Privacy Policy

Parent account: Name, email address, password (bcrypt hashed, never stored in plain text).

Child profiles: First name, grade level, learning preferences. We do NOT collect child email addresses, social media accounts, photos, or biometric data.

Learning data: Activities completed, mastery levels, attempt transcripts, tutor conversations, FSRS retention metrics.

AI interaction logs: Prompts, responses, and timestamps — stored per household for your inspection via the AI Inspection page.

Governance records: Rules, events, overrides, and constitutional ceremony records.

Compliance records: State requirements, instruction hours logged, documents generated.

Billing: Processed by Stripe. METHEAN stores only your Stripe customer ID and subscription status. We never see or store card numbers.

All data is stored in PostgreSQL with Row-Level Security (RLS) enforcing tenant isolation. Each household's data is cryptographically isolated at the database level — even with application bugs, one household cannot see another's data.

Passwords are hashed with bcrypt (12 rounds). Sessions use JWTs with configurable expiration (default: 15-minute access tokens, 30-day refresh tokens).

Data in transit is encrypted via TLS. Backups are encrypted at rest.

Only authenticated parent accounts within your household. Co-parents you explicitly invite. METHEAN support (Zack Fava) for troubleshooting, only when you request it.

We do not: Sell your data. Use it for advertising. Share it with schools, governments, or other institutions — unless you explicitly export and share it yourself.

Anthropic (Claude AI) and OpenAI: Process educational prompts. AI providers receive activity context and child first names only; they do not receive your email, address, or billing information.

Stripe: Payment processing. Stripe Privacy Policy

Resend: Transactional email delivery. Resend Privacy Policy

METHEAN is designed for use by parents and guardians. All child accounts are created and managed by parents. Children do not create their own accounts or provide personal information directly to METHEAN.

The child learning interface does not collect email addresses, social media handles, or contact information.

Parents can review all data collected about their children at any time through the Intelligence, Inspection, and Governance pages. Parents can delete child data by contacting zack@methean.io.

Active accounts: Data retained for the duration of your subscription.

Canceled accounts: Data retained for 90 days after cancellation, then permanently deleted.

Parents can request immediate deletion by emailing zack@methean.io.

AI interaction logs are retained for the duration of your subscription for parent inspection.

Parents can export all household data at any time via Settings → Export Data. The export includes all children, learning maps, mastery records, governance events, and compliance documents in JSON format.

METHEAN uses only essential cookies: authentication tokens (access_token, refresh_token, csrf_token).

No analytics cookies. No advertising cookies. No third-party tracking cookies.

Access: View all data through the platform.

Export: Download all data at any time.

Deletion: Request deletion by email.

Correction: Edit child profiles and household settings at any time through the platform.

Zack Fava · zack@methean.io · METHEAN, Inc.