Privacy Policy

Kocher AI ("Kocher", "we", "us", or "our") is an online educational service that provides a child-safe, Socratic AI learning companion ("Koko") for children aged 5-16. We are based in London, United Kingdom. For any questions about this policy or your data, contact us at support@kocher-ai.com.

Children's privacy is central to how Kocher is built. Accounts are created and controlled by a parent or legal guardian. We follow a data-minimisation, "Clean Room" approach: we collect only what is needed to provide the service, we never sell personal information, and we never use a child's information for advertising or behavioural profiling. We do not knowingly allow children to create their own accounts or to share personal contact information through the service.

Parent/guardian account: name, email address, an encrypted (hashed) password, a parental PIN (stored as a secure hash), consent records, and subscription/billing status. Payment card details are entered directly with our payment provider and are not stored on our systems.

Child profile (created by the parent): the child's display name, birth year, learning tier, and chosen avatar or theme.

Learning and usage data: the messages and voice input a child sends to Koko and Koko's responses, learning progress and curriculum mastery, session timestamps and play-time, points and achievements, and safety-event logs generated by our content-safety system.

Technical data: basic device and browser information and logs needed to operate and secure the service.

We use information to provide and personalise the learning experience; to track curriculum mastery against learning objectives; to operate Koko's content-safety guardrails and notify parents of safety events; to manage profiles, subscriptions, and the parental PIN gate; to maintain security and prevent abuse; and to comply with our legal obligations. We do not use children's data to build advertising profiles or to train third-party advertising systems.

Where UK or EU data-protection law applies, we rely on: performance of our contract with the parent (to deliver the service); the parent's consent (for processing a child's information); and our legitimate interests in keeping the service safe and secure, balanced against the rights of the child.

Where US law applies, we comply with the Children's Online Privacy Protection Act (COPPA): we require verifiable parental consent before a child profile is created and used, we collect only the information reasonably necessary to provide the service, and parents may review or delete their child's information at any time (see Section 8).

We do not sell personal information and we do not share it for advertising. We use a small number of trusted third-party service providers ("processors") strictly to operate the service, including: secure cloud hosting and database storage; AI model processing to generate Koko's educational responses; transactional email delivery (for example, parent safety alerts and account emails); and payment processing for subscriptions. These providers act on our instructions, receive only the information they need to perform their function, and are bound by confidentiality and data-protection obligations. We may also disclose information where required by law, or where necessary to protect the safety of a child or others.

We keep personal information only for as long as the account is active. If you delete a child profile or your account, we delete the associated personal data within 30 days, except where we are required to retain limited records to meet legal, security, or accounting obligations. Safety logs may be retained for the active life of the account so that parents can review them.

Parents and guardians can, at any time: review the information held about their child; export their child's data from the parent dashboard (Security, then Your Data); correct a child's profile details; delete a child profile or the entire account (Security, then Your Data), which removes the associated personal data; and withdraw consent by deleting the profile or account, or by contacting us. Depending on your location, you may also have rights under UK/EU GDPR (access, rectification, erasure, restriction, portability, and objection) or under applicable US state laws. To exercise any right, use the dashboard controls or email support@kocher-ai.com, and we will respond within the timeframes required by applicable law.

We protect information using encryption in transit, hashed passwords and PINs, row-level access controls so that each parent can only access their own family's data, and a PIN-gated parent area. No online service can be guaranteed perfectly secure, but we work to protect your information and to limit what we collect.

We are based in the UK and offer the service to families in the UK, EU, US, and elsewhere. Where information is transferred across borders (for example, to a service provider located in another country), we take steps to ensure it remains protected in line with applicable law, including appropriate safeguards such as standard contractual clauses where required.

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and, where appropriate, notify you or ask you to re-confirm your consent.

If you have any questions, requests, or concerns about this policy or your data, contact us at support@kocher-ai.com.