Scivra

Privacy Policy

Privacy Policy for Scivra
Oct 24, 2025

Effective Date: April 8, 2026

Introduction

Welcome to Scivra ("we," "us," or "our"), a K-12 science education platform that provides interactive experiments and AI-powered learning tools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://www.scivra.com and use our services, including our experiment library, Universal Principle Generator (UPG), learning paths, and related features.

We are committed to protecting the privacy of all users, especially children and students. Please read this policy carefully. By using Scivra, you consent to the data practices described in this policy.

Information We Collect

1. Account Information

  • What We Collect: Name, email address, and password hash when you create an account. If you sign in via a third-party provider (e.g., Google), we receive your name and email from that provider.
  • Purpose: To create and manage your account, authenticate your identity, and provide customer support.

2. Age and Compliance Information

  • What We Collect: Age group (under 13, 13-17, 18+), geographic region, and parental consent status.
  • Purpose: To comply with the Children's Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR), and to apply appropriate content and privacy controls based on your age group.

3. Experiment Progress and Learning Data

  • What We Collect: Records of which experiments you have accessed, your progress within learning paths, quiz scores, and lab notebook entries.
  • Purpose: To track your learning progress, personalize recommendations, and enable teachers and parents to monitor academic engagement.

4. UPG (Universal Principle Generator) Data

  • What We Collect: Text prompts you submit to the AI generator, the generated HTML visualizations, and associated metadata (tags, likes, forks, publish status).
  • Purpose: To generate interactive visualizations, enable sharing through the gallery, and improve AI generation quality.

5. Usage Analytics

  • What We Collect: Pages visited, features used, session duration, interaction patterns, and usage frequency.
  • Purpose: To analyze how users engage with our platform, improve our services, and identify technical issues.

6. Device and Technical Information

  • What We Collect: IP address, browser type, operating system, device type, screen resolution, and referring URL.
  • Purpose: To optimize our platform for different devices, ensure security, and prevent abuse.

7. Cookies and Similar Technologies

  • What We Collect: Session cookies for authentication, preference cookies for language and theme settings, and analytics cookies.
  • Purpose: To maintain your logged-in session, remember your preferences, and understand aggregate usage patterns.

8. Payment Information

  • What We Collect: When you subscribe to a paid plan (Pro or Max), our payment processors collect your payment method details (credit card number, billing address). We do not store your full credit card number on our servers.
  • Purpose: To process subscription payments and manage billing.

Children's Privacy (COPPA Compliance)

Scivra is designed for K-12 students, including children under the age of 13. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA).

  • Parental Consent Required: Children under 13 may not create an account or use Scivra without verifiable parental consent. During registration, users who indicate they are under 13 will be directed through our parental consent flow.
  • Limited Data Collection: For users under 13, we collect only the minimum information necessary to provide the educational service.
  • No Behavioral Advertising: We do not serve behaviorally targeted advertisements to children under 13.
  • Parental Rights: Parents or legal guardians may review their child's personal information, request deletion, or revoke consent at any time by contacting us at support@scivra.com or through the account settings dashboard.
  • Age-Gating: Our platform implements age-gating at registration to identify users under 13 and apply enhanced privacy protections.

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional rights apply to you under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of all personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate personal data.
  • Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
  • Right to Data Portability: You may request your data in a structured, machine-readable format.
  • Right to Restrict Processing: You may request that we limit how we use your data.
  • Right to Object: You may object to processing of your data for certain purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, use the Data Privacy section in your account settings or contact us at support@scivra.com. We will respond to your request within 30 days. Data export and deletion requests can also be submitted through our API at /api/privacy/.

Data Storage and Security

  • Hosting: Our application is hosted on Vercel. Database services are provided by PostgreSQL.
  • File Storage: User-generated content and experiment assets are stored on Cloudflare R2.
  • Caching and Rate Limiting: We use Upstash Redis for rate limiting and distributed locking to protect against abuse.
  • Encryption: All data in transit is encrypted via TLS/SSL. Sensitive data at rest is encrypted using industry-standard methods.
  • Access Controls: We implement role-based access control (RBAC) to ensure that only authorized personnel can access user data.
  • Data Retention: We retain your personal data only for as long as necessary to provide the service and comply with legal obligations. Automated data retention processes run daily to remove expired data.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

Third-Party Services

We use the following third-party services that may process your data:

ServicePurposeData Shared
StripePayment processingPayment method, billing address, email
PayPalPayment processingPayment method, billing address, email
CreemPayment processingPayment method, billing address, email
VercelApplication hosting and analyticsIP address, usage data
CloudflareCDN, file storage (R2)IP address, uploaded content
UpstashRedis caching and rate limitingAnonymized usage identifiers
ResendTransactional email deliveryEmail address, name
Anthropic (Claude)AI generation for UPGText prompts submitted by users

Each third-party service operates under its own privacy policy. We encourage you to review their policies. We do not sell your personal information to any third party.

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your data only in the following circumstances:

  • With Your Consent: When you explicitly choose to publish UPG content to the public gallery or share your profile.
  • Service Providers: With third-party vendors listed above who assist in operating our platform, bound by data processing agreements.
  • Legal Compliance: When required by law, regulation, legal process, or governmental request.
  • Safety: To protect the rights, property, or safety of Scivra, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

Your Choices

  • Account Settings: You can update your profile information, change your password, and manage notification preferences in your account settings.
  • Cookie Preferences: You can control cookie settings through your browser. Disabling certain cookies may limit functionality.
  • Data Export: You can request a full export of your data through your account settings or by contacting us.
  • Account Deletion: You can request deletion of your account and associated data through your account settings or by contacting us. Deletion requests are processed within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date. For significant changes, we may also notify you by email. Your continued use of Scivra after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or your child's use of Scivra, please contact us at:

Scivra Website: https://www.scivra.com Email: support@scivra.com