Privacy Policy

HYVE CARES, operated by Vibe Software Solutions Inc. ("we," "us," or "our"), is committed to protecting the privacy of all users, especially children. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our educational platform at www.hyvecares.org (the "Platform").

This policy complies with the Children's Online Privacy Protection Act (COPPA) as amended April 2025, and we take our obligations under COPPA extremely seriously. If you have questions about this policy, contact us at majixx@vibesoftwaresolutions.com.

1. Information We Collect

Account Information

• Name (display name for parents/teachers; display name only for children)
• Email address (parents and teachers only; children do not have email accounts)
• Username (chosen during account creation)
• Password (cryptographically hashed; we never store plaintext passwords)
• Account role (parent, child, teacher, scientist, sponsor, donor, salesperson)

Child Information

• Display name (first name or nickname chosen by the parent)
• Username (chosen by the parent during child account creation)
• Date of birth (used solely to determine age tier for content filtering)
• Age tier (automatically calculated from date of birth)
• Grade level (selected by parent)

Learning Data

• Lesson completion and progress across all subjects
• Quiz and practice exam scores, answers, and attempt history
• Experience points (XP), streaks, and achievement badges
• Time spent on lessons (aggregate, not keystroke-level tracking)
• Subject preferences and learning path selections

Homeschool Data (Homeschool Subscribers Only)

• Attendance records
• Immunization records (uploaded by parent)
• Standardized test scores
• State compliance documentation
• Enrollment information

Usage Data

• Pages visited and features used (collected via Vercel analytics headers)
• Device type and browser type (from standard HTTP headers)
• Approximate geographic region (from Vercel geo headers, not precise GPS)
• We do NOT use cookies for analytics or tracking
• We do NOT use third-party analytics services

Payment Data

• Payment processing is handled entirely by Stripe
• We never receive, store, or have access to full credit card numbers
• We store only: subscription status, plan type, and Stripe customer ID

AI Conversation Data

• Conversations with MaXXiE (our AI tutor) are logged for quality improvement and child safety monitoring
• AI conversation logs are automatically deleted after 90 days
• Parents can view and delete their child's AI conversation history at any time via the Parent Dashboard
• AI providers (Anthropic, OpenAI, Groq) process queries in real-time but do not retain data on our behalf

2. How We Use Information

We use the information we collect for the following purposes:

• Provide, operate, and improve the educational platform
• Track learning progress and generate reports for parents and teachers
• Personalize learning recommendations through our AI tutor, MaXXiE
• Process payments for premium services (homeschool subscriptions, HAVSL labs, sponsorships) via Stripe
• Communicate with parents about their child's progress (weekly digest emails)
• Send compliance alerts for homeschool subscribers (upcoming deadlines, missing records)
• Maintain platform security and prevent unauthorized access
• Fulfill legal obligations, including COPPA, FERPA, and state homeschool record-keeping requirements

3. COPPA Compliance (Children Under 13)

HYVE CARES fully complies with the Children's Online Privacy Protection Act (COPPA). We take the following measures to protect children's privacy:

Verifiable Parental Consent

• We require verifiable parental consent before creating any child account
• Parents create child accounts through their authenticated Parent Dashboard — children cannot self-register
• The parent must have a verified email address and authenticated account before creating child profiles

Parental Access and Control

• Parents can review all data collected about their child at any time via the Parent Dashboard
• Parents can review their child's learning progress, quiz scores, AI conversations, and activity logs
• Parents can request deletion of their child's account and all associated data
• Parents can export all data collected about their child

Data Minimization

• We collect only information reasonably necessary to provide the educational service
• We do not condition a child's participation on the disclosure of more information than is reasonably necessary
• Children's accounts do not require email addresses
• We do not collect precise geolocation, photographs, video, or audio from children

No Behavioral Advertising

• We do not engage in behavioral advertising directed at children
• We do not create advertising profiles based on children's activities
• We do not use children's data for any purpose unrelated to the educational service

4. Parental Rights

Under COPPA and applicable law, parents and legal guardians have the following rights regarding their child's personal information:

• Review: Review all personal information collected about your child through the Parent Dashboard or by contacting us
• Delete: Request deletion of your child's data via the Parent Dashboard, the Data Rights page, or by emailing us
• Refuse: Refuse further collection or use of your child's information (this may require account deactivation)
• Export: Export all data associated with your child's account via the Parent Dashboard settings or the Data Rights page
• Consent withdrawal: Withdraw your consent for data collection at any time, which will result in the deletion of your child's account

To exercise any of these rights, use the self-service tools in your Parent Dashboard, visit our Data Rights page, or contact us at majixx@vibesoftwaresolutions.com. We will respond to all requests within 30 days.

5. Data Security

We implement and maintain reasonable security measures designed to protect the confidentiality, security, and integrity of personal information. These measures include:

• Encryption at rest: All data stored in our database (Supabase) is encrypted using AES-256 encryption
• Encryption in transit: All data transmitted between your browser and our servers is protected by HTTPS/TLS encryption
• Row-level security: Database policies ensure users can only access their own data; parents can access their linked children's data
• HYVE OVERLORD defense system: Active monitoring for brute force attacks, SQL injection attempts, and other security threats with progressive IP throttling and blocking
• Admin access protection: Administrative access requires PIN, password, and is protected by rate limiting
• Password hashing: All passwords are cryptographically hashed using industry-standard algorithms; we never store plaintext passwords
• Regular security audits: We conduct periodic reviews of our security practices and infrastructure

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained while the account remains active
• Learning progress: Retained while the account remains active
• Homeschool records: Retained for the minimum period required by applicable state law (typically a minimum of 1 year for standardized test results; varies by state)
• AI conversation logs: Automatically deleted after 90 days
• Security event logs: Retained for 90 days, then permanently deleted
• Deleted account data: Permanently removed from all systems within 30 days of a deletion request

7. Third-Party Services

We use a limited number of third-party services to operate the Platform. We do not share personal information with any third party except as described below:

• Supabase(supabase.com) — Database hosting and authentication infrastructure. Supabase stores user data in encrypted PostgreSQL databases. See Supabase's privacy policy at supabase.com/privacy.
• Vercel(vercel.com) — Web hosting and content delivery. Vercel serves the Platform and provides geographic headers for approximate region detection (no cookies or tracking pixels). See Vercel's privacy policy at vercel.com/legal/privacy-policy.
• Stripe(stripe.com) — Payment processing for premium subscriptions. Stripe processes all payment transactions. We never receive or store full credit card numbers. See Stripe's privacy policy at stripe.com/privacy.
• AI Providers(Anthropic, OpenAI, Groq) — AI-powered tutoring features. When users interact with MaXXiE, queries are processed by the AI provider in real-time. Users who provide their own API keys are subject to that provider's own terms and privacy policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify registered users of material changes via email
• Display a prominent banner on the Platform notifying users of the changes

Continued use of the Platform after changes are posted constitutes acceptance of the revised Privacy Policy. If we make material changes to how we handle children's personal information, we will obtain new verifiable parental consent before implementing those changes.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: majixx@vibesoftwaresolutions.com
• Organization: HYVE CARES, operated by Vibe Software Solutions Inc.
• Website: www.hyvecares.org
• Data Rights: www.hyvecares.org/data-rights