We store the minimum needed to operate The Library. No advertising profiles. No sale of personal data.
Parent email (login), learner display alias and username (for publish URLs), progress (XP, lessons, coins, streaks), Studio project metadata and files, chat thread titles/messages stored in Studio, optional AI usage metrics (tokens, model, latency, estimated cost), and optional encrypted AI prompts/responses only if the parent opts in. Cloudflare may provide country code for legal routing (not stored as a profile).
Lesson builds save HTML to your workspace (my-site). A linked Studio project may mirror that workspace automatically. Studio stores project files (HTML/CSS/JS), briefs, build counts, engine choice, threads, and activity summaries. AI edit previews are processed server-side; applied changes are saved to your project storage (R2).
When a published app uses EZ capability blocks (guestbook, leaderboard, poll, etc.), visitor-submitted fields are stored in our database scoped to that project and household. This data is visible to the app owner and anyone who can use the public URL. We do not use this data for advertising. Owners can delete rows via owner tools; parents may request household deletion by email.
When AI is enabled, prompts and context (including selected project files) may be sent to configured providers to generate or edit content. We record usage metadata for quotas and billing. Full prompt/response text is stored only with optional parent consent (encrypted). Build agent steps produce a visible trace in the UI; underlying prompts follow the same logging rules. Optional English lesson narration audio is pre-generated from curriculum text via OpenAI TTS, stored as static files, and contains no student data.
We do not require legal names, home addresses, phone numbers, or government IDs. Learners should not enter real addresses in free-text fields. Payment data is handled by Stripe when checkout is enabled (we do not store card numbers). We do not build behavioral ad profiles on children.
To authenticate sessions, deliver curriculum, sync Studio and lesson workspaces, enforce quotas, show league progress, operate published app backends, send optional service emails (magic links), and improve reliability. Optional AI logging is used only for parent/operator coaching and support.
If enabled, we may store browser push subscription endpoints to send optional reminders (e.g. streaks, daily challenges). You can disable notifications in browser or app settings. We do not use push for third-party advertising.
Sessions: up to 30 days. Magic login links: 1 hour. Encrypted AI text (if enabled): stripped after 90 days; usage counters remain as aggregates. Published app data persists until the project is deleted or the household requests deletion. You may request deletion of your household account by email.
Depending on your region you may request access, correction, deletion, or restriction. Contact auth@alice-solutions.com. EU/UK users may lodge a complaint with their supervisory authority. Israel users may contact the Privacy Protection Authority.
HTTPS everywhere, HttpOnly session cookies in production, rate limits on auth and builds, sanitization of generated HTML, sandboxed published previews, and encryption for optional AI logs. No system is perfectly secure; report issues responsibly.