Privacy Policy for GAIA Platform Last Updated: June 14, 2026 4 Core Labs ("we," "us," or "our") operates the GAIA Platform (gaia.4corelabs.com). This Privacy Policy explains how we collect, use, and protect your information when you use our services. 1. INFORMATION WE COLLECT Account Information When you create an account, we collect: - Name and email address - Age or date of birth (required for COPPA compliance) - Grade level and learning preferences - Parent/guardian information for users under 13 Learning Data We collect data to personalize your learning experience: - Course progress and quiz results - AI companion configurations you create - Interaction history with AI teachers and companions - Time spent on lessons and subjects - XP points, levels, and achievements Technical Data We automatically collect: - Device type, browser, and operating system - IP address (used only for security and fraud prevention) - Pages visited and features used - Session duration and frequency 2. HOW WE USE YOUR INFORMATION We use your information to: - Provide and personalize the GAIA tutoring experience - Match you with appropriate AI teachers for your grade level - Track learning progress and provide feedback - Communicate with you about your account and updates - Improve our platform and develop new features - Ensure platform security and prevent fraud - Comply with legal obligations We do NOT: - Sell your personal information to third parties - Use your data for targeted advertising - Share student data with anyone except as described in this policy - Use your learning data to train AI models without your consent 3. DATA SHARING We share data only in these limited circumstances: - With parents/guardians of users under 13 (as required by COPPA) - With Supabase (our database provider) to store and manage your data securely - With Cloudflare (our hosting provider) to serve the website securely - When required by law (e.g., court order, subpoena) 4. PARENTAL ACCESS & CONSENT (COPPA) For users under 13 years of age: - A parent or legal guardian must create the account and provide verifiable consent - Parents can view all data collected from their child - Parents can request deletion of their child's data at any time - Parents can revoke consent and have the account deleted - The parent dashboard provides full visibility into their child's activity For users 13-17 years of age: - We collect verifiable parental consent before collecting personal information - Parents retain the right to review and delete their child's data 5. DATA SECURITY We protect your data using: - Encryption in transit (TLS/HTTPS) and at rest (AES-256) - Row-Level Security on our database (users can only access their own data) - Secure authentication via Supabase Auth - Regular security reviews of our codebase and infrastructure - Access controls limiting who can view student data No system is 100% secure. We use industry-standard measures and monitor for threats. If a data breach occurs, we will notify affected users within 72 hours as required by law. 6. DATA RETENTION & DELETION You can request deletion of your data at any time by: - Emailing privacy@4corelabs.com - Using the account settings in your dashboard - Contacting hello@4corelabs.com We will delete your data within 30 days of your request. Some data may be retained longer as required by law. If you delete your account: - All personal data is permanently removed - Learning progress and AI companions are deleted - Anonymous, aggregated data may be retained for platform improvement 7. YOUR RIGHTS You have the right to: - Access: Request a copy of all data we hold about you - Correction: Update inaccurate personal information - Deletion: Request deletion of your personal data - Portability: Export your data in a machine-readable format - Restriction: Request limited processing of your data - Objection: Object to processing of your data for specific purposes To exercise these rights, contact privacy@4corelabs.com. 8. CHILDREN'S PRIVACY GAIA is designed for learners of all ages, including children. We take extra precautions for users under 18: - Age-appropriate content and language - Parental controls and monitoring - No external social features without parent approval - AI companions do not collect or store personal conversations beyond the learning context - Test lockdown system prevents AI assistance during assessments 9. THIRD-PARTY SERVICES Our platform uses: - Supabase: Database and authentication (hosted in US, SOC 2 compliant) - Cloudflare: Website hosting, CDN, and email routing - Formspree: Contact form processing These providers process data on our behalf under strict data processing agreements. They do not use your data for their own purposes. 10. COOKIES & TRACKING We use essential cookies for: - Authentication (keeping you logged in) - Security (preventing cross-site request forgery) - Preferences (remembering your settings) We do not use: - Advertising cookies - Third-party tracking cookies - Cross-site tracking 11. INTERNATIONAL USERS GAIA is available worldwide. If you are outside the United States, your data may be transferred to and processed in the United States. We comply with applicable data protection laws. 12. CHANGES TO THIS POLICY We may update this Privacy Policy periodically. We will notify users of significant changes via email or platform notification. Continued use of GAIA after changes constitutes acceptance. 13. CONTACT US For privacy-related questions, requests, or complaints: - Email: privacy@4corelabs.com - General contact: hello@4corelabs.com - Mail: 4 Core Labs, 338 Hawridge Rd, Ozark, AL 36360 For COPPA-related concerns: - Email: coppa@4corelabs.com