Privacy Policy

AhaMend (operated by KiteString LLC) is a parent-facing product. Children do not create accounts — only a verified parent/guardian signs up, adds a child profile, and gives consent for that child's data to be processed and stored.

From the parent: email address, billing/subscription status (once Stripe ships — Tier 2.1).

About each child, with parental consent:

• Name or nickname and grade level
• The math problem submitted and the child's answer (text or extracted from a photo)
• The diagnosed gap, severity, and any practice/re-check results you log
• Consent records — when and how verifiable parental consent was given (and any withdrawal)

Photos are processed in memory and immediately discarded — we extract the text of the problems and the child's answers, and do not retain the image itself. [ATTORNEY: confirm this is the correct framing — design-doc legal question #4 (images vs. text as "collection") is open.]

• School records, grades, or official assessments
• Your child's identity in any account-creation sense — they never sign in
• Location data or device identifiers

To diagnose learning gaps, generate a tailored practice activity, track progress over time, and build the parent-facing dashboard and study plan. We do not sell personal information, and we do not use child data for advertising.

A separate, de-identified store (no name/child link) may retain anonymized problem/answer patterns to improve diagnosis quality over time. [ATTORNEY: confirm the de-identification standard and disclosure language meet COPPA/FTC expectations — design-doc legal question #1 ("stateless processing as collection").]

Service providers who process data on our behalf under contract, and only as needed to run the product:

• Anthropic (Claude) — to extract and classify problems/answers
• Supabase — database and authentication infrastructure
• Stripe — billing (once Tier 2.1 ships)
• Resend — transactional/activity emails (once Tier 2.3 ships)

We do not sell or rent personal information to third parties.

You can, at any time, from the Privacy & Data page:

• Access — export everything stored for a child as a file
• Delete — permanently erase a child's data, or your entire account
• Withdraw consent — pause a child (their history is kept, but no new diagnoses run until you re-consent)

[ATTORNEY: confirm whether withdrawing consent must, under COPPA, also trigger deletion rather than a "paused" state — the load-bearing open question in §1.5.]

We keep child data for as long as the account is active, plus any legally-required retention for audit trails of deletion/consent requests (which themselves contain no ongoing child PII once a deletion completes). [ATTORNEY: confirm retention windows.]

Data is stored with role-based database access controls; child data can only be read by the consenting parent's authenticated session. [ATTORNEY/SECURITY: add any additional representations needed.]

[ATTORNEY: add any required Washington State student-privacy or consumer-data disclosures — design-doc legal question #3.]

We'll post updates here and, for material changes, notify account holders directly. [ATTORNEY: confirm notice requirements.]

Questions or requests about your data: privacy@ahamend.com — we aim to respond within 5 business days, and fulfill access/deletion requests within 45 days as required under COPPA.