Privacy Policy
At Alquie, we take the privacy of all users seriously โ especially that of primary school students. This policy clearly explains what data we collect, how we use it, and how we protect it.
1 Who we are
Alquie App is a gamified educational platform built for teachers and their students. Alquie is operated by Alquie SpA, a company incorporated in Chile.
The data controller for your account data is Alquie SpA (Chile). For privacy matters and to exercise your rights, our privacy contact is legal@alquie.com. For any other question, you can also reach us at hello@alquie.com.
2 Data we collect
We collect only the data necessary for the platform to work.
Teacher data
| Data | Purpose | Source |
|---|---|---|
| Full name | Identification on the platform | Voluntary registration |
| Email address | Login and service communications | Voluntary registration |
| Usage data | Improve the platform and detect errors | Platform usage |
Sign in with Google
If you choose to sign in with Google, we receive your name, email address, and profile picture from your Google account, solely to create and identify your teacher account in Alquie. We do not access any other data from your Google account.
Student data
| Data | Purpose | Source |
|---|---|---|
| Name (entered by teacher) | Identification within the virtual classroom | Entered by teacher |
| Unique access code | Authentication without email or password | Auto-generated |
| Academic progress | Track completed activities, points, and achievements | Platform usage |
| Avatar customization | Save chosen character and appearance | Student choices |
| Activity submissions | Allow teachers to review student work | Student submissions |
Data we do NOT collect
- Biometric data (fingerprints, facial recognition)
- Precise geographic location
- Financial information from students
- Social media data from students
3 How we use data
We use data exclusively for these purposes:
- Service delivery: manage courses, record progress, display rankings and gamification.
- Authentication and security: verify user identity and protect accounts.
- Service communications: important platform notices (to teachers only, never to students).
- Product improvement: anonymous, aggregated analytics to improve the platform.
- Legal compliance: respond to legitimate requests from competent authorities.
4 Student data & minors
Alquie is designed for use with primary school students. We apply enhanced protections to data belonging to minors.
Teacher as data controller
When a teacher creates a course and enters student names, the teacher acts as the data controller for that data. Alquie acts solely as the data processor, handling data only according to the teacher's instructions and exclusively to deliver the educational service.
The teacher is responsible for:
- Having the appropriate institutional or parental authorization to enter student data into digital educational platforms.
- Informing parents or guardians about Alquie's use, when required by local regulations.
- Entering only necessary data (a first name or nickname is sufficient โ full surnames are not required).
COPPA compliance (US)
Alquie does not knowingly collect personal information directly from children under 13. Student data is entered by teachers (adults) acting as the responsible party. Students authenticate via access codes โ no email or personal registration is required from the child.
FERPA-aligned practices
When used in US educational institutions, Alquie functions as a "school official" under FERPA โ we receive and process student education records solely to provide contracted services, under the direct control of the educational institution.
โข We will never sell or monetize student data under any circumstances.
โข We will never use student data for behavioral advertising of any kind.
โข We will never use student data to train AI or machine learning models.
โข We will not share student data with third parties except as strictly necessary to provide the service, under confidentiality agreements.
โข We will permanently delete student data when the teacher requests it.
5 Guardian access
At the teacher's request, Alquie lets a teacher invite a guardian (parent or legal guardian) so they can access a read-only report of the relevant student. This report shows information generated in the classroom: completed activities, points, progress trends, and recognitions.
- The guardian can only view the report of the student(s) linked to their account; they cannot edit any data, content, or class roster.
- It is the teacher who decides which student and which email the invitation is sent to; Alquie never contacts guardians on its own.
Legal basis (GDPR Art. 6): legitimate interest of the teacher/school in keeping the guardian informed about the student's progress, carried out under the control and authorization of the responsible teacher. The teacher, as data controller, is the party who must hold the authorization required to share this information with the guardian.
The guardian may exercise their rights (access, rectification, removal of their access) by writing to hello@alquie.com.
6 Our privacy commitments
2. No AI training. Data entered into Alquie โ names, student responses, course content โ is never used to train or fine-tune AI models.
3. No advertising. Alquie shows no advertising to students. We don't use behavioral data for user profiling.
4. Real deletion. When a teacher deletes a student or course, the data is removed from the active database immediately. For technical continuity reasons, a copy may persist in encrypted backups for a short period (in our current configuration, up to 7 days) before it is overwritten during routine backup rotation. We keep no active or accessible copies of the deleted data.
5. Data minimization. We collect only the data strictly necessary for the platform to function.
6. Transparency about AI use. Some visual assets on Alquie โ characters, illustrations, and graphic elements โ were created using generative AI tools. This is distinct from commitment #2: we are talking about how we build the platform, not what we do with your data. Teacher and student data is never used to feed any AI system, ours or third parties'.
6bis AI processing (Pro+ Plan)
If you use the AI generation features of the Pro+ Plan, the prompts you write are sent to Google Gemini API to produce the requested content. We operate under Google's paid plan, which means Google contractually commits not to use these prompts to train its models (consistent with commitment 2 of this policy).
Legal basis (GDPR Art. 6): contract performance โ you use the tools because you requested them as part of your Pro+ subscription.
Usage recommendation: we suggest you do not include real student names, sensitive personal data, or identifying information in your prompts. Generic content (subject, grade level, topic, learning objectives) is enough for the AI to generate quality material.
You can review your AI usage detail and current limits at any time at Settings → AI Usage.
7 International transfers & sub-processors
Alquie uses Supabase as its database and infrastructure provider. Supabase servers are primarily located in the United States, which constitutes an international data transfer.
Supabase complies with the EU-US Data Transfer Framework and maintains security measures equivalent to those required by GDPR.
Sub-processors we use
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database and infrastructure | United States |
| Cloudflare | Hosting, CDN, and anti-bot protection (Turnstile) | Global (processes IP addresses) |
| Resend | Transactional emails (confirmations, invitations) | United States |
| Google Gemini API | AI content generation (Pro+ only) | United States โ paid plan, no training on your data |
| Paddle (Paddle.com Market Ltd) | Payment processing and subscription billing, as Merchant of Record. Processes payment data; Alquie does not store your card. | United Kingdom |
Each sub-processor is contractually required to protect data to a standard equivalent to our own. We do not use teacher or student data to train AI systems.
Regardless of where data is stored, all commitments in this policy apply in full. Any sub-processors we use must accept data protection obligations equivalent to ours.
8 Payment data
Card data is collected and processed by Paddle (Paddle.com Market Ltd), our payment provider acting as Merchant of Record, not by Alquie. Alquie only receives the minimum information needed to manage your subscription (plan status, renewal dates, billing country). We do not store card numbers. See Paddle's privacy policy.
9 Retention & deletion
| Data type | Retention period |
|---|---|
| Teacher account data | While the account is active. Deleted 90 days after cancellation. |
| Student data (name, progress) | While the course is active. Removed from the active database immediately if the teacher removes the student or deletes the course. |
| Active student sessions | Automatically expire after 12 hours of inactivity. |
| Audit logs | 90 days (to verify that deletions were properly executed). |
| Billing and payment records | Kept for the period required by Chilean tax and accounting law (around 6 years), even after you cancel your account. These records are held primarily by our payment provider as the issuer of the invoices. |
About backups
When data is deleted it is removed from the active database immediately โ the student can no longer log in and the data stops being displayed and processed. For technical continuity reasons, a copy may persist in encrypted backups for a short period (in our current configuration, up to 7 days), after which it is overwritten during routine backup rotation. We keep no active or accessible copies of the deleted data.
How deletion works
When a teacher deletes a student from the management panel, the system automatically and immediately:
- Deletes all of the student's activity submissions.
- Deletes progress records, points, and coins.
- Terminates all active sessions (the student can no longer log in).
- Deletes attendance records.
- Removes the student's record from the database.
- Generates an audit log entry the teacher can download as proof.
10 Student privacy & regulatory compliance
Alquie is built to meet the strictest student-privacy standards across the regions where it is used. In every case, the teacher or school acts as the data controller and Alquie acts as the data processor.
- COPPA (US, children under 13): we do not collect personal data directly from students; they access with a code under teacher supervision.
- FERPA (US): the educational records generated (submissions, points, progress) are accessible only to the course teacher and their accepted collaborators.
- GDPR and GDPR applied to minors (GDPR-K): lawful, transparent processing with reinforced safeguards for minors' data.
- Chile (Law 19.628 / Law 21.719 on personal data): the teacher/school is the data controller; Alquie is the processor.
10bis Cookies & local storage
Alquie uses cookies and browser local storage only for what is strictly necessary:
- Session & authentication: keep you securely signed in.
- Preferences: remember settings such as the site language.
- Anti-bot security: Cloudflare Turnstile, to protect forms and access from abuse.
We do not use advertising cookies or third-party tracking cookies for commercial purposes. You can delete or block cookies from your browser settings; note that some features (such as staying signed in) may stop working.
11 Your rights
Depending on your country of residence, you may have all or some of the following rights regarding your data:
To exercise any of these rights, email us at hello@alquie.com. We'll respond within 30 days.
If you believe we have not handled your request properly, you have the right to lodge a complaint with the data protection authority in your country.
12 Security
We implement technical and organizational measures to protect data against unauthorized access, loss, or alteration:
- Encryption in transit: all communications with Alquie use HTTPS/TLS.
- Encryption at rest: stored data is encrypted in the database.
- Minimum access: each teacher can only access their own courses and students' data.
- Secure session tokens: students use opaque 64-character tokens that automatically expire every 12 hours.
- Brute force protection: failed login attempts are rate-limited.
- Audit logging: all sensitive actions (data deletions, access changes) are recorded.
Breach notification
In the event of a security breach affecting your personal data or that of your students, we will notify you without undue delay and, where required by law, within the established deadlines (e.g., 72 hours under GDPR), informing you of the scope and the measures taken.
13 Contact
If you have questions about this policy, want to exercise a right, or have any concern about the privacy of your or your students' data, please reach out:
Got questions?
If you have any questions about this policy or want to get in touch, write to us.
This policy was published on June 19, 2026. We reserve the right to update this policy to reflect changes in the platform or applicable law. We will notify you of significant changes by email or via a prominent notice on the platform.