Privacy Policy
Last updated: February 2026 ย ยทย Effective: February 2026
This policy is written in plain language to comply with applicable Canadian privacy legislation, including:
- PIPEDA โ Personal Information Protection and Electronic Documents Act (federal, applies across Canada for private-sector organizations)
- FOIPPA โ Freedom of Information and Protection of Privacy Act (British Columbia โ public sector; relevant when BC public schools use this platform)
- FOIP โ Freedom of Information and Protection of Privacy Act (Saskatchewan โ public sector; relevant when SK public schools use this platform)
- PIPA โ Personal Information Protection Act (Alberta and British Columbia โ private sector)
- Law 25 โ Act respecting the protection of personal information in the private sector (Quebec)
The principles across these laws are substantively similar. This policy satisfies all of them.
1. Who We Are
MathMastery is a Canadian educational platform that provides AI-powered math practice for students in Kindergarten through Grade 12. Curriculum is fully outcome-aligned for Saskatchewan (Grades 1โ12); students from all other Canadian provinces and territories are also supported.
Privacy contact: privacy@mathmastery.ca
2. What Personal Information We Collect
We collect only the information necessary to provide our service:
| Information | Who Provides It | Why We Need It |
|---|---|---|
| Username | All users | Display name within the platform |
| Email address | All users | Account recovery and notifications |
| Password (hashed) | All users | Account authentication; never stored in plain text |
| Province / Territory | All users | Align content with provincial curriculum |
| Grade level | Students, teachers | Generate age-appropriate math problems |
| School name & class name | Teachers | Classroom management features |
| Learning activity (topics, scores, timestamps) | All users | Track progress and personalize practice |
| Payment information | Paid plan subscribers | Processed directly by Stripe โ we never see full card numbers |
We do not collect names (first/last), physical addresses, phone numbers, photos, or any information beyond what is listed above.
3. How We Use Your Information
Your information is used only to:
- Provide and improve the math practice service
- Generate curriculum-aligned problems and lessons appropriate for your grade and province
- Track your learning progress over time
- Enable classroom and family management features
- Process subscription payments (paid plans)
- Send account-related emails (password reset, receipts)
We do not sell your personal information, use it for advertising, or share it with third parties except as described in Section 4.
4. Third-Party Service Providers
We engage the following processors to deliver our service. Each acts only on our instructions and may not use your data for their own purposes.
Anthropic, Inc. (USA) โ AI Processing
We use Anthropic's Claude AI to generate math problems, check answers, and provide tutoring. When you interact with these AI features, the following is sent to Anthropic's servers in the United States:
- Your grade level and province (not your name or email)
- The math topic and problem text
- Your submitted answer or question
Cross-border transfer: This constitutes a transfer of personal information outside Canada. Anthropic processes this data as a service provider under a data processing agreement consistent with FOIPPA s.33.1(b). Anthropic's privacy policy: anthropic.com/legal/privacy
MongoDB Atlas โ Database Hosting
All account and progress data is stored in MongoDB Atlas. Data is encrypted at rest and in transit. For questions about data residency and hosting region, contact us at privacy@mathmastery.ca.
Stripe, Inc. (USA) โ Payment Processing
Paid plan billing is handled by Stripe. Payment card data is processed and stored by Stripe โ we never see your full card number. Stripe's privacy policy: stripe.com/privacy
5. Children and Parental Consent
MathMastery is an educational service for children. We take the privacy of minors seriously.
- Students can only create accounts via an invite code issued by a parent or teacher. This ensures a responsible adult has authorized the account before it is created.
- By generating an invite code and sharing it with a child, parents and teachers provide consent for that child's use of the platform and collection of their educational data.
- Parents may view their children's progress at any time through the Family Dashboard and may request account deletion at any time.
6. Your Privacy Rights
Under PIPEDA, FOIPPA, FOIP, and other applicable Canadian privacy legislation, you have the right to:
Access
Request a copy of the personal information we hold about you.
Correction
Ask us to correct inaccurate or incomplete information.
Deletion
Delete your account and all associated data via Account Settings โ Delete Account.
Withdraw consent
Stop using the service and delete your account at any time.
To exercise your rights or submit a privacy inquiry, email privacy@mathmastery.ca. We will respond within 30 days.
7. Data Retention
- Account and progress data is retained while your account is active.
- When you delete your account (via Account Settings or by email request), all personal data is removed within 30 days.
- Aggregate, anonymized statistics (not linked to any individual) may be retained indefinitely.
- Stripe retains billing records per their own retention policies and legal obligations.
8. Security
We protect your information with:
- Passwords hashed with bcrypt (irreversible; we cannot read your password)
- Authentication via short-lived JWT tokens (7-day expiry)
- HTTPS on all connections
- Rate limiting on all sensitive endpoints to prevent brute-force attacks
- Input sanitization to prevent injection attacks
In the event of a data breach that creates a real risk of significant harm, affected users and the relevant privacy commissioner will be notified as required by law.
9. Updates to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email at least 14 days before they take effect. Continued use of MathMastery after the effective date constitutes acceptance of the updated policy.