Scivra

Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

When you use Scivra, we may collect the following types of information:

  • Account information: When you register, we collect your email address, name, and optionally your school or institution.
  • Usage data: We collect information about how you use our experiments, including time spent, experiments completed, and challenge results.
  • Learning progress: We track your experiment progress and skill progression to personalize your learning experience.
  • Device information: We automatically collect information about your device type, browser, and operating system.
  • Payment information: If you subscribe, our payment processor (Stripe) collects billing information. We do not store your full credit card number.

2. Cookies and Tracking

We use cookies and similar technologies to provide and improve our services:

  • Essential cookies: Required for login and maintaining your session.
  • Analytics cookies: Help us understand how students use our platform.
  • Preference cookies: Remember your settings like theme and language.

3. Third-Party Services

We use trusted third-party services to operate our platform:

  • Vercel - Hosting and content delivery
  • PostgreSQL (Neon) - Secure database hosting
  • Stripe - Payment processing (PCI-DSS compliant)
  • Upstash Redis - Rate limiting and session management
  • Cloudflare R2 - Secure storage for assets
  • Anthropic Claude - AI-powered features for Max subscribers

4. Children's Privacy (COPPA)

Scivra is designed for K-12 students. We comply with COPPA:

  • Users under 13 require parental consent before creating an account.
  • For users under 13, we collect only the minimum information necessary.
  • Parents can review, delete, or request a copy of their child's information.
  • We never sell or share children's information for marketing purposes.

5. Data Security

We implement robust security measures:

  • All data is encrypted in transit (TLS 1.3+) and at rest.
  • Strict access controls limit who can access user data.
  • We conduct regular security reviews.
  • Inactive accounts are deleted after 3 years.

6. Your Rights (GDPR)

Under GDPR and similar laws, you have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Update or correct your information.
  • Deletion: Request deletion of your account and data.
  • Portability: Export your learning progress.

7. Contact Us

If you have questions about this Privacy Policy, contact us at support@scivra.com.