CoinQuest: Kids Money Skills

Privacy Policy

Effective Date: March 3, 2026 · Last Updated: March 3, 2026

1. Who We Are

CoinQuest is operated by RLL, Reaves Labs and Learning, LLC ("RLL," "we," "us," or "our"), a company based in Palmdale, California. CoinQuest is a K-12 financial literacy education platform designed for use by students, teachers, and parents.

For questions about this Privacy Policy or our data practices, contact us at:

2. Our Commitment to Children's Privacy

CoinQuest is built for children, and protecting their privacy is our highest priority. We follow these core principles:

• Children under 13 cannot create their own accounts
• Only teachers and parents create accounts and manage student profiles
• Student learning data is stored with anonymous identifiers, not personal information
• We never sell, rent, or share children's data with third parties
• We contain no third-party advertising of any kind
• We use no third-party analytics SDKs
• All external links and account actions are behind a parental gate

3. Information We Collect

3a. Information from Adults (Teachers and Parents)

When a teacher or parent creates an account, we collect:

• Email address -- for account creation, login, and communication
• Name -- for display in the teacher dashboard or parent portal
• School/organization name (teachers only, optional) -- for school licensing
• Password -- stored securely using industry-standard hashing (bcrypt)

3b. Information from Students

We collect no personal information directly from students. Student profiles are created by teachers or parents and contain:

• Display name or alias -- chosen by the teacher or parent (we recommend using first names only or nicknames)
• Grade band -- to serve age-appropriate content (K-2, 3-4, 5-6, 7-8, 9-10, 11-12)
• Learning progress data -- module completion, quiz scores, skill mastery levels, XP earned, streaks, and time spent

All student learning data is associated with an anonymous session identifier, not an email address, phone number, or other personally identifiable information.

3c. Information Collected Automatically

When anyone uses CoinQuest, we automatically collect:

• Device type and operating system -- to optimize the experience
• App version -- for troubleshooting and updates
• General usage patterns -- which modules are accessed, session duration (aggregated, not per-student)

We do not collect:

• Precise geolocation
• Device advertising identifiers (IDFA/AAID)
• Contacts, photos, or other device data
• Cross-app tracking data

4. How We Use Information

Data	Purpose	Legal Basis
Adult email & name	Account creation, login, communication about the service	Consent / Contract
Student display name	Personalization within the app (e.g., "Great job, Alex!")	Legitimate educational interest
Learning progress	Adaptive learning (CALE engine), teacher/parent dashboards, skill mastery tracking	Legitimate educational interest
Device & usage data	App stability, performance optimization, aggregated analytics	Legitimate interest

5. AI Tutoring (PENNY)

CoinQuest includes PENNY, an AI-powered tutor that answers student questions about financial literacy topics. Here is how PENNY handles data:

6. Third-Party Services

We use a minimal set of third-party services, none of which involve advertising or behavioral tracking:

Service	Purpose	Data Shared
OpenAI API	PENNY AI tutor responses	Anonymous question text + grade band only
Neon (PostgreSQL)	Database hosting	All app data (encrypted at rest and in transit)
Netlify	Frontend hosting	Standard web server logs

We do not use:

• Third-party advertising networks or SDKs
• Third-party analytics platforms (no Google Analytics, Firebase Analytics, Mixpanel, or similar)
• Social media tracking pixels
• Cross-app or cross-site tracking tools

7. Data Sharing and Disclosure

We do not sell, rent, or trade any user data -- adult or student -- to any third party, for any purpose, ever.

We may share data only in these limited circumstances:

• With teachers: Teachers can view learning progress for students in their class.
• With parents: Parents can view learning progress for their children through the parent portal.
• Service providers: Our hosting and database providers (listed above) process data on our behalf under strict data processing agreements.
• Legal requirements: If required by law, subpoena, or court order, we will disclose the minimum data necessary and will notify affected users when legally permitted.

8. Parental Rights (COPPA)

If your child uses CoinQuest through a teacher or through your parent account, you have the right to:

• Review the information associated with your child's profile
• Request deletion of your child's learning data
• Refuse further collection of your child's information
• Request a copy of your child's learning progress in a portable format

To exercise any of these rights, email privacy@reaveslabs.ai with the subject line "COPPA Request." We will verify your identity as the parent or legal guardian and respond within 30 days.

9. Teacher and School Use (FERPA)

When CoinQuest is used in a school setting:

• The school or teacher acts as the authorized agent for COPPA consent, as permitted under the FTC's COPPA Rule (16 CFR 312.5(c)(4)).
• Student learning records are treated as education records under FERPA.
• Schools may request export or deletion of all student data associated with their accounts.
• We do not use student education records for any purpose other than providing the educational service.

10. Data Security

We protect user data with industry-standard security measures:

• All data transmitted between the app and our servers is encrypted using TLS 1.2+
• Database is encrypted at rest
• Passwords are hashed with bcrypt (never stored in plain text)
• Access to production systems is restricted to authorized personnel with multi-factor authentication
• Regular security audits and vulnerability assessments

11. Data Retention

• Active accounts: Data is retained while the account is active.
• Inactive accounts: After 24 months of inactivity, we will notify the account holder and delete the data after 30 days if no action is taken.
• Deletion requests: Processed within 30 days. Learning progress data is permanently deleted. Aggregated, anonymized statistics may be retained for service improvement.
• School accounts: When a school discontinues its CoinQuest subscription, all associated student data is deleted within 60 days.

12. Parental Gate

CoinQuest uses a parental gate to prevent children from accidentally leaving the learning environment. The following actions require solving a multiplication problem that is beyond the expected ability of young children:

• Navigating to any external website
• Accessing account settings or profile changes
• Viewing pricing or upgrade information
• Contacting support

13. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information we collect and how it is used
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact privacy@reaveslabs.ai.

14. International Users

CoinQuest is operated from the United States. If you access CoinQuest from outside the United States, your data will be transferred to and processed in the United States. By using CoinQuest, you consent to this transfer. We handle data from EU/EEA users in accordance with GDPR requirements where applicable.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date at the top of this page
• We will notify account holders by email
• For changes affecting children's data, we will obtain new parental consent where required by COPPA

16. Contact Us