Privacy Policy

1. Introduction

Montessori Homeschool (“we,” “us,” or “our”) operates the website at montessorihome.school and related services (collectively, the “Platform”). We provide a subscription-based Montessori curriculum for homeschooling families with children in kindergarten through sixth grade (ages 3–12).

This Privacy Policy explains how we collect, use, disclose, and protect personal information from our users (“you” or “your”), including parents, guardians, teachers, and the children they educate. We are committed to safeguarding your data and complying with applicable privacy laws, including the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and state privacy regulations.

By using our Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2.1 Account Information (Parent/Guardian)

• Display name, email address, and password (via Supabase Authentication)
• Phone number (optional)
• Profile avatar image (optional)
• Time zone preference
• Home address (street address, city, state, ZIP code) — used for state compliance reporting and Notice of Intent letters
• Alternate contact email (optional)

2.2 Child/Student Information

When a parent enrolls a child, we collect the following information that the parent provides:

• Child’s first and last name
• Date of birth (to determine grade band placement)
• Grade band (Primary K, Lower Elementary 1–3, Upper Elementary 4–6)
• Profile avatar image (optional, parent-uploaded)

Important: We do not collect information directly from children. All child data is provided by and managed by the parent or guardian account holder. Children under 13 do not create their own accounts and do not interact with the Platform independently in a way that collects personal information.

2.3 Educational Records

As you use the Platform to teach your child, we store:

• Lesson completion status and dates
• Time spent on lessons (duration tracking)
• Skill mastery progression (Montessori three-period stages)
• Quarterly assessment scores and narrative summaries
• Parent observations and notes about the child’s learning
• Work plan selections (planned, must-do, and may-do activities)
• Portfolio items (photos, work samples, descriptions uploaded by the parent)
• Supplemental activity logs (PE, health, safety, civics — for state compliance)
• Behavioral indicators (concentration duration, independence level, normalization snapshots)

2.4 Payment Information

We use Stripe, Inc. as our payment processor. When you subscribe, Stripe collects and processes your payment method (credit card, debit card, or other payment method). We do not store your full credit card number, CVV, or bank account details on our servers. We store:

• Stripe Customer ID and Subscription ID (internal identifiers)
• Subscription status and billing period dates
• Invoice amounts and payment status (paid, failed, refunded)
• Referral credit balances (if applicable)

2.5 Referral Information

If you participate in our referral program, we store your unique referral code, the identity of users who sign up through your link, and the status of referral credits. Both the referrer and the referred user can see that a referral relationship exists.

2.6 State Compliance Information

To help you comply with your state’s homeschool requirements, we store your selected U.S. state or jurisdiction, and generate reports including attendance logs, subject-hour breakdowns, progress narratives, annual summaries, and Notice of Intent letters. These reports are generated from your existing data and are not shared with any government agency unless you choose to do so.

2.7 Automatically Collected Information

• Authentication cookies: Supabase uses secure HTTP-only cookies to maintain your login session.
• Server logs: Our hosting provider (Vercel) may collect standard server access logs including IP address, browser type, and request timestamps.
• Local storage: We use browser local storage for non-sensitive UI preferences (e.g., review page checkboxes).

We do not use third-party analytics, advertising trackers, or marketing cookies. We do not use Google Analytics, Facebook Pixel, or similar tracking services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Deliver curriculum: Present lessons, slide content, and educational materials appropriate for your child’s grade band.
• Track progress: Record lesson completions, mastery levels, and assessments to support your homeschool journey.
• Generate reports: Create compliance reports, attendance records, and annual summaries that you can use for state homeschool filings.
• Process payments: Charge subscription fees, process refunds, and manage referral credits via Stripe.
• Provide AI assistance: Power our compliance chatbot (see Section 5) that answers your questions about homeschool regulations.
• Communicate with you: Send transactional emails related to your account (password resets, payment receipts).
• Improve the Platform: Diagnose technical issues and improve our curriculum and features.

We do not sell, rent, or trade your personal information or your children’s data to third parties for advertising, marketing, or any other commercial purpose.

4. Third-Party Service Providers

We use the following third-party services to operate the Platform:

Each provider processes data in accordance with their own privacy policies. We require that all providers maintain appropriate security measures and use your data only for the purposes we specify.

5. AI Compliance Assistant

Our Platform includes an AI-powered compliance assistant (“Compliance Agent”) that uses Anthropic’s Claude language model to answer your questions about homeschool regulations. When you use this feature:

• Your questions and the context needed to answer them (including your state, student information, and progress data) are sent to Anthropic’s API.
• The AI may access your profile name, home address, enrolled students’ names and dates of birth, lesson completion data, and state requirements to provide accurate answers.
• Anthropic processes this data according to their privacy policy. Per Anthropic’s API terms, data sent through their API is not used to train their models.
• Conversations are not stored on our servers beyond the current session.

Additionally, our “Ask Claude for Help” feature in the Parent Guide opens a link to claude.ai with lesson context pre-filled. This uses your own Claude account (free or paid) and no data passes through our servers. Anthropic’s own terms apply to that interaction.

6. Children’s Privacy (COPPA Compliance)

We take children’s privacy seriously. Our Platform is designed for use by parents and guardians, not directly by children.

• No direct collection from children: We do not require or allow children under 13 to create accounts, submit personal information, or interact with the Platform independently.
• Parental control: All child data (name, date of birth, progress, observations) is entered and managed exclusively by the parent or guardian account holder.
• Limited data: We collect only the minimum child information necessary to deliver age-appropriate curriculum and generate compliance reports.
• No advertising: We do not display targeted advertising to children or use children’s data for marketing purposes.
• No third-party sharing for commercial purposes: Children’s data is never sold, rented, or shared with third parties for advertising or commercial purposes.
• Parental rights: Parents can review, modify, or delete all of their children’s data at any time (see Section 9).

7. Educational Records

While FERPA primarily applies to schools that receive federal funding, we treat all educational records with the same level of care. The educational records we store (lesson progress, mastery data, observations, assessments, portfolio items) are:

• Owned by and accessible only to the parent/guardian who created them
• Protected by row-level security policies ensuring no other user can access your family’s data
• Available for export or deletion upon request
• Not shared with schools, districts, or government agencies unless you choose to do so

8. Data Security

We implement the following security measures:

• Encryption in transit: All data is transmitted over HTTPS/TLS.
• Encryption at rest: Our database provider (Supabase) encrypts data at rest using AES-256.
• Access controls: Row-Level Security (RLS) policies on every database table ensure users can only access their own data.
• Authentication: Secure password hashing, session management via HTTP-only cookies.
• Payment security: Stripe handles all payment card data and is PCI-DSS Level 1 certified. We never see or store your full card number.
• API security: Service-role keys are stored as server-side environment variables and never exposed to the browser.
• Rate limiting: AI agent requests are rate-limited to prevent abuse.

While we take reasonable measures to protect your data, no system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

9. Your Rights

You have the following rights regarding your personal information:

• Access: You can view all data associated with your account through the Platform dashboard.
• Correction: You can update your profile, student information, and educational records at any time.
• Deletion: You may request complete deletion of your account and all associated data (including all student records, observations, progress data, and payment history) by contacting us at the email below.
• Data portability: You may request an export of your data in a machine-readable format.
• Withdraw consent: You can stop using the AI compliance assistant at any time. You can cancel your subscription at any time.
• Parental rights: As a parent/guardian, you can review, modify, or delete any information we hold about your child at any time.

To exercise any of these rights, contact us at privacy@montessori-homeschool.com. We will respond within 30 days.

10. Data Retention

• Active accounts: We retain your data for as long as your account is active and your subscription is current.
• Cancelled subscriptions: If you cancel your subscription, we retain your data for 12 months so you can reactivate without losing progress. After 12 months of inactivity, we will send a reminder email before deleting your data.
• Account deletion: Upon account deletion request, we delete all personal data within 30 days. Anonymized, aggregated data (e.g., total lesson completions) may be retained for analytics.
• Payment records: Stripe retains payment records per their retention policy and applicable financial regulations.
• Backup data: Database backups are retained for up to 30 days and are then permanently deleted.

11. Cookies and Local Storage

We use minimal cookies and local storage:

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

12. State-Specific Privacy Rights

California (CCPA/CPRA): California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the email above.

Virginia, Colorado, Connecticut, and other states with privacy laws: Residents of these states have similar rights to access, correct, delete, and port their data. We honor all such requests.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last Updated” date. For significant changes affecting children’s data, we will provide email notice at least 30 days before the changes take effect.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices: