Legal

Data Protection

Last updated: May 30, 2026

Overview

PlayIQ Learning is committed to maintaining the highest standards of data security. This policy outlines the technical and administrative controls we employ to protect user data — particularly the data of minors using our platform.

Data Governance

We have designated internal data stewardship responsibilities to ensure accountability across all data-handling processes. Data access is governed on a strict least-privilege basis — personnel only access what is necessary to perform their role.

Technical Security Measures

Encryption

All data at rest is encrypted using AES-256. All data in transit is protected by TLS 1.2+. Build photos and student submissions are stored in encrypted, access-controlled object storage.

Access Controls

Authentication is handled through Supabase Auth. Role-based access control (RBAC) ensures students, parents, and administrators each have appropriately scoped permissions.

Infrastructure

PlayIQ is hosted on Google Cloud / Firebase App Hosting, benefiting from enterprise-grade security, global DDoS mitigation, and 99.9% uptime SLA.

Student Data Protection

Student data — including build submissions, AI mentor interactions, and mission progress — is treated with heightened sensitivity. This data is:

  • Never sold to third parties
  • Never used for advertising targeting
  • Accessible only by the student, their designated parent/guardian, and authorized PlayIQ personnel
  • Processed exclusively for educational improvement and Parent Proof Packet generation

Payment Security

Payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider. PlayIQ does not store raw card numbers. All transactions are tokenized and processed in Stripe's secure environment.

Data Retention

We collect only the data necessary to provide PlayIQ. Student progress data is retained for the duration of active subscription plus 12 months. Upon account deletion, all personal data is purged within 30 days, except where legally required.

Incident Response

In the event of a data breach, we will notify affected users within 72 hours of becoming aware of the incident. Our plan includes immediate containment, root cause analysis, and remediation steps.

Contact

For data protection inquiries or to report a security concern:

PlayIQ Learning — Data Protection

Email: hello@playiq.com

← Privacy PolicyTerms of Service →