Privacy Policy

Effective 2026-05-18 · Owned by LeeLaa Inc., a SciEncephalon AI product

LeeLaa is a personalized learning service for K–12 students. This policy explains, in plain language, what we collect, why we collect it, and what we never do. If you have questions, email leelaa@sciencephalon.com — a human reads every message.

Short version. We collect only what is needed to run the tutor and show you, the parent, what your child is learning. We do not sell, rent, or share your child's data with advertisers. We do not train third-party LLMs on your child's content. Parents can export or delete everything at any time.

1. Who this policy covers

Parents (account holders) and the children they create profiles for. Children do not create accounts themselves. Sign-in happens at the parent's email address via Auth0; a child enters a separate per-child PIN or scans a parent-generated QR code to start a session.

2. What we collect

From the parent

Email address (via Auth0; we never see the password).
Display name and any co-parent / role information you provide.
Any external assessment documents you upload (FAST, iReady, Kumon, RSM reports, etc.).

From the child

Display name and grade level the parent set.
Answers, written work, and time-on-question for every session.
Optional pen-canvas drawings on math questions (images are stored encrypted in Supabase Storage; only the parent and the grading LLM ever see them).
Per-skill mastery state derived by the BKT engine.

3. What we do NOT collect

Photos, microphone, camera, location, contacts — never. The child PWA does not request these permissions.
Browsing history outside LeeLaa.
Persistent advertising identifiers. There are no ad networks on any LeeLaa surface.

4. How we use the data

To generate the next question, grade the child's answer, and produce a kid-friendly explanation when they get one wrong.
To show you, the parent, the child's progress on the dashboard.
To improve the product (aggregated, de-identified metrics — never tied back to an individual child).

5. LLMs and third-party processors

LeeLaa uses commercial LLM providers (DeepSeek, Anthropic Claude, OpenAI) to generate questions, diagnose answers, and produce explanations. Personal identifiers (names, emails, addresses, birthdates) are redacted from every LLM payload by an in-process PII redactor before the request leaves our backend. Provider terms in effect at this writing: none of these providers retain LeeLaa's API content beyond the call, and none use it to train their public models. We re-verify these terms quarterly.

Other processors:

Supabase — Postgres + object storage. Data resides in the US (AWS us-east-2).
Auth0 — identity. We never see your password.
Upstash Redis — short-lived question cache; no PII.
Sentry — error monitoring with PII off (send_default_pii=false); no session replays.
Hostinger — VPS hosting.

6. Children's privacy (COPPA)

LeeLaa is a parent-mediated service: a parent creates the account, sets up each child profile, and grants verifiable consent at sign-up. We collect from a child only what the parent has authorized via the parent's own consent. Parents can review, export, or delete their child's data at any time from the parent dashboard, or by emailing us. We never market to children inside the app, and there are no in-app purchases on a child surface.

7. Your rights

Export — request a JSON export of everything we hold for your account and children. Email us; turnaround ≤ 7 days.
Delete — request full deletion. Turnaround ≤ 7 days. Backups roll out within 56 days.
Correct — edit any profile directly in parents.myleelaa.com.
California (CCPA), EU (GDPR) — the rights above are honoured globally; jurisdiction-specific requests can also be sent to the email below.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest (Supabase + Storage). Row-level security policies enforce per-tenant isolation at the database level. The backend uses tenant-scoped queries on every endpoint as defense-in-depth. We backup weekly to encrypted off-site storage. We have a documented incident-response runbook; if any breach affects a parent's data, we will notify them within 72 hours.

9. Data retention

Active account data is kept until you delete it. After account deletion: live data is removed within 7 days; backups age out within 56 days. Aggregated, de-identified metrics may be retained indefinitely.

10. Changes to this policy

Material changes will be emailed to every active account at least 30 days before they take effect. Minor edits (clarifications, typos) are made in place with an updated date at the top of this page.

11. Contact

LeeLaa Inc., a SciEncephalon AI product.
leelaa@sciencephalon.com