Privacy Policy

1. Introduction

Owlby ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered learning platform.

2. Information We Collect

Owlby operates on a data minimization model. We collect only the minimal information necessary to provide our educational service and comply with legal requirements.

2.1 Personal Information

We may collect the following personal information:

• Parent/guardian email address (for account creation and consent management)
• Age and classification (parent, teacher, child, other)
• Learning preferences and progress data (for personalization)

2.2 Conversation Data - Minimal Retention Policy

Important: We minimize conversation data storage.

User conversations with our AI are:

• Processed in real-time to generate educational responses
• Retained only as necessary for service functionality and safety monitoring
• Not used to train AI models or build detailed user profiles
• Subject to our data retention and deletion policies

We keep anonymized, aggregated insights for service improvement - never personal conversation content that identifies individual users.

2.3 Usage Data

We collect minimal information about how you interact with our platform:

• Learning sessions and topics explored (aggregated, anonymized)
• Quiz results and progress tracking (for educational personalization)
• Feature usage and preferences (anonymized)
• Technical data (device type, browser - for compatibility only)

2.4 Data We Do NOT Collect

We do NOT collect:

• Personal identifiers (names, addresses, phone numbers beyond email)
• Location information
• Biometric data
• Behavioral tracking data
• Device identifiers for tracking purposes
• Social interaction data

3. How We Use Your Information

We use the collected information for:

• Providing personalized learning experiences
• Improving our AI algorithms and content
• Communicating with you about beta updates
• Ensuring platform security and preventing abuse
• Complying with legal obligations

4. COPPA Compliance & Children's Privacy

Owlby is fully compliant with the Children's Online Privacy Protection Act (COPPA) and takes special care to protect children's privacy.

4.1 Parental Consent

For users under 13, we require:

• Verifiable parental consent before account creation
• Parent/guardian email for consent verification
• Clear explanation of what data is collected and how it's used
• Easy mechanism for parents to withdraw consent at any time

4.2 Data Collection for Children

For children under 13, we:

• Collect only minimal information necessary for the educational service
• Do NOT store conversation content (processed and deleted immediately)
• Do NOT share children's data with third parties
• Do NOT use children's data for advertising or marketing
• Implement enhanced security measures for children's data

4.3 Parental Rights

Parents have the right to:

• Review all data collected about their child
• Request deletion of their child's data at any time
• Withdraw consent and terminate their child's account
• Refuse further collection or use of their child's data
• Access their child's learning progress and account information

To exercise these rights, contact us at privacy@owlby.com.

5. Data Security

We implement appropriate security measures to protect your information:

• Encryption of data in transit and at rest
• Regular security audits and updates
• Limited access to personal data
• Secure data storage practices

6. Data Retention & Deletion

We follow a strict data retention policy with immediate deletion where possible:

• Conversations: Retained only as necessary for service functionality, safety, and compliance, then deleted according to our retention schedule
• Account data: Retained until account deletion (parents can request immediate deletion)
• Learning progress data: Retained for personalization purposes until account deletion
• Parental consent records: Retained for compliance purposes as required by COPPA
• Anonymized analytics: Aggregated, anonymized data retained for service improvement
• Security logs: Retained for 30 days for security purposes
• Legal requirements: Minimal data retention only as required by law

Upon account deletion request, we will delete all personal data within 30 days, except where retention is required by law.

7. Your Privacy Rights (GDPR & CCPA)

You have comprehensive privacy rights under GDPR, CCPA, and other applicable laws:

7.1 Access Rights

You have the right to:

• Access your personal information and receive a copy of your data
• Know what personal information we collect and how it's used
• Understand the purpose and legal basis for data processing

7.2 Correction & Deletion Rights

You have the right to:

• Correct inaccurate or incomplete personal information
• Request deletion of your personal data ("right to be forgotten")
• Request deletion of your child's data (for parents)

7.3 Data Portability

You have the right to:

• Export your data in a machine-readable format
• Transfer your data to another service provider

7.4 Objection & Restriction Rights

You have the right to:

• Object to certain types of data processing
• Request restriction of processing in certain circumstances
• Opt-out of marketing communications
• Withdraw consent at any time (where processing is based on consent)

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@owlby.com. We will respond to your request within 30 days as required by law. We may need to verify your identity before processing certain requests.

8. Cookies & Tracking Technologies

Owlby uses minimal cookies and tracking technologies, only what is essential for platform functionality.

8.1 Essential Cookies

We use only essential cookies required for:

• User authentication and session management
• Platform functionality and security
• Remembering user preferences

These cookies are necessary for the platform to function and cannot be disabled.

8.2 No Tracking Cookies

We do NOT use:

• Third-party tracking cookies
• Advertising cookies
• Analytics cookies that track individual users
• Behavioral tracking technologies

8.3 Cookie Control

Since we only use essential cookies, no cookie consent banner is required. All cookies we use are necessary for the platform to function securely.

9. Data Sharing & Third Parties

We do NOT share personal data with third parties.

Our commitment:

• No personal data shared with advertisers or marketing companies
• No personal data shared with analytics or tracking services
• No personal data shared with data brokers
• No personal data shared with government entities (except as legally required)
• Only essential service providers with strict data protection agreements

Any service providers we use process data only as instructed by us and cannot use data for their own purposes.

10. International Data Transfers

If you are located outside the United States, please note that we may transfer and process your data in the United States or other jurisdictions.

We ensure appropriate safeguards are in place for international data transfers, including:

• Compliance with GDPR transfer requirements
• Standard contractual clauses where applicable
• Enhanced security measures for international transfers
• Transparency about where data is processed

By using our service, you consent to the transfer of your information to the United States and processing as described in this policy.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours as required by GDPR
• Notify parents immediately if children's data is affected (COPPA requirement)
• Notify relevant regulatory authorities as required by law
• Provide clear information about what data was affected
• Explain steps we're taking to address the breach
• Provide guidance on steps you can take to protect yourself

We have comprehensive security measures in place to prevent breaches, but we are committed to transparency if one occurs.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending email notification to registered users for material changes
• Requiring renewed consent for material changes affecting children's data (COPPA requirement)
• Providing at least 30 days advance notice for significant changes

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

You can also visit our Support page for additional resources and FAQs.