Legal · Last updated April 2026

Privacy Policy

We take privacy seriously — especially for students under 13. This page explains what we collect, why, and your rights under COPPA (the US Children’s Online Privacy Protection Rule).

What we collect

  • Email, name, and authentication tokens from Auth0
  • Date of birth (to determine whether COPPA applies)
  • For users under 13: a parent’s name and email, solely to obtain verifiable parental consent
  • Practice data — questions answered, timing, and score

COPPA (users under 13)

If you tell us you are under 13, we do not create an account until your parent or legal guardian has verified consent via the email we send them. Until that happens, no personal information beyond the consent record is collected or retained.

Parents may, at any time, email privacy@ivytutors.com to review, delete, or refuse further collection of their child’s information.

Verifiable parental consent method

We rely on email-link verification as the consent method. A unique, time-limited link is sent to the parent email the child provides; the parent clicks to confirm. This meets the FTC’s Safe Harbor criteria for operators who use children’s personal information for internal use only (see 16 CFR §312.5(b)).

Data retention

Consent records are retained for the life of the account plus 3 years for audit. Practice data is retained while the account is active and deleted within 30 days of account closure.

Contact

Email privacy@ivytutors.com with any privacy request.

This is a placeholder page — replace with your legal team’s final copy before launch. See FTC COPPA Rule.