Legal · Privacy

Privacy policy

We protect minors' data as if it were our own children's. Because often, it is.

Last updated: 2026-06-02

1. What we collect

We collect a limited set of information needed to provide the service:

  • Parent account information — name, email address, language preference, and authentication identifiers handled by Clerk. Billing information (card details, billing address) is collected and stored by Stripe; we do not store full card numbers.
  • Child profile information — the child's first name (or nickname), age band, interests, parent's observations about development and learning, and optional bilingual or family-context information that the parent enters into the Spec.
  • Behavioral information — pages viewed, features used, account-level events such as sign-in and subscription state changes. We use this information to operate and improve the service.
  • Feedback information — pin completions on the weekly roadmap, reactions to GETIT learning kits, and the parent-asked questions you submit to the AI assistant.

2. How we use it

We use the information you provide to operate the service for your family.

  • To generate AI insights, the weekly roadmap, the Initial Report, and GETIT learning kits about your child.
  • To personalize program recommendations and surface TIE Academy programs that may fit your child.
  • To send transactional emails (account, billing, program enrollment, scheduled reminders) and the optional weekly digest. You can opt out of the weekly digest from Settings. Transactional emails cannot be opted out of while your account is active because they are required to operate the service.
  • To improve the service in aggregate. We do not sell your data, we do not build advertising profiles, and we do not share children's data for marketing purposes.

3. How we process data with AI providers

To generate insights, reports, recommendations, and assistant responses, we send the minimum necessary information to third-party AI providers — Anthropic (Claude) and OpenAI — for inference. Please understand the following:

  • We do not use your child's data — or any of your data — to train any third-party AI model. The data we send to AI providers is for inference only. Anthropic's commercial API terms prohibit training on customer prompts and completions; we operate under those terms.
  • Anthropic retains prompt and completion data for up to 30 days for trust-and-safety review, as described in their commercial API terms. We do not pass an account identifier with our requests, so Anthropic cannot link a prompt to a specific TIE Academy account or to a specific child. OpenAI is not used by any V1 feature today; we list it as a reserved processor in case a future feature needs it.
  • We send the minimum data needed for the requested feature. Generating an Initial Report sends the child's profile; asking the AI assistant a question sends the question and the relevant Spec context; generating a weekly roadmap sends the recent profile and feedback signals. We do not send unrelated parts of your account, and known-diagnoses notes you provide are excluded from the AI assistant's grounding by design.
  • AI providers may run their services on infrastructure located outside your country of residence, including in the United States. By using the service, you consent to the transfer of the necessary data to those providers for the purposes described above.

4. Third-party processors we use

We rely on a small set of vetted third-party processors to operate the service. Each processor handles only the data needed for its function and operates under its own privacy policy.

  • Clerk — authentication and account management. https://clerk.com/legal/privacy
  • Stripe — payment processing and billing. https://stripe.com/privacy
  • Resend — transactional and digest email delivery. https://resend.com/legal/privacy-policy
  • Anthropic — AI inference (Claude). https://www.anthropic.com/legal/privacy
  • OpenAI — AI inference. https://openai.com/policies/privacy-policy
  • Cloudflare — DNS, edge networking, and DDoS protection. https://www.cloudflare.com/privacypolicy/
  • Google — only if you choose to sign in with a Google account (Google OAuth is currently disabled in this version). https://policies.google.com/privacy
  • KakaoTalk (Kakao Corp.) — only for in-person programs, and only if you choose "Allow" for group sharing at registration. KakaoTalk is the channel through which we share in-person session photos/videos with other enrolled families in a parents' group chat. Receives the shared photos/videos and the chat participants you join with. See Section 7 for your choice and how to withdraw it. https://www.kakao.com/policy/privacy

5. Cookies and tracking

We use only the cookies and similar technologies that are strictly necessary to operate the service: a Clerk session cookie to keep you signed in, a locale-preference cookie to remember your language, and Cloudflare cookies that protect the service from abuse. These cookies are required and cannot be disabled while you use the service.

  • We do not use third-party advertising or analytics cookies in this version. There is no Google Analytics, no Meta Pixel, and no advertising-network tracking on the platform today.
  • If we add product analytics in the future (for example, a self-hosted PostHog instance), we will update this policy and provide a clear opt-out before any non-essential tracking is enabled.

6. Data retention

We retain your data only as long as needed to provide the service or to satisfy legal obligations.

  • Active accounts — your data is retained while your subscription is active and you continue to use the service.
  • Closed accounts — when you close your account, your data enters a 30-day soft-delete window during which the account can be recovered. After 30 days, your account data is fully deleted from our production systems, except where retention is required by law or for fraud prevention.
  • Initial Report PDFs — under our keep-PDF-on-cancel-within-trial goodwill rule, the downloaded Initial Report PDF and the read-only in-app reader remain available even after subscription cancellation. AI-assistant grounding stops on cancellation; re-subscribing reactivates the existing report without regenerating it.
  • Audit logs — security and compliance audit logs are retained for 12 months.

7. Children's privacy

TIE Academy is designed for parents and guardians. A parent or guardian creates and manages the account and enters their own child's information. Children under 14 do not have their own login — their information is managed entirely by their parent or guardian. A young person aged 14 or older may be invited by their parent or guardian to sign in with their own account to see their own courses. We treat information about children with extra care, in line with the U.S. Children's Online Privacy Protection Act (COPPA) and the Republic of Korea's Personal Information Protection Act (PIPA).

  • For a child under 14, we ask the parent or guardian for clear, affirmative consent at the time the child's profile is created — not merely by signing up. For accounts without a paid subscription, we confirm that consent by sending a follow-up email to the parent or guardian that restates this notice and explains how to withdraw. We do not build the child's profile or use any AI features for that child until consent is recorded. (For a paid subscription, the payment card already provides verifiable parental consent.)
  • Parents and guardians can review, modify, delete, or withdraw consent for the child's data at any time — from the Spec section, from Settings, or by emailing sam@tie.school. Withdrawing consent stops all processing of that child's information and suspends the child's profile; you can then delete it entirely. Deletion removes the child's data from our active systems within the standard deletion window described in Section 6.
  • We use children's information only inside TIE Academy to provide guidance to the family. We do not sell it, do not share it with third parties, do not direct marketing or advertising at children, and never use it to train any AI model.
  • If you believe a child's data has been collected by us without proper parental consent, contact sam@tie.school and we will investigate and, where appropriate, delete the data promptly.
  • For in-person programs (camps and classes), we may share photos or videos of children with the other enrolled families, including in a parents' group chat on KakaoTalk (operated by Kakao Corp.), so that families can see what their children did. We never share a photo or video of your child beyond your own family — including in the group chat — unless you choose "Allow" for group sharing at registration. If you choose "Do not allow," your child is kept out of photos shared with other families and in the group chat (or blurred/cropped where a group shot is unavoidable), and we will not post your child's image in that chat. KakaoTalk acts as the sharing channel for this offline photo sharing; you can withdraw consent at any time by emailing sam@tie.school, which stops future sharing.

8. Korean residents (PIPA)

For users residing in the Republic of Korea, the Personal Information Protection Act (PIPA) applies. This document serves as our 개인정보 처리방침 (privacy policy) for those users. You have the following rights:

  • Right to access your personal information (개인정보 열람권).
  • Right to correct or delete your personal information (정정·삭제권).
  • Right to suspend processing of your personal information (처리 정지권).
  • Right to withdraw the consent you previously gave (동의 철회권).
  • Personal Information Protection Officer (개인정보 보호책임자) — Sam Ahn, contactable at sam@tie.school. We respond to PIPA requests within the timelines set by the Act.

9. Your rights

Wherever you reside, you can access, correct, delete, or export your data, and you can withdraw consent for non-essential processing. Most of these actions can be performed directly from the Spec area and from Settings. For requests we cannot fulfill in-app — including export of all your data and account deletion confirmation — email us at sam@tie.school. We aim to respond within 30 days. We may verify your identity before completing a request to protect your account and your child's data.

10. Security

We use industry-standard practices to protect your data: TLS for data in transit, encryption at rest where the underlying infrastructure supports it, principle-of-least-privilege access for engineers, and audit logging for sensitive operations. No system is perfectly secure. If we experience a data breach that creates a risk to your rights, we will notify you and the relevant regulators within the timeframes required by applicable law (typically 72 hours).

11. International data transfers

TIE Academy is operated from the United States, and the data we collect is stored on infrastructure located in the United States. AI inference and email delivery may also occur on infrastructure located outside your country of residence. By using the service from outside the United States — including from the Republic of Korea — you consent to the cross-border transfer of your data to the United States and to the third-party processors listed in Section 4 for the purposes of providing the service.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when we do, and for material changes we will provide additional notice by email or in-app banner before the changes take effect. Continued use of the service after the effective date of an updated policy means you accept the updated terms.

13. Contact

For privacy questions, data-rights requests, or to report a privacy concern, contact sam@tie.school. We aim to respond within 30 days, sooner where required by applicable law.