← Back to aiora

Privacy Policy

Last updated: 29 April 2026

aiora (“we”, “us”) is an AI companion service for children aged 5–17, operated by Aigentzi AI. This policy explains in plain language what data we collect, why, and what rights you have.

1. What data we collect

• Chat messages — text messages exchanged between a child and their aiora companion.
• Usage statistics — daily counts of messages sent, tokens used and approximate cost.
• Safety incidents — records created when our content classifiers flag potentially harmful content.
• Account information — the parent’s email address and display name, child profiles (name, age, avatar, PIN hash) and family settings.
• Consent record — the timestamp and IP address at which parental consent was given.

2. Why we collect it

• To provide the aiora companion chat experience.
• To enforce safety guardrails and age-appropriate content filtering.
• To give parents visibility into their child’s usage and any safety incidents.
• To comply with COPPA (Children’s Online Privacy Protection Act) and GDPR-K requirements.

3. How data is stored

All family data is stored in a Cloudflare Durable Object dedicated exclusively to your family. Cloudflare encrypts data at rest across its infrastructure. We do not store your data in shared databases or third-party cloud services.

API keys you provide for AI model access are encrypted with AES-256-GCM before storage.

4. Data retention

Chat messages are automatically deleted after a configurable retention period. The default is 90 days. You can change this to any value between 7 and 730 days in your family settings.

Expired sessions and magic links are cleaned up daily.

5. Who can access your data

Only the authenticated parent or guardian can view or manage family data. We do not share, sell or provide your data to any third party. Our staff do not access individual family data unless required by law or to investigate a reported safety incident with your explicit consent.

6. Your rights

• Access — view all your family’s data through the parent dashboard.
• Deletion (per child) — delete all messages, usage records and incidents for any child at any time.
• Deletion (full account) — permanently delete your entire family account and all associated data.
• Withdraw consent — you may stop using the service and delete your data at any time. Deleting your account removes all stored data.
• Data portability — contact us to request an export of your family’s data.

7. Parental consent

We require verifiable parental consent before any child profile can be created. During the consent process, we record the timestamp and IP address of the consenting parent or guardian.

8. Cookies and tracking

We use only essential session cookies to maintain your login. We do not use advertising trackers, analytics pixels or third-party tracking scripts.

9. Changes to this policy

We will update the “Last updated” date above when this policy changes. Material changes will be communicated through the parent dashboard.

10. Contact

If you have questions about this policy or wish to exercise your data rights, contact us at privacy@aigentzi.ai.