This Privacy Policy explains how Puberry processes personal data under:
Puberry is an educational technology service that provides lessons, interactive activities, and wellbeing resources for children and teens.
Contact:
Email: info@puberry.org
DPO: security@puberry.org
2.1 School Use
When Puberry is provided through a school or district, the school is the Controller.
Puberry acts solely as a Data Processor and follows written instructions from the school.
2.2 Direct-to-Student Use
When children use Puberry at home or outside a school contract, Puberry acts as the Data Controller, and parental consent is our legal basis for processing.
Under GDPR, Puberry relies on:
● Public task / public interest (for school use)
● Performance of contract (providing the educational service)
● Parental consent (direct accounts)
● Legitimate interest (security logging, service maintenance)
● Legal obligation (responding to lawful requests)
We collect only what is needed for teaching, safety, and platform operations.
4.1 Identity & Account Data
● Username or student ID
● Age or age range
● Educator account data (school email)
4.2 Learning Data
● Lesson progress
● Quiz and activity responses
● Mood selections
● Time engaged
4.3 Technical Data
● Device type
● IP address
● Browser version
● Interaction events (clicks, navigation)
4.4 Support Data
● Messages sent to customer support
● Email replies
● Error reports
● To deliver lessons and track progress
● To personalize content to a student's level
● To maintain safety and integrity of the platform
● To improve product performance (analytics)
● To provide customer support
● To comply with law
We do not use student data for advertisements or profiling.
Puberry uses carefully selected providers:
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| AWS | Hosting, database, Cognito auth | US | SCCs |
| PostHog | Analytics | US/EU | SCCs / EU servers |
| Hotjar | UX analytics | EU | No US transfer |
| Tidio | Support chat | EU/US | SCCs |
| Email providers | Notifications | US | SCCs |
If personal data is transferred outside the EU/EEA (e.g., to the United States), Puberry applies:
● Standard Contractual Clauses (SCCs)
● Transfer Impact Assessments (TIAs)
● Encryption
● Data minimization
Puberry does not sell or share personal data with advertisers.
We keep data only as long as necessary:
| Data Type | Retention |
|---|---|
| School accounts | Enrollment - until deletion request |
| Direct consumer accounts | Until deletion request |
| Analytics | 24 months |
| Support logs | 6 months |
| Deleted accounts | Purged within 30 days |
Users, parents, and schools may request deletion at any time.
You may request:
● Access
● Correction
● Deletion
● Restriction
● Data portability
● Objection
● Withdrawal of consent
Requests: info@puberry.org
Puberry responds within 30 days.
Puberry uses:
● Essential cookies (login, security)
● Analytics cookies (PostHog, Hotjar)
● No advertising or tracking cookies
● We collect minimal data
● We do not display ads
● We do not allow child-to-child communication
● We obtain verifiable parental consent for non-school accounts
● Schools may act "in loco parentis" for COPPA compliance
● TLS 1.2+
● AES-256 encryption
● RBAC identity management
● MFA for admin access
● Regular automated backups
● Penetration testing
We update this policy periodically.
Significant changes will be announced in-app and via email.
Privacy Team
info@puberry.org
Data Protection Officer
security@puberry.org