Privacy Policy

1. Introduction

Helios Frontier LLC ("Company," "we," "us," or "our") operates the Project Nova™ educational platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting the privacy of children and comply with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

2. COPPA Compliance (Children Under 13)

2.1 Parental Consent: We require verifiable parental consent before collecting, using, or disclosing personal information from children under 13. Parents must provide consent through our registration process.

2.2 Information We Collect from Children: We collect only the minimum information necessary to provide the Service:

• Child's first name (for personalization)
• Grade level (for age-appropriate content)
• Learning progress and game scores
• AI conversation transcripts (for safety monitoring)
• Technical information (device type, browser, IP address)

2.3 How We Use Children's Information:

• Provide personalized educational content
• Track learning progress and achievements
• Enable teacher and parent monitoring
• Ensure safety through conversation monitoring
• Improve our educational algorithms

2.4 Parental Rights: Parents have the right to:

• Review their child's personal information
• Request deletion of their child's information
• Refuse further collection or use of their child's information
• Receive notification of changes to our privacy practices

2.5 Parental Access: Parents can access, review, or delete their child's information by contacting us at [email protected] or through the Parent Dashboard.

3. Information We Collect

3.1 Information You Provide:

• Account Information: Email address, password, name, payment information
• Child Profile: Child's first name, grade level, learning preferences
• Teacher Information: School name, class information, professional credentials
• Communications: Messages sent to customer support or safety reports

3.2 Automatically Collected Information:

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: Device type, operating system, browser type
• Log Data: IP address, access times, error logs
• Cookies: Session cookies, preference cookies, analytics cookies

3.3 AI Conversation Data:

• Complete transcripts of all AI character conversations
• Flagged content and safety alerts
• Teacher interventions and emergency stops
• Content filter matches and blocks

4. How We Use Your Information

We use collected information for:

• Service Delivery: Provide personalized educational experiences
• Safety Monitoring: Detect and prevent inappropriate AI interactions
• Progress Tracking: Monitor learning achievements and generate reports
• Teacher Tools: Enable classroom monitoring and intervention
• Parent Dashboard: Provide insights into child's learning journey
• Payment Processing: Process subscription payments securely
• Customer Support: Respond to inquiries and resolve issues
• Service Improvement: Analyze usage patterns to enhance features
• Legal Compliance: Comply with applicable laws and regulations
• Security: Protect against fraud, abuse, and security threats

5. How We Share Your Information

5.1 We Do NOT Sell Children's Information: We will never sell, rent, or lease children's personal information to third parties.

5.2 Service Providers: We share information with trusted service providers who assist us:

• OpenAI: AI conversation generation (anonymized data only)
• Stripe: Payment processing (parent information only, not children)
• Cloud Hosting: Secure data storage and platform hosting
• Analytics: Usage statistics (aggregated and anonymized)

5.3 Teachers and Parents: We share student information with:

• Parents/guardians who created the child's account
• Teachers in whose classes the child is enrolled
• School administrators (with appropriate consent)

5.4 Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of our users.

5.5 Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over the internet is encrypted using TLS/SSL
• Secure Storage: Data is stored in secure, access-controlled databases
• Access Controls: Strict employee access policies and authentication requirements
• Regular Audits: Periodic security assessments and vulnerability testing
• Incident Response: Procedures for detecting and responding to security breaches

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

7.1 Active Accounts: We retain your information for as long as your account is active or as needed to provide services.

7.2 Deleted Accounts: When you delete your account, we will delete or anonymize your personal information within 30 days, except:

• Information required for legal compliance (e.g., financial records)
• Anonymized data used for research and service improvement
• Backup copies retained for disaster recovery (deleted within 90 days)

7.3 Safety Incident Records: Records of safety incidents and interventions are retained for 7 years for legal and transparency purposes.

8. International Data Transfers

8.1 Data Location: Our servers are located in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S.

8.2 GDPR Compliance (EU Users): For users in the European Union, we comply with GDPR requirements:

• Legal Basis: Consent, contract performance, legitimate interests
• Data Subject Rights: Access, rectification, erasure, portability, objection
• Data Protection Officer: Contact [email protected]
• Supervisory Authority: Right to lodge complaints with your local data protection authority

8.3 Other Jurisdictions: We comply with applicable privacy laws in Canada (PIPEDA), UK (UK GDPR), Australia (Privacy Act 1988), and other jurisdictions where we operate.

9. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing
• Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

To exercise these rights, contact us at [email protected] or through your account settings.

10. Cookies and Tracking Technologies

10.1 Types of Cookies:

• Essential Cookies: Required for authentication and basic functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service
• Security Cookies: Detect and prevent security threats

10.2 Cookie Control: You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10.3 Do Not Track: We currently do not respond to Do Not Track signals, but we do not track users across third-party websites.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications to registered users
• Requesting renewed parental consent if required by COPPA

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: