TIE Academy
Get started

Legal · How your data flows

From the moment you type, to the moment you delete.

This page is the receipts that back up the five privacy promises on the homepage. Five steps. No marketing voice. If anything here is unclear, write to sam@tie.school and we'll revise the page.

Last updated: 2026-05-06

  1. Step 1

    You enter the data

    Child profile, observations, parent concerns. Always your choice what to share.

  2. Step 2

    We store it, encrypted

    TLS in transit. Access-controlled, encrypted database at rest.

  3. Step 3

    AI uses it (only when you ask)

    Identifying details stripped first. Only the developmental signal goes to the AI provider.

  4. Step 4

    Three named subprocessors

    Clerk for sign-in. Stripe for billing. Anthropic for AI. Contracts forbid training.

  5. Step 5

    You can leave any time

    Download or delete on demand. 30 days post-cancel, everything is permanently erased.

1. When you enter data

TIE Academy collects the data you choose to share when building your child's profile and asking the AI assistant questions. There is no background data collection — no analytics tracking on individual parents, no cross-site profiling, no third-party cookies on the parent dashboard. The four kinds of data we collect are these:

  • Account basics — email, name, locale, time zone. Created via Clerk on sign-up. Required for the platform to work.
  • Child profile (the Spec) — age, developmental observations, interests, learning style, parent concerns. Always your choice. The platform works on a partial profile; deeper insights require deeper detail.
  • AI assistant conversations — the questions you ask and the answers we generate. Stored so you can come back to them; never used to retrain models.
  • Billing — Stripe holds card details, not us. We see only the subscription state, the plan tier, and the last four digits for reference. Card numbers and CVCs never enter our systems.

2. Where it's stored

Once you submit the data, it travels and rests under specific protections — not because we say so, but because the infrastructure enforces it.

  • In transit — every byte travels over TLS 1.2 or higher. Anyone intercepting the connection sees encrypted noise, not your child's profile.
  • At rest — our PostgreSQL database is encrypted at the disk level. The application layer requires authenticated access for every read.
  • Access control — only the parent who owns an account can read that account's data. No internal browsing, no team-wide search across families. The admin tool is auditable and access is logged.
  • Hosting — the parent app and database run on infrastructure inside the United States. Subprocessors (Clerk, Stripe, Anthropic) operate under their own SOC 2 / ISO regimes, listed at /legal/subprocessors.

3. When AI uses your data

When you ask the AI assistant a question, or when we generate the Initial Report, the platform sends a prompt to an AI provider (today, Anthropic). What gets sent is more limited than you might expect.

  • Identity scrubbed — your child's name, exact birthdate, school name, address, and any other identifying details are stripped from the prompt before it leaves our servers. The model sees "an 8-year-old," not your daughter by name.
  • Only the developmental signal is sent — age band, learning style, language environment, observations relevant to the question. The full profile never leaves our database.
  • Provider contract forbids training — our agreement with Anthropic explicitly prohibits using our prompts and completions to train their models. This is the data-use clause they offer to enterprise customers; we use it.
  • We log inferences for our own debugging — but only metadata (timestamp, model, latency, success/failure). The prompts and completions are stored against your account so you can review them; they are never analyzed across accounts.

4. Our subprocessors

We use three external services to run TIE Academy. Each has a specific role and a contract that constrains what they can do with your data. The full list with contract terms lives at /legal/subprocessors.

  • Clerk — handles sign-in, sign-up, and session management. Sees your email and name. Does not see your child's profile, your AI conversations, or your billing details.
  • Stripe — handles billing. Sees your card details, billing address, and subscription state. Does not see your child's profile or your AI conversations.
  • Anthropic — runs the AI inferences. Sees the identity-scrubbed developmental signal you ask about. Does not see your name, your child's name, your billing, or any cross-account data. Contractually forbidden from training on it.

5. When you leave

You can leave at any time, in three ways. Each one is yours to control.

  • Download — from /settings → Privacy, you can export the full child profile and AI conversation history as a single archive. Yours to keep, regardless of whether you stay subscribed.
  • Delete — from /settings → Privacy, you can permanently delete the child profile or the entire account. Confirmation is required; deletion is irreversible.
  • 30-day retention on cancel — when a subscription is cancelled, the data is retained for 30 days in case you change your mind. After 30 days it is permanently erased from the database, the daily backups, and the AI conversation logs.