Mentoric — Privacy Policy
1. Who We Are
This game and service ("Mentoric," the "Game," the "Service") is operated by Mentoric LLC ("we," "us," "our"), located in Tel Aviv, Israel.
If you have any questions about this Privacy Policy or your information, contact us at:
- Privacy & data requests: [email protected]
- Postal address: Tel Aviv, Israel
- Online: mentoric.io/privacy
- Data Protection Officer / EU–UK Representative (if applicable): Not appointed
This Privacy Policy explains what personal information we collect from and about players, how we use it, who we share it with, and the choices and rights you and your parents or guardians have. It is written to comply with the U.S. Children's Online Privacy Protection Act (COPPA) and its 2025 amendments, the EU and UK General Data Protection Regulation (GDPR/UK GDPR) including child-specific rules and the UK Age Appropriate Design Code ("Children's Code"), Israel's Protection of Privacy Law, and other applicable privacy laws. Where laws differ, we apply the standard most protective of children.
2. Mentoric Is Designed for Children
Mentoric is an educational math game intended for K–12 learners, including children under the age of 13 (and under 16 in some countries). Because the Game is directed to children, we take extra care:
- We collect the minimum information needed to run the Game and save progress ("data minimization").
- Privacy-protective settings are on by default.
- We do not serve behavioral or targeted advertising to children.
- We do not sell children's personal information or share it for cross-context behavioral advertising.
- We do not use children's personal information to build advertising profiles or for any purpose unrelated to running and improving the Game.
- We do not condition a child's participation in any game activity on disclosing more personal information than is reasonably necessary.
3. Parental Consent
Before a child under the applicable age of consent (13 under COPPA; 13–16 under the GDPR depending on country) creates an account or provides personal information, we require verifiable parental consent from a parent or legal guardian.
How consent works. During sign-up, an account intended for a child must be created or approved by a parent or guardian, who:
- Reviews this Privacy Policy and our direct notice of what we collect, how we use it, and who we share it with;
- Confirms they are the parent or guardian and consents to our collection and use of the child's information for the purposes described here; and
- May choose to consent to core gameplay data collection without consenting to any optional sharing with third parties (we will not share with third parties for non-integral purposes without separate, specific consent).
Anonymous play. Mentoric also supports anonymous play (no email or name), which lets a child use the Game while collecting only the limited technical and gameplay data described below. Anonymous play does not sync progress to a personal account.
Withdrawing consent. A parent may withdraw consent at any time by contacting us at [email protected]. We will stop collecting and using the child's personal information, and may need to close the account because some information is necessary to operate the Game.
4. Information We Collect
We collect only what we need to run the Game, save progress, keep accounts secure, and improve learning. We do not ask children for more personal information than is reasonably necessary.
4.1 Information you give us
| Category | Examples | When |
|---|---|---|
| Account / authentication | Email address and password (or an anonymous account identifier) | When a parent creates or approves an account. Authentication is handled by Google Firebase Authentication. |
| Display preferences | Chosen display name or wizard skin, language (English/Hebrew) | During play |
| Support communications | Email address and message content | When you contact us for help |
We do not require a child's real name, home address, phone number, photograph, or precise location to play.
4.2 Information we collect automatically through gameplay
| Category | Examples |
|---|---|
| Learning & progress data | Problems attempted and solved, per-step correctness, skill ratings and mastery levels, XP, level, gold, equipped skin, scroll/spell tier, streaks, tutorial/onboarding status, last position in a run |
| Gameplay analytics | In-game events (e.g. a step solved, a spell cast, a level completed), session length, feature usage, progress through the adaptive learning engine |
| Technical & device data | Device and browser type, operating system, screen/canvas resolution, language settings, a persistent identifier or cookie/local-storage value used to recognize the account or session, and approximate region inferred from IP address |
| Diagnostics & crash data | Error logs and crash reports used to detect and fix bugs |
Some of this information (such as a persistent identifier) is treated as personal information under COPPA and the GDPR even when it is not tied to a real-world name.
4.3 Payment information (future feature)
Mentoric does not currently process payments. When paid features are introduced, payments will be handled by a third-party payment processor (e.g. Stripe). We will not collect or store full payment-card numbers ourselves; the processor handles card data directly under its own privacy terms. We may store a limited transaction record (e.g. that a purchase was made, the amount, and a processor reference) to provide the service, support, and refunds. Because the Game is used by children, any purchase flow will be designed to require a parent or account holder to authorize payment. This Policy will be updated before any payment feature goes live.
5. How We Use Information
We use the information above only for the following purposes:
- To run the Game — authenticate accounts, save and sync progress, load the correct level/skins/topics.
- To personalize learning — our adaptive engine uses progress and accuracy data to serve problems at the right difficulty, schedule spaced review, and adjust mastery levels. This helps each child learn, not to profile them for advertising.
- To keep accounts and data secure — detect, prevent, and investigate fraud, abuse, cheating, and technical problems.
- To improve the Game — understand which features and lessons work, fix bugs, and develop new educational content (using aggregated or de-identified data wherever possible).
- To support you — respond to questions and parental requests.
- To comply with the law — meet legal obligations and enforce our Terms & Conditions.
- To process payments — only if and when paid features are added (see §4.3).
We do not use children's personal information for targeted advertising, to sell to data brokers, or for any purpose incompatible with the purposes above.
Legal bases (GDPR / UK GDPR). Where the GDPR applies, we rely on: consent (including verifiable parental consent for children below the age of digital consent); performance of a contract (providing the Game you signed up for); our legitimate interests in keeping the Game secure and improving it, balanced against children's rights and only where appropriate for a child-directed service; and legal obligation where we must process data to comply with law.
6. How We Share Information
We do not sell children's personal information, and we do not share it for targeted advertising. We share information only in these limited cases:
- Service providers ("processors") who help us run the Game under contract and may only use the data on our instructions, including:
- Google Firebase (Authentication, Firestore database, and Storage) — hosting, accounts, and saving game data.
- Analytics providers (e.g. Google Analytics 4 and, where enabled, PostHog) — to understand product usage. These are configured for a child-directed service, without using the data for advertising.
- Error monitoring (e.g. Sentry) — to detect and fix crashes.
- Payment processor (e.g. Stripe) — only when paid features launch, to process transactions.
- Legal and safety reasons — to comply with applicable law, a lawful request, or to protect the rights, safety, and property of players, the public, or us.
- Business transfers — if we are involved in a merger, acquisition, or sale of assets, information may be transferred subject to this Policy and applicable law; we will notify parents of any material change.
We require any third party with whom we share children's personal information to maintain confidentiality and security and to use the data only for the limited purpose for which it was shared. A current list of the third parties that receive children's personal information is available on request at [email protected].
7. Cookies and Similar Technologies
We use cookies, local storage, and similar technologies that are strictly necessary to operate the Game — for example, to keep a player logged in, remember language and tutorial state, and maintain a session. We do not use advertising or cross-site tracking cookies in the children's experience. Because these technologies are essential to the Game, disabling them may prevent the Game from working.
8. International Data Transfers
We and our service providers may process information in countries other than where you live, including the United States and Israel. Where we transfer personal data out of the EEA, the UK, or another region with transfer restrictions, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (or the UK Addendum/IDTA) and rely on providers with appropriate certifications. You may request a copy of the relevant safeguards at [email protected].
9. Data Retention
We keep children's personal information only as long as reasonably necessary to provide the Game and the purposes described in this Policy, and we do not retain it indefinitely.
| Data | Retention |
|---|---|
| Account and progress data | Kept while the account is active. Deleted (or anonymized) within 90 days after the account is closed or after a parent requests deletion, unless we must keep it longer by law. |
| Anonymous-play / session data | Kept for a short period to operate and improve the Game, then deleted or aggregated. |
| Analytics & diagnostics | Retained in identifiable form for no longer than 24 months, then aggregated or deleted. |
| Payment/transaction records (future) | Retained as required for tax, accounting, and legal purposes (typically 7 years). |
| Support messages | Kept while needed to resolve your request and a reasonable period afterward. |
When the retention period ends, we delete, anonymize, or aggregate the information so it can no longer be linked to a child. Our full data-retention schedule is summarized here and updated as our practices change.
10. How We Protect Information
We maintain a written information security program with administrative, technical, and physical safeguards appropriate to the sensitivity of children's data. These include encryption of data in transit, access controls and authentication, least-privilege access for our team, secured cloud infrastructure (Firebase/Google Cloud), monitoring and logging, and regular review of our security measures. No system is perfectly secure, but we work to protect personal information against loss, misuse, and unauthorized access, and we maintain procedures to address any data security incident in line with applicable law.
11. Your Rights and Parental Choices
Parents and guardians of a child user have the right to:
- Review the personal information we have collected from their child;
- Request deletion of their child's personal information;
- Refuse to permit further collection or use of their child's information (note this may require us to close the account); and
- Withdraw consent at any time.
Depending on where you live, you (or your child, where age-appropriate) may also have rights under the GDPR/UK GDPR, Israeli law, and U.S. state privacy laws, including the right to access, correct, delete, restrict or object to processing, data portability, and to withdraw consent. We do not use automated decision-making that produces legal or similarly significant effects on a child.
How to exercise rights. Contact [email protected] with your request. To protect children, we will take reasonable steps to verify that the requester is the child's parent/guardian or the account holder before acting. We respond within the timeframes required by applicable law (generally within 30 days; we may extend where the law allows and will tell you if so). These requests are free unless a request is excessive or repetitive.
Complaints. If you are in the EEA or UK and believe we have mishandled your data, you may complain to your local data protection authority (in the UK, the Information Commissioner's Office). In Israel, you may contact the Privacy Protection Authority. We'd appreciate the chance to address your concern first at [email protected].
12. No Advertising or Sale of Children's Data
We do not display third-party advertising to children, do not sell children's personal information, and do not share it for cross-context behavioral advertising or to build advertising profiles. We do not knowingly allow third parties to collect personal information from children through the Game for these purposes.
13. Changes to This Policy
We may update this Privacy Policy as the Game evolves (for example, when paid features launch) or as the law changes. If we make a material change to how we collect, use, or share children's personal information, we will obtain renewed parental consent where required and provide notice (for example, by email to the account holder and/or a prominent notice in the Game) before the change takes effect. The "Last updated" date at the top shows the latest version.
14. Contact Us
Mentoric LLC
Tel Aviv, Israel
Privacy & data requests: [email protected]
General contact: [email protected]
