AIKI← Back to home

Privacy Policy

Last updated: June 21, 2026

Sample template. This text is a starting point, not legal advice. Review it with a professional and replace the bracketed fields [ … ] with the holder's real details (legal name, tax ID, address, data-protection contact).

1. Data controller

The controller of the data processed through AIKI is [LEGAL NAME / OWNER NAME], with NIF [NIF/CIF] and address at [FULL ADDRESS]. You can contact us regarding privacy at privacidad@aiki.app.

Data Protection Officer (if applicable): [DPO NAME / EMAIL].

2. What data we process

  • Parent or guardian account: name, email and password (encrypted).
  • Child profile: name or nickname, age/date of birth and avatar. We do not request more of the child's data than necessary.
  • Educational activity: the child's questions, answers, progress, levels and learning metrics.
  • Technical data: session cookies, IP address and device data necessary for operation and security.
  • Payments: handled by the payment provider (Stripe). We do not store full card details.

3. Purpose

  • Provide the educational service and adapt learning to the child's age.
  • Generate progress reports and safety alerts for parents.
  • Manage the account, subscription and support.
  • Ensure security, prevent abuse and comply with legal obligations.

We do not use children's data for advertising purposes or to train third-party AI models.

4. Legal basis

  • Performance of the contract (art. 6.1.b GDPR) to provide the contracted service.
  • Consent (art. 6.1.a) of the holder of parental authority for processing the child's data.
  • Legitimate interest (art. 6.1.f) in security and the prevention of improper use.
  • Legal obligation (art. 6.1.c) where applicable.

5. Minors and parental consent

AIKI is aimed at children aged 5 to 17 and is always used under a parent or legal guardian account. In accordance with the LOPDGDD, processing the data of children under 14 requires the consent of the holder of parental authority or guardianship, which is obtained when the child's profile is created. The adult can review, edit or delete the child's data at any time.

6. Retention

We retain data while the account is active. If you delete a child's profile or your account, the associated data is permanently erased, except for data we must retain by legal obligation (for example, invoicing) for the required periods.

7. Recipients and data processors

We do not sell or transfer data. To provide the service we work with providers that act as processors:

  • AI provider (language models) to generate the educational answers.
  • Hosting and infrastructure (hosting of the application and the database).
  • Payments: Stripe.
  • Email (notifications and password recovery), when active.

Each processor handles the data only according to our instructions and with the guarantees of the GDPR.

8. International transfers

If any provider processes data outside the European Economic Area, adequate safeguards apply (standard contractual clauses of the European Commission or other valid mechanisms). [Detail providers and mechanisms.]

9. Your rights

You can exercise your rights of access, rectification, erasure, objection, restriction and portability at any time:

  • From the app itself (download or deletion of the child's data in one click).
  • By writing to privacidad@aiki.app.

If you believe we have not properly handled your request, you can lodge a complaint with the Spanish Data Protection Agency (aepd.es).

10. Security

We apply appropriate technical and organizational measures: encryption in transit (HTTPS), hashed passwords, sessions with httpOnly cookies, per-family access control and content moderation to protect the child.

11. Changes to this policy

We may update this policy to reflect legal or service changes. We will publish the current version on this page with its update date.