LEGAL

COPPA Policy

LAST UPDATED: MARCH 28, 2026

1. Our Commitment to Children's Privacy

Tekku is an AI education platform designed for kids ages 8–16. We take the privacy and safety of every child on our platform seriously. We comply fully with the Children's Online Privacy Protection Act (COPPA) and have built our platform with privacy-by-design principles at every layer—from data collection to storage, processing, and deletion.

This policy explains how we collect, use, and protect children's personal information. We encourage parents and guardians to read this policy in full and to review our Privacy Policy and Terms of Service for additional context.

2. What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a United States federal law enacted to protect the privacy of children under the age of 13. COPPA requires operators of websites, online services, and apps that are directed at children—or that knowingly collect personal information from children under 13—to obtain verifiable parental consent before collecting, using, or disclosing a child's personal information.

Because Tekku serves children in the 8–16 age range, we apply COPPA protections to all users under 13, and extend many of those same protections to users aged 13–16 as a matter of best practice.

3. Parental Consent

No child can create an account on Tekku independently. All child accounts must be created by a parent or legal guardian. During the onboarding process:

  • The parent or guardian must verify their identity.
  • The parent must provide affirmative, informed consent before the child can access the platform.
  • Verification methods include email confirmation combined with explicit acknowledgment of our data collection and usage practices.
  • Consent is specific to the data practices described in this policy. If we make material changes, we will seek renewed consent.

Parents may revoke consent at any time by deactivating their child's account through the parent dashboard or by contacting us at coppa@tekku.app.

4. Information We Collect from Children

We collect only the minimum information necessary to provide our educational service. The information we collect from children includes:

  • First name or display name— chosen by the parent during account setup.
  • Age range— we collect an age bracket (e.g., 8–10, 11–13), not an exact date of birth.
  • Builder profile data— trait scores, skills progression, and learning style indicators generated by platform usage.
  • Mission completion history— records of educational missions attempted and completed.
  • AI interaction logs— prompts sent to and responses received from AI systems, temporarily stored for safety review and learning purposes.
  • Session duration and feature usage— how long a child uses the platform and which features they engage with.

We do NOT collect:

  • Exact date of birth
  • Physical address
  • Phone number
  • Social media account information
  • Photos or videos of the child
  • Geolocation or GPS data

5. How We Use Children's Data

Children's data is used exclusively for the following purposes:

  • Providing the educational service— delivering missions, AI coaching sessions, and the Glass Box learning environment.
  • Tracking learning progress— generating builder profiles that reflect the child's growth and skill development.
  • Parent dashboard reports— weekly digest emails and real-time skill progression views available to parents/guardians.
  • Platform improvement— aggregated and anonymized data may be used to improve the educational experience for all users.
  • Content moderation and safety— ensuring all AI interactions remain appropriate and safe.

We NEVER use children's data for advertising, marketing profiling, or behavioral targeting. Period.

6. AI Interactions and Safety

AI is central to the Tekku learning experience. We have implemented rigorous safeguards around all AI interactions:

  • All AI prompts are moderated both before submission to the AI model and after the response is generated, before it is shown to the child.
  • Content filtering systems actively block harmful, violent, sexual, or otherwise inappropriate content.
  • Our system is fail-closed: if moderation services are unavailable for any reason, content is blocked by default rather than allowed through.
  • AI responses are reviewed for age-appropriateness based on the child's age range.
  • We do not use children's data to train AI models. Children's prompts and interaction data are never fed back into model training pipelines.
  • Our AI providers (via OpenRouter) are bound by strict data protection agreements (DPAs) that prohibit the retention or use of children's data beyond immediate request processing.

7. Parental Rights and Controls

Parents and guardians have full visibility into and control over their child's data and platform experience. You have the right to:

  • Review all data collected about your child via the parent dashboard.
  • Review AI interaction history— see the prompts your child sent and the responses they received.
  • Set daily interaction limits— control how long your child can use the platform each day.
  • Delete your child's data at any time, either through the dashboard or by contacting us.
  • Revoke consentand deactivate your child's account immediately.
  • Download your child's project portfolio — export all projects and achievements.
  • Modify your child's profile information — update display name, age range, or other settings.

To exercise any of these rights, use the parent dashboard or email coppa@tekku.app. We will respond to all requests within 48 hours.

8. Data Security Measures

We employ industry-standard and beyond-standard security measures to protect children's data:

  • Encryption in transit— all data is transmitted over TLS 1.3 encrypted connections.
  • Encryption at rest— all stored data is encrypted using AES-256 encryption.
  • Row-level security— our Supabase database enforces row-level security policies ensuring users can only access their own data.
  • Regular security audits— we conduct periodic security reviews and vulnerability assessments.
  • Access controls— internal access to children's data follows the principle of least privilege.
  • Incident response procedures— we maintain documented procedures for responding to data breaches, including parent notification protocols.
  • Employee training— all team members with potential access to children's data receive training on COPPA requirements and data handling procedures.

9. Data Retention and Deletion

We retain children's data only as long as necessary to provide our service:

  • AI prompt history is automatically deleted after 90 days.
  • Builder profile data is retained while the account remains active.
  • Account deletion triggers removal of all associated data within 30 days.
  • Anonymized aggregate statistics (e.g., average mission completion rates) may be retained after account deletion, as they cannot be linked back to any individual child.
  • Parents may request immediate deletionof their child's data at any time via the parent dashboard or by emailing coppa@tekku.app.

10. Third-Party Services

Tekku uses a limited number of third-party services to operate the platform. Each service receives only the minimum data necessary to perform its function:

  • Supabase— database hosting and authentication. SOC 2 Type II compliant. Stores child account data with row-level security enforced.
  • Stripe— payment processing. PCI DSS compliant. Processes parent/guardian payment information only. Stripe does not receive or have access to any child data.
  • OpenRouter— AI model routing and processing. Bound by a Data Protection Agreement (DPA) that prohibits retention of children's prompts beyond immediate processing.
  • Vercel— application hosting and delivery. SOC 2 compliant. Handles request routing only; does not store persistent child data.

We regularly review our third-party providers to ensure continued compliance with COPPA requirements and our own privacy standards. No third-party service receives more data than is strictly necessary for its designated function. For more details, see our Privacy Policy.

11. Changes to This Policy

We may update this COPPA Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do:

  • Material changes that affect how we collect, use, or share children's data will require renewed parental consent before taking effect.
  • We will notify parents via email at least 30 days before any material changes take effect.
  • Previous versions of this policy are available upon request by emailing coppa@tekku.app.

Non-material changes (such as formatting updates or clarifications that do not change the substance of the policy) may be made without prior notice, but the "Last Updated" date at the top of this page will always reflect the most recent revision.

12. Contact Us

If you have any questions, concerns, or requests related to this COPPA Policy or your child's privacy on Tekku, please reach out to us. We are committed to responding to all child-related privacy inquiries within 48 hours.

For COPPA inquiries: coppa@tekku.app

For general privacy questions: privacy@tekku.app

Response time: Within 48 hours for all child-related requests.

You may also review our Privacy Policy and Terms of Service for additional information about how we handle data across the platform.