1. General information and data controller
This Privacy Policy describes the principles of processing personal data in the Sibot Academy educational service available at sibotacademy.pl.
Data Controller
The data controller is Szymon Sznajder, operator of the Sibot Academy educational service (sibotacademy.pl).
Privacy contact: kontakt@sibotacademy.pl
Sibot Academy is an educational platform for children aged 7 and above, providing interactive quizzes and lessons about artificial intelligence. Access is only possible through an account created by a parent or legal guardian.
2. Child protection principles โ key information for parents
โ ๏ธ IMPORTANT: Service for children aged 7 and above
Under Article 8 of the GDPR, information society services directed at children under 16 require the consent of a parent or legal guardian. Accounts are created exclusively by the parent โ the child uses the service as an authorised user within the parent account.
Children under 13 do not have full legal capacity to enter into contracts. Therefore:
- Only the parent or legal guardian is the contracting party.
- The child is an authorised user โ they do not enter contracts or give consent.
- All consents to data processing (beyond those strictly necessary to provide the service) are given by the parent.
- The parent may delete the account and child profile at any time.
3. What data we process
3.1 Parent account data
- Email address (for login and communication).
- Password (stored as a cryptographic hash โ never in plain text).
- Billing data (where applicable, depending on the chosen plan).
- Consent history (timestamp, scope, document version).
3.2 Child profile data
- Nickname or first name (we recommend using a nickname rather than a full name).
- Lesson and quiz progress (completed modules, star count, results).
3.3 Technical and security data
- Session identifiers and authentication tokens.
- Security logs (anonymised or pseudonymised).
- Browser and device information (to ensure the service works correctly).
What we do NOT collect
Sibot Academy does NOT collect: sensitive data (health, ethnic origin, biometric), location data, phone numbers, home addresses, or school records. We do not profile children for advertising purposes. We do not sell any personal data.
4. Purposes and legal bases for processing
5. Privacy by default and data minimisation
Sibot Academy applies the principles of privacy by default and privacy by design (Article 25 GDPR):
- We collect only data that is strictly necessary to operate the service.
- Default settings are always the most privacy-protective option.
- We do not apply advertising profiling to children or adult users.
- Text entered by the child in quizzes is not logged in analytics systems.
- Third-party integrations are kept to the absolute minimum necessary.
6. Cookies and tracking technologies
6.1 Types of cookies
We use only two types of cookies:
- Essential cookies โ required for the service to function (session, authentication, settings). No consent required.
- Analytics cookies โ only after the parent gives consent in account settings.
No advertising or tracking
Sibot Academy does not use advertising cookies, behavioural trackers, or any profiling technologies. We do not use Facebook Pixel, Google Ads, or similar advertising tools. This reflects both our values and our obligations under the DSA (ban on profiled advertising to minors) and GDPR.
6.2 Consent management
On your first visit, a cookie banner is displayed with the option to:
- Accept essential cookies only (the default option).
- Optionally consent to analytics cookies.
- Withdraw consent at any time in account settings.
7. Data recipients โ sub-processors
Data may be shared only with trusted sub-processors necessary to operate the service:
- Hosting and server infrastructure provider (located in the EEA or with appropriate transfer safeguards).
- Authentication system provider (Clerk โ managing parent accounts).
- Database provider (Neon Postgres โ storing progress data).
- Email provider (optional, only for parents who have given consent).
We do not share data for advertising purposes, do not sell data, and do not disclose it to any third parties beyond the sub-processors listed above.
8. Data security
We apply appropriate technical and organisational measures (Article 32 GDPR):
- Encryption of data in transit (HTTPS/TLS).
- Passwords stored only as cryptographic hashes.
- Server-side moderation of content entered by the child.
- Restricted access rights for staff.
- Regular security reviews.
9. Rights of parents and users
As a parent or legal guardian, you have the right to:
- Access โ you may check what data we hold at any time.
- Rectification โ you may correct inaccurate data in your account settings.
- Erasure โ you may delete the account and all child data.
- Restriction of processing โ you may request that processing be paused.
- Data portability โ you may receive your data in a structured format.
- Object to processing based on legitimate interests.
- Withdraw consent โ at any time, without affecting prior processing.
To exercise your rights, contact us at kontakt@sibotacademy.pl. We will respond within 30 calendar days.
You also have the right to lodge a complaint with your national data protection authority. In the UK: Information Commissioner's Office (ICO) โ ico.org.uk. In the EU: your country's supervisory authority.
10. Privacy policy for children (simplified version)
๐ Version for children (aged 7โ12)
Hi! Your parent created an account for you on Sibot Academy. Here's what you need to know:
- We only collect what we need so you can learn and save your progress.
- Do NOT enter your last name, address, phone number, or password in any task.
- There are no ads here โ Sibot Academy is a school, not a shop.
- If something worries you, tell your parent or click "Report a problem".
- Your parent can see your progress and change the settings.
11. Changes to this Privacy Policy
We will notify parents of any significant change to this Privacy Policy with at least 14 days' notice via email or an in-app message. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
12. Contact
Privacy contact
Email: kontakt@sibotacademy.pl
We respond to all privacy-related enquiries within 30 calendar days.
Sibot Academy | sibotacademy.pl | Privacy Policy | Version 1.0 | 1 April 2026