MathMigoMathMigo

Updated November 15, 2025

Privacy Policy

We treat every worksheet, photo, and parent insight with care. This policy explains what data we collect, how it is used, and the controls you have.

1. What We Collect

From Parents: Email address (via Sign in with Apple or other auth providers), payment info (processed by RevenueCat/Stripe), and support messages.

From Students: First name, date of birth, skill level, worksheet photos, grading results, and progress data (scores, streaks).

Automatically: Device type, IP address, browser info, and usage analytics via PostHog (no session replay).

2. How We Use It

To generate personalized worksheets, grade submissions using AI (Anthropic), track progress, process payments, provide support, improve our curriculum, and send account notifications.

We do not sell your personal information.

3. Who We Share With

Service Providers: Supabase (hosting/auth/storage), Anthropic (AI grading), RevenueCat/Stripe (payments), PostHog (analytics), and Sentry (error tracking). They only use your data to provide services to us.

Legal: We may disclose information if required by law or to protect our rights.

Business Transfers: Your information may transfer if we're acquired or merge with another company.

4. Children's Privacy (COPPA)

MathMigo is for kids ages 3-12, but only parents can create accounts. We collect minimal student info (first name, birth date, skill level, worksheet photos, progress). Children use paper worksheets offline.

Parents can review, export, or delete their children's data anytime by emailing [email protected].

We don't knowingly collect data directly from children under 13 without parental consent, and we don't show third-party ads to children.

5. Data Retention & Deletion

We keep your data while your account is active. When you delete your account or a student profile, we delete the data within 30 days (90 days for backups), except financial records we're required to keep for up to 7 years.

To delete data, email [email protected] or use your account settings.

6. Security

We encrypt data in transit (TLS/SSL) and at rest (AES-256). We use third-party auth providers like Sign in with Apple (we don't store passwords). Our hosting provider (Supabase) is SOC 2 compliant.

No system is 100% secure, but we use industry-standard protections.

7. Your Rights

You can access, correct, export, or delete your data anytime. You can opt out of non-essential emails and analytics.

California residents have additional rights under CCPA (right to know, delete, opt-out of sales - though we don't sell data).

Email [email protected] to exercise any rights. We'll respond within 30 days.

8. Contact

Questions about privacy? Email [email protected].

We may update this policy and will notify you of material changes 30 days in advance via email.