Privacy Policy

This Privacy Policy (the “Policy”) describes how Readee Learning LLC (“Readee,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you (“you,” the “User,” or “Parent”) and your child (the “Child”) access or use our website at readee.app, learn.readee.app, related subdomains, and any associated services, software, or applications (collectively, the “Service”). By creating an account or using the Service, you agree to the practices described in this Policy.

1. Scope and Definitions

This Policy applies to all Personal Information that Readee collects through the Service. Readee is the data controller of the information collected from Parents. With respect to information collected from Children, Readee acts as the operator subject to the Children's Online Privacy Protection Act of 1998 (“COPPA”) and its implementing regulations (16 C.F.R. Part 312).

• “Personal Information” means information that identifies, relates to, or could reasonably be linked with a particular individual or household, including the categories enumerated in Section 2.
• “Child Data” means Personal Information collected from or about a Child under 13 years of age in connection with the Service.
• “Parent” means the parent, legal guardian, or other adult who creates and maintains the account under which one or more Child profiles are registered.

2. Categories of Information We Collect

We collect the following categories of Personal Information:

• Identifiers and Account Information (from Parents): name, email address, hashed password, billing information processed by our payment processor, and account preferences.
• Child Profile Information (from Parents on behalf of Children): the Child's first name (or pseudonym), grade level, and an avatar selection. We do not require, request, or store a Child's last name, photograph, geolocation, contact information, or precise birthdate.
• Educational Records: placement test responses and results, lesson and practice progress, comprehension scores, fluency assessments, items earned through gamification (e.g., XP, carrots, streaks), and reading level placement history.
• Audio Recordings (where Reading Buddy is used): short voice clips captured for the purpose of real-time speech interaction. Audio is processed in transit, used to generate Service responses, and is not retained for advertising or model training purposes.
• Device and Usage Data: browser type, operating system, IP address (truncated where feasible), session identifiers, pages and features accessed, timestamps, and referring URLs. Collected by our analytics tools described in Section 5.
• Communications: messages you send us via email, support forms, or feedback channels, including the content of those communications and any attachments.

3. How We Use Information

We process Personal Information for the following purposes:

• Provision of the Service: creating and maintaining accounts, adapting lesson paths to a Child's reading level, generating practice content, persisting progress, and supporting Reading Buddy and Homework Scanner features.
• Service improvement and quality assurance: analyzing aggregated, de-identified usage data to improve pedagogy, content quality, and platform reliability.
• Customer support: responding to your inquiries and troubleshooting technical issues.
• Transactional communications: sending account confirmations, security notices, billing receipts, and required legal notices. These messages are necessary to operate the Service and cannot be opted out of so long as your account remains active.
• Optional engagement communications: if you opt in, sending weekly digests, lifecycle emails (welcome, first-lesson nudge, re-engagement), and product announcements. You may unsubscribe from these at any time via the link in any such email or your account settings.
• Legal and safety obligations: complying with applicable law, enforcing our Terms of Service, detecting fraud, and protecting the rights, property, or safety of Readee, our Users, or others.

We do not use Child Data to serve targeted advertising, build advertising profiles, or for any commercial purpose unrelated to the educational features of the Service.

4. Legal Bases for Processing

Where required by applicable law (including the EU/UK General Data Protection Regulation), Readee processes Personal Information on the following legal bases:

• Performance of a contract: processing necessary to provide the Service you have requested.
• Legitimate interests: improving the Service, ensuring information security, and detecting fraud, where such interests are not overridden by your fundamental rights.
• Consent: for optional features and communications, and for the collection and use of Child Data under COPPA (verifiable parental consent obtained at account creation).
• Compliance with legal obligations: tax, accounting, and regulatory requirements.

5. Service Providers and Sub-Processors

Readee engages a limited number of trusted third-party service providers (“Sub-Processors”) to operate the Service. Each Sub-Processor is contractually obligated to process Personal Information only as necessary to perform services for Readee and consistent with this Policy.

• Supabase, Inc. — managed Postgres database, authentication, and file storage. United States.
• Stripe, Inc. — payment processing for Readee+ subscriptions. Stripe is independently certified to PCI-DSS Level 1.
• Resend, Inc. — transactional and opted-in marketing email delivery.
• Vercel, Inc. — hosting, content delivery, and edge compute.
• Google LLC (Cloud, Vertex AI, Gemini) — generative AI used to create reading passages, comprehension questions, illustrations, and audio under our zero-data-retention configuration where supported.
• Anthropic, PBC — large-language-model API used for select content generation and Reading Buddy responses, configured without training on Readee data.
• PostHog, Inc. — first-party product analytics, configured to mask IP addresses and to exclude Child Data from event payloads.
• Functional Software, Inc. (Sentry) — error monitoring for diagnostic purposes.

A current list of Sub-Processors may be requested by emailing hello@readee.app. We will provide at least thirty (30) days' notice of any material change to our Sub-Processors where required by applicable law.

6. Children's Privacy (COPPA)

Readee is directed to children under 13 and is operated in compliance with COPPA. We are committed to the following practices:

• Verifiable Parental Consent: Readee obtains verifiable parental consent before knowingly collecting Personal Information from a Child. Consent is provided by the Parent when they create an account, accept this Policy and our Terms of Service, and add a Child profile.
• Data Minimization: we collect from the Child only the information reasonably necessary for the Child to participate in the Service.
• No Behavioral Advertising: we do not engage in behavioral advertising directed at Children, and we do not allow our Sub-Processors to do so.
• Parental Rights: at any time, the Parent may (i) review the Personal Information Readee has collected from their Child, (ii) request that Readee correct or delete that information, and (iii) refuse to permit further collection or use of the Child's information by deleting the Child profile or terminating the account. Requests may be made in the Settings page or by emailing hello@readee.app. We respond within thirty (30) days.
• Operator Identity: Readee Learning LLC is the operator responsible for Child Data collected through the Service. Our contact details are in Section 14.

7. School and Educational Privacy Laws

The Service is currently offered directly to families and is not provided pursuant to any agreement with a school or local education agency. To the extent that any educational record under the Family Educational Rights and Privacy Act (“FERPA”) becomes incidentally part of the Service, Readee will treat that record consistently with FERPA standards. Schools or districts seeking a written data processing agreement, a Student Data Privacy Consortium (“SDPC”) compliant exhibit, or state-specific addenda (including but not limited to New York Education Law § 2-d and California SOPIPA) may contact us at hello@readee.app.

8. Cookies and Similar Technologies

Readee uses strictly necessary cookies and similar technologies to authenticate Users, persist sessions, and protect the Service from abuse. We also use first-party analytics cookies (PostHog) where permissible. We do not sell or share Personal Information for cross-context behavioral advertising. Readee honors Global Privacy Control (“GPC”) signals where applicable.

9. Data Retention

We retain Personal Information for as long as your account remains active and for the period reasonably necessary to provide the Service. Upon account deletion, we delete or de-identify Personal Information within ninety (90) days, subject to limited retention required for (i) financial recordkeeping, (ii) defense of legal claims, or (iii) compliance with applicable law. Backups containing Personal Information are overwritten on rolling cycles consistent with industry practice.

10. Information Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit (TLS 1.2 or higher), encryption of data at rest, role-based access controls, principle of least privilege for staff access, audit logging, and incident response procedures. No method of electronic transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11. International Transfers

Readee is based in the United States and processes Personal Information in the United States. Where Personal Information is transferred from outside the United States, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, where required.

12. Your Rights and Choices

Subject to applicable law, you may have the following rights with respect to Personal Information about you:

• Access: request a copy of the Personal Information we hold about you and your Child.
• Correction: request that we correct inaccurate or incomplete Personal Information.
• Deletion: request deletion of your account and associated Personal Information.
• Portability: request a machine-readable export of your Personal Information. A self-service export is available in the Settings page.
• Restriction and Objection: restrict or object to certain processing activities.
• Withdrawal of Consent: withdraw any consent you have previously provided.
• Non-Discrimination: exercise these rights without retaliation or denial of service.

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), including the right to know the categories of Personal Information collected, the right to limit use of sensitive Personal Information, and the right to opt out of any sale or share of Personal Information. Readee does not sell or share Personal Information as those terms are defined under the CCPA.

To exercise any of these rights, please email hello@readee.app. We will verify your identity before processing your request and will respond within the time period required by applicable law.

13. Changes to this Policy

We may revise this Policy from time to time to reflect changes in our practices, technology, legal obligations, or for other operational reasons. When we make a material change, we will update the “Effective Date” above and provide notice by email or a prominent notice within the Service prior to the change taking effect. Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the revised Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our handling of Personal Information, please contact our Privacy Team at:

Readee Learning LLC
Email: hello@readee.app

You may also lodge a complaint with the supervisory authority in your jurisdiction.