BBOTBRAINED.AI
Sign inStart building

Privacy Policy

Last updated: June 10, 2026

1. Who We Are and Why This Policy Matters

BotBrained.ai LLC ("we," "us," or "our") operates botbrained.ai — a subscription platform where parents and kids learn AI together by building real projects. We care deeply about the privacy of children and families. This policy explains, in plain language, what information we collect, how we use it, and what rights you have.

The account holder is always a parent or guardian (18+). Learners under 18 use the Platform through an account managed by their parent or guardian. We do not knowingly contract with or collect personal information directly from children under 13 without verified parental consent.

2. Information We Collect

We collect only what we need to run the Platform and deliver a great learning experience. Here is what we collect and why:

  • Parent/guardian email address. Required to create an account, send authentication magic links, deliver receipts and account-related emails, and respond to support requests.
  • Learner first name (optional). You may enter a first name so the Platform can personalize the learner's experience (e.g., "Great work, Alex!"). This field is entirely optional and can be a nickname.
  • Lesson progress and quiz attempts. We track which lessons have been completed and quiz scores so the Platform can show the learner where they left off and issue completion certificates. This data is tied to the account, not to a real-world identity.
  • Completion certificates. When a learner finishes a course, we generate a certificate that may include the learner's name (if provided) and the completion date.
  • Authentication data. We support sign-in via email magic link and Google OAuth. When you use Google, we receive your email address and basic profile information from Google. We do not receive your Google password.
  • Payment information. Subscription payments are handled entirely by Stripe. We receive a token and confirmation of payment status from Stripe. We do not store your full card number, CVV, or bank account details on our servers.
  • Technical and usage data. Like most web services, our hosting provider (Vercel) automatically collects basic server logs including IP addresses, browser type, and pages visited. We use this only to keep the Platform secure and running smoothly.

3. How We Use Your Information

We use the information we collect for these purposes and no others:

  • To authenticate your account and keep it secure.
  • To process and manage your subscription payments.
  • To deliver course content, track progress, and issue certificates.
  • To send transactional emails such as receipts, magic links, and account notices.
  • To respond to your support requests and questions.
  • To improve our Platform, fix bugs, and develop new courses.
  • To comply with our legal obligations.

We do not use your information for behavioral advertising. We do not build advertising profiles on learners. We do not sell, rent, or share your personal information with advertising networks or data brokers.

4. COPPA — Our Commitment to Children Under 13

The Children's Online Privacy Protection Act (COPPA) requires websites to obtain verifiable parental consent before collecting personal information from children under 13. We comply with COPPA by design:

  • Accounts are created by and registered to the parent or guardian (18+). The child does not create their own account.
  • The only information we may hold that relates to a child under 13 is their optional first name and their lesson progress — both collected through the parent's account with the parent's knowledge and consent.
  • We do not collect the child's email address, phone number, or any other direct contact information.
  • We do not display advertising to any learner on the Platform.
  • We do not allow public posting of content, chat, or social features where a child's information could be exposed.
  • Parents may review the information we hold, request corrections, or request deletion at any time by emailing hello@botbrained.ai.

5. Cookies and Session Data

We use cookies and similar technologies only as needed to keep you signed in and to remember your session state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies that follow you across other websites.

YouTube video embeds may set cookies from Google when a video is played. We use YouTube's privacy-enhanced embed mode (youtube-nocookie.com) where available to limit the data YouTube collects from learners watching embedded videos. For more information, see Google's Privacy Policy at policies.google.com/privacy.

6. Third-Party Service Providers

We share data with the following trusted service providers only as necessary for them to perform services on our behalf. We do not authorize these providers to use your data for their own purposes.

  • Stripe, Inc. — Payment processing. Stripe receives your payment card details and billing information directly. Stripe is PCI-DSS compliant. See stripe.com/privacy.
  • Resend. — Transactional email delivery (magic links, receipts, account notices). Resend receives your email address to deliver these messages. See resend.com/legal/privacy-policy.
  • Google LLC. — Google OAuth for sign-in. If you choose "Sign in with Google," Google authenticates you and shares your email address with us. See policies.google.com/privacy.
  • YouTube (Google LLC). — Unlisted course videos are hosted on YouTube and embedded in the Platform. YouTube may collect data when learners watch videos. See above for our use of privacy-enhanced embeds.
  • Vercel, Inc. — Website hosting and infrastructure. Vercel processes request data (including IP addresses) as part of serving the Platform. See vercel.com/legal/privacy-policy.

7. Data Retention

We retain your account data for as long as your subscription is active. If you cancel and request deletion, we will delete your account data within 30 days, except where we are required to retain it for legal or tax purposes (for example, payment records may be retained for up to 7 years as required by law).

Lesson progress and certificate records are retained as long as the account exists so learners can access their history. These are deleted upon account deletion.

8. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information. Regardless of location, we honor these requests for all users:

  • Access. Request a copy of the personal data we hold about you and your learner.
  • Correction. Ask us to correct inaccurate or incomplete information.
  • Deletion. Request that we delete your account and associated personal data.
  • Portability. Request your data in a common machine-readable format.
  • Opt-out of marketing. Unsubscribe from any non-essential emails using the link in any email or by contacting us.

To exercise any of these rights, email us at hello@botbrained.ai with the subject line "Privacy Request." We will respond within 30 days. We may ask you to verify your identity before processing the request.

9. GDPR — Notice for Users in the European Economic Area and UK

If you are located in the EEA or United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR may apply to you. Our legal basis for processing your personal data is:

  • Contract performance — to provide the subscription service you signed up for.
  • Legal obligation — to comply with applicable laws (e.g., retaining payment records).
  • Legitimate interests — to keep the Platform secure and improve our services.

You have the right to lodge a complaint with your local data protection authority. Our data processing takes place in the United States. By using the Platform, you consent to transfer of your data to the US under the protections described in this policy.

10. CCPA — Notice for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights:

  • Know what personal information we collect, use, disclose, or sell.
  • Delete personal information we have collected about you (with certain exceptions).
  • Opt-out of sale or sharing. We do not sell or share your personal information for cross-context behavioral advertising.
  • Non-discrimination. We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at hello@botbrained.ai with the subject "CCPA Request."

11. Security

We use industry-standard security practices including HTTPS encryption, secure authentication tokens, and access controls to protect your information. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data.

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify active subscribers by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the current version.

13. Contact Us

If you have any questions about this Privacy Policy, want to exercise your rights, or want to report a privacy concern, please reach out:

  • Email: hello@botbrained.ai
  • Website: botbrained.ai

For parental inquiries about data held for a child under 13, please include "COPPA Request" in your subject line. We will respond promptly.