Privacy Policy
Last Updated: December 31, 2025
In Plain Language
We respect your privacy and your children's privacy. Here's the essential:
- β’ Minimal data: We only collect what's necessary (name, birth month/year, email)
- β’ No selling: We NEVER sell your data to third parties
- β’ Parental control: Parents can view and delete their children's data
- β’ Security: All data is encrypted and protected
- β’ No advertising: No targeted advertising for minors
- β’ Right to be forgotten: You can request complete deletion at any time
1. Information We Collect
In brief
We collect your name, birth month and year, email, and learning activity. That's it!
1.1 Information You Provide Directly
| Data Collected | Why | Required? |
|---|---|---|
| Full name | To identify you on the platform and allow teachers to recognize you | β Yes |
| Username | To log into your account | β Yes |
| Birth month and year | To determine age-appropriate permissions | β Yes |
| Email (14-17 years) | For password recovery and notifications | β οΈ Optional |
| Email (18+ years) | For communication and account management | β Yes |
| Parental email (< 18 years) | For approval, notifications, and account management | β Yes |
| Password | To secure your account | β Yes |
Payment Data
Important: Correctia NEVER collects or stores your banking or credit card information.
Payments are processed entirely by Stripe, our PCI-DSS certified payment processor. Stripe collects and secures your payment data according to the strictest banking standards.
Correctia only receives a payment confirmation (without seeing your banking information).
1.2 Automatically Collected Information
When you use Correctia, we automatically collect:
- Activity data: Exercises you complete, your scores, time spent
- Technical data: Device type, browser, IP address
1.3 Temporary Processing (OCR and Audio Transcription)
Photos and Audio Files - Processing Without Storage
If you upload a photo of text or an audio file:
- The file is temporarily sent to our servers (Google Cloud Canada)
- Text is extracted (OCR) or transcribed (audio β text)
- Only the extracted TEXT is kept
- The original photo/audio is DELETED immediately after processing (< 60 seconds)
Result: We never store your photos or audio files. Only the text extracted from them.
Important for Parents
We NEVER STORE:
- β Full physical address
- β Phone number
- β Precise geographic location
- β Uploaded photos or videos (temporarily processed for OCR/audio transcription, then immediately deleted)
- β Uploaded audio files (transcribed to text, then immediately deleted)
- β Social insurance number
- β Banking card information (managed by Stripe, never by Correctia)
2. How We Use Your Data
In brief
Your data is only used to operate the learning platform and send you important notifications.
2.1 Educational Use
- β Create and manage your account
- β Allow you to play learning activities
- β Track your progress and generate statistics
- β Enable teachers to create adapted activities
- β Improve exercise quality
2.2 Communication
- β Service emails: Registration confirmation, password recovery
- β Transaction emails: Top-up confirmation, receipts
- β Security emails: Suspicious activity alert, password change
- β Weekly reports (parents): Usage statistics (optional)
Advertising
We send NO advertising and do not share your data for marketing purposes.
3. Location and Data Sovereignty
In brief
Your data is stored in Canada (Quebec). Only certain AI analyses are processed in the United States, but your raw data stays here.
3.1 Data Storage
All your personal data is stored on servers located in Canada, primarily in Quebec.
| Data Type | Storage Location |
|---|---|
| Account information | π¨π¦ Quebec, Canada |
| Activity data | π¨π¦ Quebec, Canada |
| Learning history | π¨π¦ Quebec, Canada |
| Uploaded photos/texts (OCR) | π¨π¦ Quebec, Canada |
| Payment data | π¨π¦ Stripe Canada (PCI-DSS certified) |
Data Sovereignty
Your personal data remains under Canadian and Quebec jurisdiction, ensuring maximum protection under Canadian privacy laws.
3.2 AI Inference Processing
For certain features using artificial intelligence, some processing is performed in the United States via our AI partners:
- Anthropic (creator of Claude)
- Google Gemini
Important to Understand
What is sent to the United States:
- AI chatbot queries ("Create" feature, 18+ only)
- Questions asked to AI to generate activities
- Necessary context to respond to your requests
What STAYS in Canada:
- [π¨π¦] All your personal data (name, email, date of birth)
- [π¨π¦] Your complete learning history
- [π¨π¦] Uploaded photos and documents
- [π¨π¦] OCR transcription (text recognition on images)
- [π¨π¦] Payment data
3.3 Protection Guarantees
For processing performed in the United States, we have implemented:
- [π] End-to-end encryption during transmission
- [π] Standard contractual clauses (SCC) with our AI partners
- [π] No permanent storage of queries in the United States
- [π] Anonymization of queries (no name/email sent)
- [π] GDPR compliance for international transfers
Why Some AI Processing in the United States?
Cutting-edge AI models (like Anthropic's Claude and Google's Gemini) require massive infrastructure currently available primarily in the United States. We are working to repatriate this processing to Canada as soon as technology permits.
4. Data Sharing
In brief
We NEVER sell your data. We only share it with our technical service providers (hosting, payment) who are bound by confidentiality.
4.1 Who Do We Share With?
| Provider | Service | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, transaction amount |
| Google Cloud | Server hosting (Canada) | All data (encrypted, stored in Quebec) |
| Anthropic / Google Gemini | AI inferences ("Create" chatbot, 18+ only) | Chatbot queries (anonymized, processed in US, not stored) |
4.2 When Do We Share?
- β With your explicit consent
- β To comply with a legal obligation
- β To protect our rights or your safety
- β NEVER for advertising or marketing
- β NEVER sold to third parties
5. Protection of Minors (< 18 years)
In brief
We comply with COPPA and GDPR laws. Parents control minors' accounts.
5.1 Children Under 14
- β Parental approval required before account activation
- β Parent notified of any changes (password, etc.)
- β Password recovery sent only to parent
- β No direct payment access (parent only)
- β No personal email collection
- β No AI chatbot access ("Create" feature)
5.2 Teens 14-17 Years
- β Parental approval required after registration
- β Parent notified of important changes
- β Optional personal email for recovery
- β Terms acceptance by the teen themselves
- β Weekly report to parent (optional)
- β No AI chatbot access
- β No direct payment access
5.3 Parents' Rights
Parents of children under 18 can:
- β View their child's data (via info@correctia.ai)
- β Request correction of inaccurate data
- β Request complete account deletion
- β Temporarily suspend the account
- β Reset password
- β Receive weekly activity reports
- β Revoke their consent at any time
Transition at 18
When a user turns 18 (based on their birth month and year), their account is automatically upgraded with all adult permissions. The parent stops receiving notifications.
6. Data Security
In brief
We use industry best practices to protect your data: encryption, secure servers, restricted access.
6.1 Technical Measures
- HTTPS encryption: All communications are encrypted
- Hashed passwords: We never know your password
- Secure servers: Hosted in certified data centers
- Regular backups: Your data is backed up daily
- Intrusion detection: 24/7 monitoring of suspicious activities
6.2 Organizational Measures
- Restricted access: Only authorized employees access data
- Training: Our team is trained in data protection
- Regular audits: Quarterly security review
No System is Perfect
Despite our efforts, no transmission over the Internet is 100% secure. We recommend using a strong and unique password.
7. Data Retention
In brief
We keep your data as long as your account is active. After deletion, we erase it within 30 days (except legal obligations).
| Data Type | Retention Period |
|---|---|
| Account data | As long as account is active + 30 days after deletion |
| Activity data | As long as account is active + 30 days after deletion |
| Payment data | 7 years (tax obligation) |
| Security logs | 90 days |
| Unapproved accounts | 14 days then automatic deletion |
8. Your Rights
In brief
You have full control over your data: access, correction, deletion, download, opposition.
8.1 Under GDPR and Quebec Laws
| Right | Description | How to Exercise |
|---|---|---|
| Right of access | Obtain a copy of your data | Email to info@correctia.ai |
| Right to rectification | Correct inaccurate data | Account settings or email |
| Right to erasure | Delete your data | Settings β Delete account |
| Right to portability | Download your data | Email to info@correctia.ai |
| Right to object | Object to processing | Email to info@correctia.ai |
| Right to restriction | Temporarily limit use | Email to info@correctia.ai |
8.2 Response Time
We commit to responding to your requests within 30 days maximum.
9. Cookies and Similar Technologies
In brief
We only use essential cookies to make the site work (login, security). No advertising cookies.
| Cookie Type | Use | Required? |
|---|---|---|
| Session | Keep you logged in | β Yes |
| Security | Protection against attacks | β Yes |
| Preferences | Remember your choices (language, etc.) | β No |
| Analytics | Understand how the site is used | β No |
| Advertising | N/A - We do NOT use this type | β Never |
10. Changes to This Policy
In brief
If we modify this policy, we will notify you by email 30 days in advance.
We may modify this Privacy Policy from time to time. In case of significant changes:
- β We will send you an email 30 days before it takes effect
- β For minors, the email will be sent to the parent
- β The new version will be published on this page
- β The "Last Updated" date will be changed
Our Commitment
30 days notice is well beyond the industry standard (7-14 days). We believe you deserve ample time to review changes and make an informed decision.
Your continued use of the service after the effective date means you accept the new policy.
Contact Us
For any questions about this policy or to exercise your rights:
Email: info@correctia.ai
Response within: 48 hours maximum
Supervisory authority (in case of dispute):
Commission d'accès à l'information du Québec (CAI)
www.cai.gouv.qc.ca