🔒

Privacy Policy

We believe in transparency about how we protect your data

Last updated: June 18, 2025 | Effective date: June 18, 2025

Principle Labs Inc. ("we", "us") provides a civics-education platform for K-12 learners and general users. This policy explains our practices in plain English, covering all our features including AI assistance, multiplayer games, and learning pods. Principle is a new platform, so while we don't have extensive usage data yet, this policy outlines how we handle data and what we plan to measure as we grow. We are committed to protecting your privacy and giving you control over your personal information.We are FERPA and COPPA compliant and have signed the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement v2.0.

What Information We Collect

Account Information

  • Email address (for account creation and communication)
  • Name (if you choose to provide it)
  • Profile preferences (theme, notification settings, accessibility options)
  • Educational status (for educational access verification)
  • Language preferences and accessibility settings

Educational Records (FERPA Protected)

FERPA Compliance: We act as a School Official with a legitimate educational interest when handling student data. Educational records are isolated in our school schema with enhanced protections.

  • Student names, grades, and school identification numbers
  • Course enrollments and teacher assignments
  • Quiz scores and educational progress tracking
  • Learning pod memberships and classroom integrations
  • Parent/guardian contact information (when applicable)
  • Google Classroom or other LMS integration data

Learning Data

  • Quiz scores, performance metrics, and progress tracking
  • Questions answered, time spent, and learning patterns
  • Skill assessments and knowledge gap analysis
  • Custom deck preferences and AI-generated content interactions (premium users)
  • Gamification data (XP, levels, achievements, streaks)
  • Learning objectives and personalized recommendations

Social & Multiplayer Data

  • Multiplayer game participation and performance
  • Learning pod memberships and interactions
  • Chat messages and communications in multiplayer features (moderated for safety)
  • Social features usage (sharing achievements, inviting friends)
  • Collaborative learning activities and group progress

AI Interaction Data

Privacy First: All AI interactions are anonymized before processing. We never share your personal information with AI providers.

  • Conversations with our AI NPC (anonymized and encrypted)
  • Learning preferences used for AI personalization
  • Content generation requests and preferences
  • AI-powered accessibility feature usage (text-to-speech, translations)

Technical Information

  • Device and browser information
  • IP address and general location (for security and regional content)
  • Usage patterns and app performance data
  • Error logs and crash reports (anonymized)
  • Feature usage analytics and A/B testing data

Planned Analytics & Metrics (New Platform)

Transparency First: As a new platform, we're building systems to measure our effectiveness. Here's what we plan to track to improve civic education quality.

  • Content engagement patterns (which topics generate learning vs. clicks away)
  • Educational effectiveness metrics (knowledge retention and skill development)
  • Community feedback quality (user reports, content bookmarking, sharing patterns)
  • Accessibility usage data (text-to-speech, translation features, device compatibility)
  • Platform performance metrics (load times, error rates, feature adoption)
  • Source credibility tracking (how our content verification systems perform)

Payment & Subscription Data

  • Subscription status and billing history (processed by Stripe)
  • Donation records for access verification
  • Educational access verification documents
  • Gift credit transactions and redemptions

How We Use Your Information

Core Educational Features

  • Personalize your experience: Track your progress, recommend relevant content, and adapt difficulty levels
  • Gamification: Calculate XP, levels, achievements, and maintain learning streaks
  • Skill assessment: Identify knowledge gaps and suggest targeted learning paths
  • Progress analytics: Provide detailed insights into your learning journey

AI-Powered Features

  • AI NPC interactions: Provide personalized learning assistance and answer civic questions
  • Content generation: Create custom quiz questions and learning materials based on your needs
  • Accessibility: Power text-to-speech and language translation features
  • Smart recommendations: Suggest relevant topics and learning objectives

Social & Collaborative Features

  • Multiplayer games: Match you with appropriate opponents and track game performance
  • Learning pods: Enable collaborative learning and group progress tracking
  • Safety & moderation: Monitor interactions to prevent harassment and maintain a positive environment
  • Community features: Enable sharing achievements and connecting with other learners

Platform Improvement & Communication

  • Improve our service: Analyze usage patterns to enhance features and fix issues
  • Build quality metrics: As a new platform, establish baseline measurements for educational effectiveness
  • Community feedback integration: Use user reports and educator feedback to refine our content standards
  • Communicate with you: Send important updates, respond to support requests
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal compliance: Meet legal obligations and enforce our terms of service

Third-Party Services

Stripe (Payment Processing)

We use Stripe to process payments securely. Stripe handles all payment information according to their privacy policy. We never store your full credit card information on our servers.

  • Subscription billing and management
  • Donation processing for access verification
  • Gift credit purchases and transactions
  • Refund and dispute handling

OpenAI (AI Content Generation)

Privacy Protection: We take extraordinary measures to protect your privacy when using AI services.

  • AI NPC conversations: All personal identifiers are stripped before processing
  • Custom content generation: Only anonymized learning preferences are shared
  • No account linkage: OpenAI never receives your name, email, payment info, or any data that could identify you
  • Data retention: AI service providers do not retain conversation data beyond processing
  • Opt-in only: AI features are only used if you explicitly enable them
  • Local processing: Simple AI features like text-to-speech may be processed locally when possible

Sub-Processors (Required for Educational Compliance)

Full Transparency: Below are all third-party services that may access your data, as required by the SDPC National Data Privacy Agreement.

Supabase (Database & Authentication)

Location: AWS us-east-1 | Compliance: SOC 2 Type II

  • • User account management and authentication
  • • Educational records storage with encryption at rest
  • • Learning progress and quiz data storage
  • • Multiplayer and learning pod data

Vercel (Front-end Hosting)

Location: USA & EU PoPs | Compliance: ISO 27001, TLS 1.2+

  • • Front-end hosting and edge network
  • • Performance metrics (anonymized)
  • • CDN for educational content delivery

Sentry (Error Monitoring)

Location: USA | Compliance: DSF signed, Error payloads scrubbed

  • • Error logging (non-PII only)
  • • Application stability monitoring
  • • Crash reports with personal data removed

Statsig (Product Analytics)

Location: USA | Data Retention: 12 months maximum

  • • Event tracking and user analytics (anonymized)
  • • Feature usage metrics and A/B testing
  • • Product performance monitoring

Data Sharing & Protection

What We Share

We never sell your personal data. Period. Your trust is more valuable than any payment.

  • Learning pod members: Only the progress and achievements you choose to share within your learning pods
  • Multiplayer participants: Only your game performance and chosen display name during multiplayer sessions
  • Public achievements: Only achievements you explicitly choose to share publicly
  • Aggregated analytics: Anonymized, non-identifying usage statistics for research and improvement
  • Legal requirements: Information when required by law or to protect rights and safety

What We Don't Share

  • Personal information: Your email, name, or any identifying information
  • Private learning data: Your individual quiz scores, learning patterns, or progress details
  • AI conversations: Your private interactions with our AI NPC
  • Payment information: Any financial or billing details
  • Private communications: Messages or content not explicitly shared by you

Your Rights & Controls

Privacy Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Update: Correct any inaccurate information in your account settings
  • Delete: Request deletion of your account and all associated data
  • Export: Download your learning data, progress, and achievements
  • Opt-out: Disable AI features, analytics, or specific data collection at any time
  • Portability: Transfer your data to another service
  • Restrict processing: Limit how we use your information
  • Object: Object to certain types of processing

Granular Controls

  • AI features: Enable/disable AI NPC interactions and content generation
  • Social features: Control visibility in multiplayer games and learning pods
  • Analytics: Opt out of usage analytics and performance tracking
  • Communications: Manage email preferences and notification settings
  • Data sharing: Control what information is shared in collaborative features
  • Accessibility: Enable/disable text-to-speech and translation features

Account Management

  • Profile settings: Control what information is visible to other users
  • Learning pod privacy: Manage who can see your progress and invite you to pods
  • Multiplayer settings: Control matchmaking preferences and communication options
  • Data retention: Set preferences for how long we keep your inactive data

Children's Privacy (COPPA Compliance)

Age Requirement: Principle is designed for users 13 and older. Users under 18 need parental consent.

  • Parental consent: Required for all users under 18
  • Limited data collection: We collect minimal data from minors and never use it for advertising
  • Enhanced protections: Additional privacy safeguards for users under 18
  • Educational focus: All features for minors are strictly educational
  • Moderated interactions: Enhanced moderation for any social features involving minors
  • Parental access: Parents can request access to their child's data and account deletion
  • No behavioral advertising: We never target ads to children
  • Age verification: We use age screening to prevent underage access

Data Retention

  • Active accounts: Data is retained while your account is active
  • Educational contracts: Educational records deleted within 30 days of contract termination (FERPA requirement)
  • Individual accounts: Personal data deleted within 30 days of account deletion request
  • Inactive accounts: Data may be deleted after 3 years of inactivity (with prior notice)
  • Legal requirements: Some data may be retained longer for legal compliance
  • Anonymized analytics: Anonymized usage data may be retained indefinitely for research and platform improvement
  • New platform data: As we establish baseline metrics, anonymized engagement patterns help us understand what civic education approaches work best
  • AI training data: Anonymized interactions may be used to improve our AI systems
  • Backup retention: Encrypted backups are retained for 90 days for disaster recovery
  • Educational backups: Rolling 7-day backups align with database backup policy

International Data Transfers

Principle operates globally. Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information regardless of where it's processed.

  • Data location: Primary servers are located in the United States
  • Legal basis: We use standard contractual clauses for international transfers
  • Security: All transfers are encrypted and secured
  • Your rights: You maintain all privacy rights regardless of data location

Cookies & Tracking Technologies

Essential Cookies

  • Authentication: Keep you logged in securely
  • Preferences: Remember your theme and language settings
  • Security: Protect against cross-site request forgery
  • Session management: Maintain your session during use

Analytics Cookies (Optional)

  • Usage patterns: Understand how features are used
  • Performance: Measure page load times and errors
  • A/B testing: Test new features and improvements
  • Opt-out available: You can disable analytics in settings

Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (HTTPS) and at rest (AES-256)
  • Access controls: Strict employee access controls and regular security audits
  • Data minimization: We collect only what's necessary for our service
  • Regular backups: Secure, encrypted backups to prevent data loss
  • Incident response: Established procedures for handling any security incidents
  • Anonymization: Personal identifiers are removed from analytics and AI processing
  • Secure development: Security review of all code and features
  • Vulnerability management: Regular security scans and updates
  • Two-factor authentication: Available for enhanced account security

Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

  • Initial notification: 24-hour initial email to affected users and district CISOs
  • Full report: Comprehensive 72-hour report with complete details
  • Educational institutions: Direct notification to district administrators and IT security teams
  • Detailed information: We'll explain what happened, what data was affected, and steps taken
  • Remediation: We'll provide guidance on protecting yourself
  • Support: Dedicated phone hotline and support for affected users
  • Transparency: Public disclosure when appropriate
  • Legal compliance: All notifications will meet FERPA and state educational data laws

Contact Us About Privacy

Questions about this privacy policy or your data? We're here to help:

  • Privacy inquiries: privacy@principlecivics.com
  • Data Protection Officer: legal@principlecivics.com
  • Educational compliance: support@principlecivics.com
  • Security concerns: legal@principlecivics.com
  • Legal matters: legal@principlecivics.com
  • Data requests: Submit requests for data access, correction, or deletion through your account
  • Response time: We respond to privacy requests within 30 days (educational institutions within 15 days)
  • FERPA requests: Educational data requests processed within FERPA-required timeframes

Changes to This Policy

When we update this privacy policy:

  • We'll notify you via email and in-app notification
  • Changes take effect 30 days after notification
  • We'll highlight significant changes clearly
  • Previous versions are available upon request
  • Continued use means you accept the updated policy

Our Privacy Promise: We collect only what's necessary to provide you with a great learning experience. We never sell your data, we use strong privacy protections for all AI features, and you have complete control over your information. Your trust is our most valuable asset.