Privacy Policy

Version 2.0 · Effective 2026-04-20

Prodigy is built by a parent, for parents. We take your family's privacy seriously. This policy explains what we collect, why, and how you can control it.

1. Who we are

Prodigy is operated by Hodgen AI ("we" / "us"). Contact: mike@hodgen.ai.

2. Information we collect

• Parent account: email, encrypted password, plan, subscription state.
• Child profile: name, birth date, advanced traits, percentiles, notes, milestone observations — field-level encrypted at rest (AES-256-GCM).
• Activity data: parent-provided ratings and feedback on activities.
• Video (Prodigy tier only): short clips uploaded for vision assessment. Stored in a private bucket with time-limited signed URLs.
• Usage telemetry: anonymized event data (page views, feature clicks) via PostHog. No PII in events.

3. Children's data (COPPA)

Prodigy is designed for parents to track their own child's development. The account holder must be the child's parent or legal guardian. We collect child information only from the parent. We do not market to children, do not share children's data with third parties for advertising, and do not allow children to directly use the service.

You can export or delete your child's data at any time from the Settings page, or by emailing mike@hodgen.ai.

4. Third-party processors

• Supabase — database + auth + storage (US region).
• Vercel — hosting and edge functions.
• Anthropic (Claude) — AI activity generation and analysis. Zero-retention data processing agreement in place.
• xAI (Grok) — supplementary creative activity generation.
• Google (Gemini) — video frame analysis for Prodigy-tier vision features.
• Stripe — subscription billing. We never see full card numbers.
• Resend — transactional emails.
• fal.ai / ByteDance (Seedance 2.0) / Google (Veo 3.1) — Pixar-style demo video generation using de-identified prompt data only (no child data).
• PostHog — anonymized usage analytics.

5. Your rights

• Access: view all data we hold about you and your child in Settings.
• Export: download a JSON snapshot from Settings → Export.
• Deletion: delete your account and all associated child data — cascade deletes apply.
• CCPA / CPRA (California): right to know, delete, correct, and opt out of data sharing.
• GDPR (EU visitors): lawful basis is contract performance and consent. You may request erasure at any time.

6. Safety acknowledgment records

When you accept our safety acknowledgment (as described in our Terms of Service §7), we record the event. Each record contains: (i) the version of the acknowledgment you accepted, (ii) which checkboxes you selected, (iii) a SHA-256 hash of your IP address (not the plaintext IP), (iv) your browser user-agent string, and (v) the timestamp. These records are retained indefinitely as a legal record of consent, separately from your account data, and survive account deletion to preserve the integrity of our records. They contain no child information.

7. Retention

Active account data is retained while your subscription is active. After account deletion, data is purged within 30 days. Encrypted backups may persist up to 90 days. Safety acknowledgment records (§6) are retained beyond account deletion as described above.

8. Security

Data in transit uses TLS 1.3. Sensitive fields (child name, notes, traits, percentiles) are encrypted at rest with AES-256-GCM. Access is logged. Reports of vulnerabilities: mike@hodgen.ai.

9. Changes

We may update this policy. Material changes will be emailed to account holders 30 days before taking effect.

Questions about this policy? Email mike@hodgen.ai.