Privacy Policy

PitaPata ("we", "our", "us") is committed to protecting the privacy of our users, especially children. This Privacy Policy explains how we collect, use, and safeguard information when you use our mobile application. We comply with the Children's Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation (GDPR), and the Kenya Data Protection Act 2019.

• Parent: Phone number (for account creation/verification via one-time code), name (optional)
• Child: Name and grade level only — we do not collect date of birth, age, or biometric data
• Scanned content: Textbook page images are processed for text extraction and immediately discarded; only the extracted text is stored
• Learning activity: Quiz scores, streak data, progress records, and content generated

• Date of birth or exact age of children
• Photos or images of children
• Location data or GPS coordinates
• Device identifiers (IDFA, Android Advertising ID)
• Third-party advertising or behavioral tracking data
• Contacts, call logs, or other device data

• Generate personalized, age-appropriate educational content using AI
• Track learning progress and maintain engagement streaks
• Manage subscription plans and usage quotas
• Send learning reminders (with permission)

We take children's privacy very seriously:

• Parental consent is required before any child data is collected
• AI processing consent is obtained separately — parents explicitly opt in to third-party AI processing of scanned educational content
• Child accounts are created and managed exclusively by parents/guardians
• We collect only the minimum data needed: name and grade level
• Children's learning data is only visible to their parent/guardian
• We do not display any advertising to children
• AI-generated content is filtered for age-appropriateness and safety
• Parents can delete any child's data at any time from Settings
• No third-party analytics SDKs are used in this app

Educational content is generated using Anthropic's Claude AI API. When your child scans educational material:

• Only the extracted text, grade level, and curriculum are sent to the AI provider
• Your child's name, personal details, or identifying information are NEVER sent
• Anthropic operates under a zero data retention policy for API usage — no data is stored or used for training after the request is processed
• Scanned images are processed locally for text extraction and are not sent to any third party in their original form

Data is stored securely using Supabase cloud infrastructure with encryption at rest and in transit. We enforce strict row-level security to ensure users can only access their own data. Scanned images are processed in memory and are not permanently stored.

We use the following third-party services, each operating under their own Data Processing Agreements:

• Supabase — authentication, database, and serverless functions (Data Processing Agreement included in their commercial terms)
• Anthropic (Claude AI) — educational content generation (zero data retention, DPA included in API terms)
• Expo/EAS — app building and distribution

We do not sell or share personal information with advertisers or data brokers.

We retain account and learning data for as long as your account is active.

• Delete individual child data: Settings > Data Management > Delete Child's Data
• This permanently removes the child's profile, scans, generated content, progress, and achievements
• AI usage logs are anonymized (child ID removed) upon deletion
• Scanned images are processed in memory and discarded immediately — only extracted text is retained
• Generated learning content is retained until the child profile is deleted
• You may also request full account deletion by contacting us
• Upon receiving a deletion request, we will process it within 30 days

As a parent or guardian, you have the right to:

• Review what data we collect about your child
• Delete your child's data at any time
• Revoke consent and deactivate your account
• Refuse further collection of your child's information
• Correct inaccurate information
• Request a copy of your child's data

We may update this Privacy Policy periodically. We will notify users of significant changes through the App. If we make material changes to how we handle children's data, we will request renewed parental consent. Continued use after changes constitutes acceptance of the updated policy.

For privacy concerns, data requests, or to exercise your parental rights, contact us at hello@pitapata.app.