Tappy - Privacy Policy

1. Introduction

At Tappy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Tappy service, website, and platform (collectively, the "Service"). Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.

Our Service is designed to provide personalized math tutoring using artificial intelligence. While we need to collect certain information to provide these services effectively, we are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service, including:

Account Information: When you create a Premium account, we collect your username and password. We do not collect real names, email addresses, or other personal identifiers during standard account registration.
Payment Information: When you subscribe to Premium features, payment information is processed through our payment processors. We do not store complete credit card information on our servers.
Voice Data: When you use our voice tutoring features, we collect and process your voice inputs to provide tutoring responses.
Learning Interactions: Questions you ask, responses you receive, and your interactions with the AI tutor are collected to provide the Service.
Notes and Comments: Any notes or additional information you provide while using the Service.

2.2 Information Collected Automatically

As you navigate through our Service, we may use automatic data collection technologies to collect certain information, including:

Usage Data: Interaction statistics such as features used, time spent on the Service, and learning patterns.
Device Information: Information about your device, internet connection, browser, and operating system.
Cookie and Local Storage Data: We use browser local storage and cookies to track guest sessions with unique anonymous IDs, maintain question counts, and preserve usage data across browser sessions.
Analytics Data: We collect basic analytics data about how you interact with our Service to improve functionality and user experience. This data is processed internally and is not shared with third-party analytics providers.

3. How We Use Your Information

We use the information we collect for various purposes, including:

Purpose	Data Used	Legal Basis
Providing and improving the Service	Account information, learning interactions, voice data, usage data	Performance of contract, legitimate interests
Personalizing learning experience	Learning interactions, learning style data, usage patterns	Performance of contract, legitimate interests
Training and improving AI tutor	Anonymized learning interactions, voice data patterns	Legitimate interests
Account management	Account information, subscription data	Performance of contract
Analytics and Service improvement	Usage data, anonymized interaction data	Legitimate interests
Security and fraud prevention	Account information, device information, usage patterns	Legitimate interests, legal obligations

3.1 AI Tutoring and Machine Learning

Our Service uses artificial intelligence to provide personalized math tutoring. To make this possible:

We process your questions and interactions to generate appropriate responses
We may use anonymized interaction data to improve our AI models
Voice inputs are processed to generate text transcripts for the AI tutor
We analyze learning patterns to adapt to your learning style over time

All AI training and improvement processes use anonymized data that cannot be traced back to individual users. We implement technical safeguards to ensure that personally identifiable information is removed before using data for model improvement.

3.2 Guest to Premium Conversion

When you convert from a Guest User to a Premium User:

We link your anonymous guest session ID to your new Premium account
Your learning progress and usage history are preserved
Your remaining voice minutes count is transferred to your new account

4. Voice Data Processing

Our voice tutoring features use LiveKit for real-time voice communication. Here's how we handle voice data:

Voice Processing: Your voice inputs are processed to generate text transcripts that are sent to our AI tutor
Storage: Voice recordings are temporarily stored to fulfill your immediate request and may be retained for a limited time for service improvement
Usage Tracking: We monitor voice usage time to enforce the 30-minute limit for Guest Users

You control when the voice feature is active. Voice processing only occurs when you actively engage the voice input feature. You can disable or stop voice input at any time.

5. Data Sharing and Disclosure

We may share your information in the following situations:

5.1 Service Providers

We may share your information with third-party vendors, service providers, and partners who perform services on our behalf, such as:

Payment processors to handle subscription fees
LiveKit for voice communication technology
Internal analytics systems to help us understand and improve user experience (no third-party analytics providers)
Cloud hosting providers for our infrastructure

These service providers are contractually bound to use your data only for the purposes of providing services to us and in accordance with this Privacy Policy.

5.2 Business Transfers

If Teach Tappy is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via a prominent notice on our website of any change in ownership or uses of your information.

5.3 Legal Requirements

We may disclose your information where required by law or if we believe such action is necessary to:

Comply with a legal obligation or process
Protect and defend our rights or property
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of users of the Service or the public

5.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

6. Data Retention

We retain different types of data for different periods, based on their purpose:

Account Information: Retained as long as your account is active. If you deactivate your account, we will delete or anonymize your account information within 30 days, except where retention is necessary for our legitimate business purposes or to comply with legal obligations.
Guest User Data: For Guest Users, data is stored in localStorage and may persist until browser data is cleared. Anonymous IDs may be retained to prevent abuse of free limits.
Learning Interactions: Basic learning data is retained for the duration of your account for continuity of service. Detailed interaction logs may be anonymized after 12 months.
Voice Data: Raw voice recordings are typically retained for no more than 30 days, after which they are deleted. Transcripts derived from voice inputs are treated as learning interactions.
Analytics Data: Aggregated analytics data may be retained indefinitely, but individual session data is anonymized after 24 months.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of sensitive data both in transit and at rest
Regular security assessments and testing
Access controls and authentication measures
Data minimization practices
Regular backups and disaster recovery planning

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Children's Privacy (COPPA Compliance)

Our Service is designed to be appropriate for users of all ages, including children. We recognize the importance of protecting children's privacy online and comply with applicable laws, including the Children's Online Privacy Protection Act (COPPA) in the United States.

Age Requirement: Users must be 13 years of age or older to create an individual account. Users under 13 may only use the Service through a school-administered account where the school has provided consent, or with verifiable parental consent.

We do not knowingly collect personally identifiable information from children under 13 without verifiable parental consent or school consent under the COPPA school official exception. If we learn that we have collected personal information from a child under 13 without proper consent, we will take appropriate steps to delete that information.

8.1 For Users Under 13

For users under 13 years of age:

Parents or schools must provide consent before we collect any personal information
We collect only the minimum information necessary to provide our educational services
Parents can review their child's information, request deletion, and refuse further collection
We do not disclose children's personal information to third parties except as necessary to provide the service
We implement additional security measures to protect children's data
We do not enable behavioral advertising to children under 13

8.2 School Consent (COPPA School Official Exception)

When our Service is used in an educational setting, schools may consent to the collection of student information on behalf of parents under the COPPA "school official exception." In such cases:

The school acts as the agent of the parent in providing consent
We collect information solely for educational purposes
Schools are responsible for providing notice to parents about the Service
Parents retain the right to review and request deletion of their child's information

Educational privacy is a priority: we strictly protect conversation content between students and tutors, sharing only learning metrics and progress indicators with parents or authorized educational institutions.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately so that we can take necessary actions.

9. Educational Privacy (FERPA Compliance)

For users accessing our Service through educational institutions, we comply with the Family Educational Rights and Privacy Act (FERPA) and applicable state student privacy laws.

9.1 Student Education Records

When student data is provided by or on behalf of an educational institution, we act as a "school official" under FERPA and:

Use student data only for the educational purposes for which it was provided
Do not use student data for advertising or to create advertising profiles
Do not sell student data or share it with third parties except as necessary to provide the Service
Maintain appropriate security measures to protect student education records
Return or delete student data upon termination of services to the institution

9.2 Parental and Student Rights

Parents of students under 18 (and eligible students 18 and older) have the right to:

Inspect and review education records
Request amendment of records they believe to be inaccurate
Consent to disclosures of personally identifiable information
File complaints with the U.S. Department of Education concerning alleged failures to comply with FERPA

9.3 Data Security for Educational Records

We implement industry-standard security measures to protect student education records, including:

Encryption of data in transit and at rest
Access controls limiting data access to authorized personnel
Regular security audits and vulnerability assessments
Incident response procedures for potential data breaches
Employee training on student data privacy requirements

9.4 FERPA Technical Safeguards

We have implemented specific technical measures to ensure FERPA compliance:

Authentication Verification: All API endpoints that access student data verify the authenticated user's identity and authorization level before returning any information.
Parent-Child Authorization: Parents can only access data for children explicitly linked to their account. The system verifies family relationships before granting access.
Data Export Audit Logging: All exports of student data are logged with timestamp, user identity, data type, and record count for compliance auditing purposes.
Secure Session Management: Production systems require strong, unique cryptographic secrets and will not start with default or weak configurations.
ID Enumeration Prevention: The system prevents unauthorized users from discovering or accessing other users' data through sequential ID guessing.

Data Breach Notification: In the event of a data breach affecting student education records, we will notify affected educational institutions and, where required by law, affected individuals in accordance with applicable breach notification laws.

10. Cookies and Similar Technologies

Our site uses cookies and similar technologies to operate our website and analyze website traffic. Cookies are small text files stored on your device that help us provide and improve our services.

10.1 Types of Cookies We Use

Essential cookies: These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and account access. You may disable these by changing your browser settings, but this may affect how the website functions.
Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works, for example, by ensuring that users find what they are looking for easily.
Functionality cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.

10.2 How to Manage Cookies

Most web browsers allow some control of most cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

11. Analytics and Tracking

We use internal analytics systems to analyze user behavior and improve our Service. We do not use third-party analytics providers such as Google Analytics, PostHog, or similar services. All analytics data is processed and stored on our own infrastructure.

Our internal analytics collect information such as:

Pages visited and features used
Time spent on different aspects of the Service
Interaction events (such as button clicks and feature usage)
Anonymous session IDs to understand user journeys

Key events tracked include:

First-time visits
Voice tutoring sessions
Signup attempts and completions
Question interactions

No Third-Party Tracking: Your data is never sent to external analytics services. This approach aligns with our commitment to FERPA compliance and student privacy, ensuring that student educational data remains within our controlled environment.

12. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

Access: You can request access to the personal information we hold about you.
Correction: You can request that we correct inaccurate or incomplete information about you.
Deletion: You can request that we delete your personal information in certain circumstances.
Restriction: You can request that we restrict the processing of your information in certain circumstances.
Data Portability: You can request to receive your personal information in a structured, commonly used format.
Objection: You can object to our processing of your personal information for certain purposes.

To exercise any of these rights, please contact us using the email address provided at the end of this policy. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection laws.

13. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the information to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

For transfers to regions without adequacy decisions, we implement appropriate safeguards such as standard contractual clauses to ensure the protection of your data.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after we post changes to the Privacy Policy constitutes your acceptance of those changes.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@teachtappy.com

We will make every effort to respond to your inquiry promptly and address your concerns thoroughly.