← Back to home

Privacy Policy

Last updated: 1 April 2026

1. Who We Are

GRAIVE operates this educational platform for learners aged 10–18. We are committed to protecting the privacy of all users, with particular care for younger learners.

2. Information We Collect

  • Account data: name, email address, age group selected at sign-up.
  • Parent/guardian email (optional, for learners under 14).
  • Learning activity: which modules you've completed and progress tracking.
  • AI conversations: when history is enabled, messages you send to the AI tutor are stored per-module to provide context on your next visit.
  • Usage data: daily AI message count for rate-limiting on the free tier.
  • Payment data: handled entirely by Stripe. We never see or store full card numbers.

3. How We Use Your Data

  • To provide and improve the learning experience.
  • To power the age-appropriate AI tutor on each lesson.
  • To track your progress and completion.
  • To process subscription payments via Stripe.
  • We do not sell your data to third parties.
  • We do not use your data for advertising.

4. Children's Privacy (Under 13)

For learners selecting the Explorer (ages 10–11) or Builder (ages 12–13) tiers, we require a parent or guardian email address and explicit parental consent at the point of registration.

  • We collect minimal data for under-13 accounts: name, email, age group, and parent/guardian email only.
  • We do not send marketing emails to under-13 accounts or their parents.
  • When a child registers, we automatically send an informational email to the parent/guardian explaining what the platform is, what data is collected, and how to request deletion.
  • Parents or guardians may request full deletion of their child's account and all associated data at any time by contacting privacy@graive.com. We will action this within 7 days.
  • We do not knowingly collect data from children without verifiable parental consent.

5. Data Storage & Security

Data is stored in Supabase (PostgreSQL), with row-level security enforced — each user can only access their own data. All data is encrypted in transit (TLS). We use Supabase's built-in auth system for secure password handling (bcrypt hashing).

6. AI Conversations

Conversations with the AI tutor may be sent to our AI provider (Anthropic, OpenAI, or Google, depending on platform configuration) to generate responses. These providers have their own privacy policies. Conversation content is not used to train AI models under current agreements. You can disable conversation history from your account, or an admin can disable it platform-wide.

7. Your Rights

  • Request a copy of your data.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Withdraw consent at any time by deleting your account.

To exercise these rights, contact us at the email below.

8. Cookies

We use the minimum cookies necessary to operate the platform. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

CookiePurposeDuration
sb-*Authentication session (Supabase). Keeps you signed in.Session / 1 hour
graive_cookie_consentRemembers that you have seen and responded to this cookie notice.Persistent (localStorage)

The consent preference is stored in your browser's localStorage, not as a cookie, so it never leaves your device.

9. Contact

For privacy questions or data requests, contact us at: privacy@graive.com