Privacy Policy

Hearthstone Ed ("we," "our," or "us"), operated by Broodlaw Ventures, provides a homeschool management platform that includes compliance tracking, curriculum planning, AI tutoring, progress tracking, and portfolio management. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Personal Information

• Name, email address, and account credentials (via Supabase Auth)
• Family and household information you provide
• Billing information (processed securely by Stripe — we do not store full payment card details)

Student Data

• Student names, grade levels, and dates of birth
• Academic records, progress logs, and portfolio materials
• Curriculum selections, learning preferences, and assessment results
• Attendance records and state compliance documentation

Usage Data

• Device information, browser type, IP address, and operating system
• Pages visited, features used, and session duration
• Interactions with AI features (questions asked, responses received)

We use the information we collect to:

• Provide the Service: Manage your account, deliver compliance tracking, curriculum tools, and portfolio management
• Power AI Features: Our AI tutoring and coaching features use student data and learning context to provide personalized educational assistance
• Process Payments: Handle subscription billing and manage your account status
• Improve the Service: Analyze usage patterns to enhance features, fix bugs, and improve user experience
• Communicate: Send account-related emails, service updates, and (with your consent) educational tips and feature announcements
• Ensure Compliance: Help you meet state homeschool reporting requirements

Hearthstone Ed is designed for use by parents and guardians who manage educational records on behalf of their children. We take the privacy of children seriously and are committed to complying with the Children's Online Privacy Protection Act (COPPA).

• Parental Control: All student accounts are created and managed by a parent or guardian. We do not allow children under 13 to create accounts independently.
• No Direct Collection: We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. All student data is entered and managed by the parent/guardian account holder.
• AI Interactions:If students interact with AI tutoring features, these interactions are conducted under the parent's account and oversight. Parents can review all AI interaction history.
• Parental Rights:Parents can review, modify, or delete their children's data at any time through their account settings or by contacting us.
• Data Minimization: We collect only the student data necessary to provide educational management features.

If you believe we have inadvertently collected information from a child under 13 without proper parental consent, please contact us immediately at price.bradley.a@gmail.com.

We use the following third-party services to operate the platform. Each has its own privacy policy governing their use of your data:

• Supabase: Authentication, database hosting, and file storage. Your account credentials and application data are stored on Supabase infrastructure.
• Stripe: Payment processing for subscriptions. Stripe handles all payment card data directly — we never see or store your full card number.
• Anthropic (Claude):Powers our AI tutoring and coaching features. Relevant educational context is sent to Anthropic's API to generate personalized responses. Anthropic does not use this data to train their models.
• PostHog: Product analytics to understand how the Service is used and improve the user experience. PostHog collects anonymized usage data.
• Resend: Transactional email delivery for account notifications, password resets, and service communications.

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. Specifically:

• Essential Cookies: Required for authentication and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how you use the Service via PostHog. You may opt out of analytics tracking through your account settings.

We do not use advertising cookies or sell your data to advertisers.

We retain your data for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account Data: Retained until you delete your account
• Student Records: Retained until the parent deletes them or the account is closed
• AI Interaction Logs: Retained for up to 12 months, then automatically deleted
• Payment Records: Retained as required by tax and financial regulations (typically 7 years)
• Analytics Data: Anonymized and retained in aggregate form

When you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS/SSL) and at rest
• Authentication is managed through Supabase with support for secure password hashing and session management
• Row-level security (RLS) policies ensure users can only access their own family's data
• Regular security updates and dependency auditing
• Access to production systems is restricted to authorized personnel

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to us at price.bradley.a@gmail.com.

You have the right to:

• Access: Request a copy of the personal data we hold about you and your family
• Correction: Update or correct inaccurate information through your account settings
• Deletion: Request deletion of your account and associated data
• Export: Download your data in a portable format (available through account settings)
• Opt Out: Opt out of non-essential communications and analytics tracking

To exercise any of these rights, contact us at price.bradley.a@gmail.com or use the relevant features in your account settings. We will respond to requests within 30 days.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: price.bradley.a@gmail.com
• Company: Broodlaw Ventures