Scout

Privacy Policy

Effective: 2026-04-24

Scout is a learning companion for kids ages 8–12. This policy explains what we collect, why, how long we keep it, and the rights you and your child have over that data.

This policy is written to satisfy:

  • U.S. Children's Online Privacy Protection Act (COPPA)
  • General Data Protection Regulation (GDPR) and UK GDPR
  • California Consumer Privacy Act (CCPA) and similar state laws

If anything in here is unclear, please email the address at the bottom.

Who we are

Scout is operated by Scout Learning. The data controller for personal data is Scout Learning. (Address and DPO contact will be added before public launch.)

What we collect

About you, the parent:

  • Email address and display name
  • Hashed password (we never see your password in plain text)
  • Account role (parent, teacher, or admin)
  • Records of consents you have given, including timestamp, policy version, and a one-way hash of your IP at the moment of consent
  • Optional marketing opt-in choice

About your child:

  • First name (or nickname) and grade level — what you supply
  • Conversations between your child and Scout (full text)
  • Per-turn ratings you provide and any notes you write
  • Anything teachers you invite share for the child (lesson plans, curriculum, observations) and any files they attach

Automatically:

  • Token usage per Claude API call (for billing reconciliation only)
  • Approximate IP at signup, hashed (see above)

We do not collect: location data, device identifiers, biometrics, contacts, microphone, camera, or any data from third-party tracking SDKs. There are no third-party trackers on Scout pages.

Why we collect it

| Purpose | Data used | Legal basis (GDPR) | |---|---|---| | Run a tutoring session | Conversation, child name + grade | Consent | | Personalize Scout for your child | Past conversations, teacher input | Consent | | Allow parent oversight (review, ratings, progress reports) | Conversations, ratings | Consent | | Improve our LLM through fine-tuning | Scrubbed conversations (names → [CHILD], emails/phones redacted) | Consent + legitimate interest | | Account security (passwords, sessions) | Email, password hash | Contract performance | | Legal compliance, audit trail | Consent records, deletion logs | Legal obligation |

How long we keep it (data retention)

Default retention windows. Specific implementation lands in the next PR; this is the published policy.

| Data | Retention | |---|---| | Raw conversation transcripts (exchanges) | 2 years from last session | | Per-turn audit (exact prompts sent to the LLM) | 2 years | | Scrubbed training examples (no names) | Indefinite, used to improve Scout | | Session metadata (subject, topic, dates) | 2 years | | Notifications | 1 year, read or unread | | Account, child profiles | Until you delete them | | Consent records | 7 years after consent ends (regulator audit) |

You can delete everything tied to your parent account at any time — see "Your rights" below.

Who sees what

  • Parent: full access to their kids' transcripts, ratings, and any teacher input.
  • Teacher: only sessions in subjects you grant them, only their own notes, only their own files. Teachers do not see other teachers' notes or your ratings.
  • Admin (Scout staff): aggregate metrics, training-data export of scrubbed (no-name) conversations. Admins do not browse individual parent or child accounts.
  • Anthropic (our LLM provider): receives the conversation text needed to generate Scout's responses. Conversations are not used by Anthropic to train their models. We have / will have a Data Processing Addendum with Anthropic before public launch.

We never sell data. We never share data with advertisers. We never use your child's data to train any model other than Scout itself.

Verifiable parental consent

Under COPPA, "verifiable parental consent" must be more than a checkbox. For our closed beta, we use the FTC-approved email-plus method:

  1. You check a box at signup confirming you are 18 or older and consent to Scout's data practices for your child.
  2. We send a verification link to your email.
  3. You click that link to confirm. Consent is final after a short delay.

Before any public launch we will upgrade to a stronger method (credit-card transaction, government ID, knowledge-based questions, or video confirmation), per COPPA §312.5(b).

You can revoke consent at any time by deleting your account or by emailing us.

Your rights

You always have the right to:

  • Access all data we hold about you and your child — download a JSON export from your Privacy & data page.
  • Correct anything that's wrong — edit child profiles, rename yourself, etc.
  • Delete everything — the Delete account button on your Privacy & data page wipes raw transcripts, per-turn audits, sessions, exchanges, notifications, teacher links, scrubbed training examples derived from your child's sessions, and the account itself. Co-parented children remain if another parent is still active.
  • Object to specific processing — email us; we'll comply unless legally required to keep something.
  • Portability — your data export is in JSON, machine-readable.
  • Lodge a complaint with your local data-protection authority (in the EU/UK), or with the FTC (in the US).

Children's rights

If your child wants to stop using Scout, talk to them about it and delete their profile. Scout will tell a child to seek a trusted adult if they show signs of distress; we don't recommend kids interact with Scout unsupervised in those moments.

Changes to this policy

When we change this policy, the version stamp at the top changes and we re-prompt you to consent at next sign-in. Your old consent record stays in our audit log alongside the new one.

Contact

Questions, deletion requests, or to invoke any right above: email [email protected].

(Real address + DPO contact added before public launch.)

Privacy·Terms·Home