from using your child's data for their own purposes

COPPA Compliance on Third Parties

All third-party services we use are COPPA-compliant and contractually bound to protect children's privacy. We do not use services that track, profile, or advertise to children.

Your Rights as a Parent

You Have Full Control

COPPA and privacy laws give you strong rights over your child's information. We support all of them.

Right to Access

You can view all data we've collected about your child.

  • Log in to the Cerebryx Jr app with your email account
  • View your child's progress, mastery scores, attempts, and gamification data
  • Export all learning data as a file (PDF or CSV)

Right to Deletion

You can request that we delete all data associated with your child's account.

  • Request account deletion through the app settings, OR
  • Email us at help@cerebryx.ai with your request
  • We will delete all data within 30 days (except aggregated data, which is de-identified)
  • Deletion is permanent and cannot be undone

Right to Refuse Further Collection

You can withdraw consent and stop us from collecting new data.

  • Suspend your child's account (they can log in but no new data is recorded)
  • We will not collect new learning data, but previously collected data remains in your account unless you request deletion

Right to Correct

You can update your child's information.

  • Edit child's first name, grade level, or subject preferences in account settings
  • Email us to request corrections to data we've recorded

Right to Non-Discrimination

We will not discriminate against you for exercising these rights. Your child's access to Cerebryx Jr will not be reduced or service quality lowered if you request data deletion or refuse further collection.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: help@cerebryx.ai

Subject Line: "Privacy Request — [Child's Name]"

Include the email address associated with the account and specify your request (access, deletion, withdraw consent, etc.). We will respond within 30 days.

How We Protect Your Child's Data

Technical Security

  • Encryption in Transit: All data sent between the app and our servers is encrypted with TLS/SSL (HTTPS)
  • Encryption at Rest: Learning data is encrypted in our database
  • Secure Authentication: Passwords are hashed using industry-standard algorithms. We never store plain-text passwords.
  • API Key Security: Claude API keys are stored securely on our servers, never on the device or in code
  • Rate Limiting: We limit API requests to prevent abuse and protect against attacks

Organizational Security

  • Limited Access: Only the development team can access databases. Access is logged.
  • No Vendor Shortcuts: We do not share API keys or credentials with third-party vendors
  • Regular Backups: Data is backed up daily and tested for recovery
  • Security Monitoring: We monitor for suspicious activity and unauthorized access

What We Cannot Guarantee

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute protection against:

  • Sophisticated hacking attacks
  • Breaches caused by stolen parent credentials
  • Physical theft of parent's device
  • Natural disasters or force majeure events

If we discover a security breach that exposes your child's personal information, we will notify you by email within 30 days.

Data Retention & Deletion

How Long We Keep Data

Data Type Retention Period Reason
Learning Progress Data
(mastery, attempts, sessions)		 While account is active + 90 days after deletion Needed to deliver the service and maintain spaced repetition accuracy
Gamification Data
(XP, streaks, badges)		 While account is active + 90 days after deletion Displays in app for motivation
AI Tutor Conversations
(transcripts, context)		 30 days (deleted automatically) Temporary working memory only. Not used for training or long-term analytics.
Crash & Error Logs 90 days Needed to identify and fix bugs
Firebase Analytics
(aggregated, de-identified)		 14 months Aggregated only, no personal identifiers
Parent Email Address While account is active (until deleted) Needed for account access and notifications
Backup/Archive Data Up to 180 days after deletion Disaster recovery. Then permanently deleted.

Automatic Deletion

Inactive accounts: If an account shows no activity for 1 year, we may delete it automatically after sending a warning email to the parent.

Parent-Requested Deletion

When you request account deletion:

  1. All learning data is marked for deletion immediately
  2. Data is permanently deleted within 30 days
  3. Backup copies are deleted within 180 days
  4. We keep aggregated/de-identified analytics only (e.g., "one user completed X concept")
  5. We send a confirmation email when deletion is complete
Exception: We may retain data longer if required by law (e.g., tax/financial records) or to resolve disputes. We will inform you of any legal retention obligations.

AI Tutor Privacy — Special Details

The AI tutor (powered by Anthropic Claude) is a core feature of Cerebryx Jr. Here's exactly how it handles your child's privacy.

How the AI Tutor Works

  • When your child asks for help on a question, the app sends:
    • The current question or concept
    • Your child's mastery level in that topic
    • A system prompt that tells Claude to be a patient tutor for kids
  • Claude returns a hint, explanation, or guided question (no direct answers)
  • The response is displayed to your child immediately

What Data is NOT Stored

Crucially, AI tutor conversations are NOT stored in your child's account.

  • We do NOT save the full conversation history
  • We do NOT save hints or explanations Claude provided
  • We do NOT log every back-and-forth between child and tutor
  • Claude responses exist only in the app session and are deleted when the app closes

What We DO Track (Minimally)

  • Usage Counter: "Child used AI help 5 times today"
  • Concept: "AI help was requested for Algebra"
  • Tokens Used: For billing purposes (to track API costs)

This is purely operational — it does NOT create a record of what the child asked or what Claude said.

Data Sharing with Anthropic

  • Real-time Processing: When your child requests help, the question and context are sent to Anthropic's API in real-time
  • NOT for Training: Anthropic does NOT use inputs from Cerebryx Jr to train Claude models. Per Anthropic's commitment, educational content involving children is never used for model improvement.
  • Retention: Anthropic retains conversation data for up to 90 days for safety/abuse monitoring, then deletes it
  • Aggregated Insights: Anthropic may analyze aggregated patterns (e.g., "common misconceptions in algebra") but NOT at the student level

Daily AI Limits (Free Tier)

  • Free accounts: 3 AI help requests per day
  • Pro accounts: Unlimited AI help
  • Limits reset daily at midnight (child's timezone)

Bottom Line on AI Tutor

The AI tutor is privacy-respecting. No conversations are permanently stored. Claude never sees your child's name, personal information, or learning history. Each interaction is independent and temporary.

Questions or Concerns?

We want you to feel confident about your child's privacy on Cerebryx Jr. If you have any questions about this policy, your child's data, or privacy practices, please reach out.

Contact Information

Email: help@cerebryx.ai

Website: cerebryx.ai

Business Address:
Akanksha Srivastava (sole proprietor), d/b/a Cerebryx
Prashasan Nagar, Jubilee Hills
Hyderabad, Telangana 500033
India

Subject Line Recommendations:

  • "Privacy Inquiry — Cerebryx Jr"
  • "Data Access Request"
  • "Account Deletion Request"
  • "COPPA Compliance Question"

Response Time: We aim to respond to all privacy inquiries within 30 days. For urgent concerns, send "URGENT" in the subject line.

Regulatory Contacts

If you believe Cerebryx Jr is violating COPPA or privacy laws, you can file a complaint with:

  • US Federal Trade Commission (FTC): reportcomplaint.ftc.gov (COPPA violations)
  • Your State's Attorney General: Consumer protection division
  • Google Play Family Safety: Report directly through Google Play
  • Apple Privacy: Through App Store feedback

Governing Law

This Privacy Policy is governed by the laws of India. Any dispute arising out of or relating to this policy shall be resolved in accordance with the Arbitration and Conciliation Act, 1996, with the seat and venue of arbitration in Hyderabad, Telangana, India. Parents and guardians in the United States retain all rights and protections afforded to their children under COPPA (Children's Online Privacy Protection Act). Parents and guardians in the EU/UK retain all rights under GDPR, and California residents retain all rights under CCPA/CPRA.

Policy Changes

We may update this privacy policy to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be sent to your email address, and the updated policy will be effective 30 days after notice.

You will have the opportunity to withdraw consent before new practices take effect. Continued use of Cerebryx Jr after the 30-day notice period constitutes acceptance of the updated policy.

We will maintain a change log of all updates at cerebryx.ai/privacy-jr. You can always check what's changed since you last reviewed the policy.

In Plain English: If we add a new feature that collects different data, we'll email you first. You get 30 days to decide if you're okay with it.

Summary for Parents

Quick Reference

  • Account Ownership: You own the account. Your child logs in as a sub-account under your email.
  • Data Minimization: We collect only learning progress, not personal details or identifiers.
  • No Ads or Tracking: No behavioral advertising, no ad targeting, no tracking across apps.
  • Full Parental Control: You can view, download, or delete all data anytime.
  • Third-Party Limits: Services we use are COPPA-compliant and contractually bound.
  • AI Tutor Safety: Conversations not stored long-term. Claude does not train on your child's data.
  • Security: Data encrypted in transit and at rest. Regular backups. Breach notification within 30 days.
  • Questions? Email help@cerebryx.ai anytime.