Privacy Policy

At a glance

The Hadden Innovations Learning Hub (“the platform,” “we”) is a PreK–12 learning environment used by families. A parent creates the account, adds a child, and the child signs in to lessons under the parent’s supervision. We collect the minimum information needed to deliver lessons, accommodations, and the optional Family Story keepsake feature.

• We do not show advertising of any kind.
• We do not use third-party analytics, behavioral tracking, or ad-tech pixels. There is no Google Analytics, Sentry, Plausible, Mixpanel, or similar service in our pages.
• We do not share or sell personal information about you or your children to data brokers.
• Two optional features may transmit information to a third-party processor when you turn them on: AI authoring assistance for the Family Story (OpenAI or Anthropic), and the sign.mt sign-language widget. Both are off by default. See Third parties.

Who we are and how to reach us

The platform is operated by Hadden Innovations. For privacy questions, parental rights requests, or to report a concern, email hello@haddeninnovations.com. We aim to respond within ten business days.

Information we collect from parents

When a parent creates an account, we collect:

• Email address and a password hash (Argon2id, never the password itself).
• Display name and an optional “child label” (e.g. “Mom,” “Dad”).
• Optional profile fields you choose to fill in: legal first/middle/last name and surname, profile photo, phone number, and home address. These power personalization features such as the child’s Safe Circle.
• A timestamp recording that the parent attested to being 18 or older and to creating the account on behalf of their child.
• Connection metadata each time you sign in: IP address, browser/device user agent, and session timestamps.

Information we collect about a child

A parent — never the child directly — creates the child’s account. The parent supplies, and we store:

• Display name, optional first/middle/last name and surname, optional avatar, birth year (required), optional full birth date, optional sex, optional grade level.
• A username and a numeric PIN (stored Argon2id-hashed, never in plain text) that the child uses to sign in alongside the family code.
• Optional accessibility profile and disability tags so lessons surface the right accommodations.

When a child signs in to do lessons, the platform records:

• Lesson and quiz activity: which lesson was visited, quiz score and total, number of wrong tries, time spent. Quiz answers are stored as scores only — we deliberately do not retain a per-question fingerprint of which option the child picked, except inside the optional placement test where the per-question selection is needed to recommend a starting grade.
• Connection metadata for the child’s session: IP address, user agent, session timestamps. The IP and user agent are used for session security, not for advertising or profiling.

If the parent enables the optional Family Story feature, the parent (and in some places the child via the parent) may write free-text answers about the child’s life, family, and milestones. Those answers are stored encrypted at rest and are never made publicly accessible unless the parent generates a share link from inside their account.

Drawings, name-tracing, and handwriting practice happen entirely on the child’s device. The canvas data is not transmitted to our servers and is not stored.

How we use this information

• To deliver the lessons, accommodations, and family features you sign up for.
• To remember a child’s placement and progress so the next session resumes where they left off.
• To let parents review their child’s activity, manage children’s accounts, and toggle accessibility supports.
• To keep accounts secure: detect suspicious sign-ins, rate-limit failed logins, and let an admin investigate abuse.
• To respond to support requests and to communicate operational notices (account recovery, policy changes).

We do not use child information to build advertising or marketing profiles, sell personal information, or share it with data brokers. We do not use child information to train or improve any third-party AI model.

Third parties

The platform is intentionally built to keep third parties to a minimum. The complete list of services that may receive any information related to a family account is:

• OpenAI and Anthropic— only when a parent explicitly enables “AI assistance” from their Profile page. Once enabled, the Family Story’s “Help me draft this” and tree-builder shortcuts send the focus child’s first name and the parent’s typed family description to whichever provider is configured. Drafts are returned for the parent to edit; nothing is auto-saved. The toggle is off by default and can be revoked at any time.
• sign.mt — only when a parent explicitly enables the sign-language widget for a child with the deaf disability profile. Lesson narration text is sent to sign.mt for on-the-fly translation each time the widget renders. Off by default.
• Email relay (SMTP) — used to send transactional email (password reset, account notices) to parents. We do not include child information in operational email.

We do not embed third-party analytics, advertising tags, font-server requests, or social widgets in pages a child sees. Fonts are bundled with the app at build time so a child’s browser does not contact font CDNs at runtime.

Cookies and similar technologies

The platform uses a small number of first-party cookies for essential functionality:

• hi_session — a server-side session token marked HttpOnly, Secure, and SameSite=Lax. Used to keep you signed in.
• hi_actor — records whether you are signed in as a parent, child, educator, or admin so the right portal renders.

We do not set any third-party cookies and do not use cookies for advertising or cross-site tracking. The browser also stores a small amount of preference data locally (theme, accessibility settings, draft text) so it persists across page loads.

Retention and deletion

• Sessions: session rows are deleted within an hour after they expire or are revoked. A cleanup job runs every fifteen minutes.
• Children’s accounts: when a parent deletes a child from the parent portal, the child is hidden immediately and a hard-delete is scheduled to run thirty days later. The hard-delete cascades through every table that stores child information — quiz scores, placement results, accessibility profile, family-tree links, story answers, lesson progress, sessions — and removes them.
• Erase now:a parent can skip the thirty-day window and permanently erase a child’s account immediately from the child’s profile page. This is irreversible.
• Parent accounts: contact us to delete a parent account. Deleting a parent removes the linked children with the same cascade.
• Backups: our database backups are encrypted at rest. A deletion may persist in a backup until that backup rotates out of retention.

Children’s privacy (COPPA)

The platform is directed to children, including those under 13. We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) as follows:

• Parent-only signup: a child cannot create their own account. A parent must create the account, add the child, and supply the username and PIN the child uses to sign in.
• Disclosure before collection: this policy is the disclosure. The signup page links here, and footers across the marketing site, parent portal, and child portal link here.
• Parental consent:at signup the parent confirms that they are 18 or older and are creating the account on the child’s behalf, and the timestamp is recorded. Where a feature would disclose child information to a third-party processor (currently AI assistance and the sign.mt widget), we require a separate, granular opt-in stored as a consent timestamp on the parent’s account. Both are off by default.
• Data minimization:we collect a child’s birth year and the optional fields listed above; we do not require a full date of birth, a photo, an address, or contact information for the child to use the platform.
• Right to review: a parent can view everything we have stored about a child from inside the parent portal — profile, accessibility settings, session history, lesson progress, family-tree, and story answers. Email us for a consolidated export.
• Right to delete:a parent can delete a child’s account from the child’s profile page. The standard delete is followed by a thirty-day automatic purge; the “Erase now” option purges immediately.
• Right to refuse further collection: a parent can revoke any optional consent (AI assistance, sign-language widget) at any time from the Profile page. Disabling a consent stops further disclosures to that processor; it does not retroactively retrieve information already sent.
• No conditioning:we do not condition a child’s participation in lessons on disclosing more information than is reasonably necessary. The optional fields are optional.
• No behavioral advertising: we do not engage in behavioral advertising and do not use child information to build advertising profiles.

To exercise any of these rights, or if you believe we have collected information from a child without proper consent, please email hello@haddeninnovations.com.

Security

• Parent passwords and child PINs are hashed with Argon2id. We never store the plaintext.
• Session cookies are HttpOnly, Secure, and SameSite=Lax. Sessions are scoped to the platform’s domains.
• Admin tokens are stored as SHA-256 hashes; admin and integration credentials are encrypted at rest with AES-GCM.
• All traffic between your browser and the platform uses TLS.
• We follow the principle of least privilege internally and review changes that touch authentication, deletion, or third-party data flows.

International users

The platform is hosted in the United States. By using it, you understand that information is processed in the United States. We do not currently offer the platform in regions where local law would require additional disclosures or mechanisms beyond those described here.

Changes to this policy

When we materially change this policy we will post the new version at this URL and update the “Last updated” date and policy version string at the top. Every consent you grant (AI assistance, sign-language widget) is recorded with the policy version that was current at the time, so we can show you exactly what you agreed to. Substantive changes that affect how a child’s information is collected or shared will also be announced to parents via email and require renewed consent where required.

Contact

Privacy questions, parental rights requests, security reports: hello@haddeninnovations.com.