Data Privacy & Children's Data Protection
Last updated: February 19, 2026
Our commitment: We teach children to build with AI responsibly — and that starts with how we handle their data. We collect the minimum data necessary, never share it with advertisers, and give parents full control.
Future AI Coders provides coding and AI education for children ages 6–18 in Edmonton, Alberta, Canada. Because we work with minors, we take extra precautions with personal data. This page explains our data practices in detail, supplementing our Privacy Policy.
1. Our Legal Framework
We comply with:
- PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada's federal privacy law.
- PIPA (Alberta's Personal Information Protection Act) — Alberta's provincial privacy legislation.
- CASL (Canadian Anti-Spam Legislation) — governing electronic communications.
While Canada does not have a direct equivalent to the US COPPA law, we voluntarily follow best practices for children's data protection that meet or exceed COPPA standards.
2. What Data We Collect
From Parents/Guardians
| Data | Purpose | Retention |
| Name | Communication, invoicing | Duration of enrollment + 1 year |
| Email | Class updates, trial booking, newsletter (opt-in) | Until unsubscribe or account deletion |
| Phone | Urgent class notifications (optional) | Duration of enrollment |
| Payment info | Monthly billing (processed by Stripe, never stored by us) | Not stored locally |
From/About Students
| Data | Purpose | Retention |
| First name only | In-class identification | Duration of enrollment + 1 year |
| Age / grade | Appropriate class placement | Duration of enrollment |
| Skill level | Placement and progress tracking | Duration of enrollment |
| Projects created | Portfolio building (student-owned) | Student retains ownership forever |
What we never collect from children: Last names (in our system), home addresses, photos (without consent), social media accounts, biometric data, or location data.
3. Children's Data Safeguards
- Parental consent required: All student accounts are created by parents/guardians. No child can sign up independently.
- No direct marketing to children: All communications go to parents, never to students.
- No social features: Students cannot message each other, post publicly, or share personal information through our platform.
- No third-party tracking: We do not embed advertising trackers, social media pixels, or behavioral analytics on pages children access.
- Photo/video policy: We never photograph or record students without explicit written parental consent. Photos are never posted publicly without consent.
- AI tool usage: When students use AI APIs (OpenAI, Google Gemini) in class, they use shared educational accounts. No personal student data is sent to AI providers.
4. Data Storage & Security
- Database: Student records are stored in Supabase (hosted on AWS in Canada/US regions) with row-level security.
- Encryption: All data is encrypted in transit (TLS 1.2+) and at rest.
- Access control: Only authorized staff (instructors and administrators) can access student records, and only the data relevant to their role.
- Passwords: Hashed using industry-standard bcrypt. We cannot see or recover passwords.
- Backups: Automated daily backups with 30-day retention, encrypted.
5. Third-Party Services
We use the following services that may process limited data:
| Service | Purpose | Data Shared |
| Supabase | Database & authentication | Parent contact info, student first name & age |
| Resend | Transactional email | Parent email address only |
| Stripe | Payment processing | Payment details (not stored by us) |
| Google Analytics | Anonymous website analytics | Anonymous page views (no PII) |
| Google Maps | Location embed on contact page | No personal data shared |
We do not sell data to any third party. We do not share data with advertisers.
6. AI & Educational Tools
Our curriculum involves students using AI tools like OpenAI (ChatGPT), Google Gemini, and Hugging Face. Here's how we protect student data:
- Students use shared classroom API keys — no personal accounts required for younger students.
- We instruct students never to enter personal information into AI prompts.
- Advanced students (Levels 8–10) who create their own API accounts do so under parental supervision.
- AI interactions are not logged or monitored by Future AI Coders beyond the class session.
7. Parental Rights
Under PIPEDA and PIPA, parents/guardians have the right to:
- Access: Request a copy of all data we hold about your child.
- Correction: Request updates to inaccurate information.
- Deletion: Request complete deletion of your child's data at any time.
- Withdraw consent: Opt out of communications or revoke data processing consent.
- Data portability: Request your child's project files and progress records in a portable format.
To exercise any of these rights, email info@futureaicoders.com or call (587) 487-1422. We respond within 30 days.
8. Data Breach Procedures
In the unlikely event of a data breach that poses a real risk of significant harm:
- We will notify affected families within 72 hours.
- We will report to the Office of the Privacy Commissioner of Canada as required.
- We will take immediate steps to contain the breach and prevent recurrence.
9. Data Retention & Deletion
- Active student data is retained for the duration of enrollment.
- After withdrawal or graduation, we retain records for 1 year for administrative purposes, then permanently delete.
- Newsletter subscriptions remain active until you unsubscribe.
- Contact form submissions are retained for 1 year, then deleted.
- You can request immediate deletion at any time.
10. Contact Our Privacy Officer
For any data privacy questions, concerns, or access requests:
Future AI Coders — Privacy Inquiries
1803 91 St SW #110, Edmonton, AB T6X 0C8
Email: info@futureaicoders.com
Phone: (587) 487-1422
If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta.