Privacy Policy โ† Back
1. Who we are 2. Data we collect 3. How we use data 4. Student data 5. Guardian access 6. Our commitments 6bis. AI processing (Pro+) 7. International transfers & sub-processors 8. Payment data 9. Retention & deletion 10. Student privacy & compliance 11. Your rights 12. Security 13. Contact

Privacy Policy

At Alquie, we take the privacy of all users seriously โ€” especially that of primary school students. This policy clearly explains what data we collect, how we use it, and how we protect it.

1 Who we are

Alquie App is a gamified educational platform built for teachers and their students. Alquie is operated by Alquie SpA, a company incorporated in Chile.

The data controller for your account data is Alquie SpA (Chile). For privacy matters and to exercise your rights, our privacy contact is legal@alquie.com. For any other question, you can also reach us at hello@alquie.com.

๐Ÿ“
This policy applies to all Alquie users, regardless of their country. Our commitments are designed to meet the strictest global standards: GDPR (Europe), COPPA (US), FERPA-aligned practices, and Latin American data protection laws.

2 Data we collect

We collect only the data necessary for the platform to work.

Teacher data

DataPurposeSource
Full nameIdentification on the platformVoluntary registration
Email addressLogin and service communicationsVoluntary registration
Usage dataImprove the platform and detect errorsPlatform usage

Sign in with Google

If you choose to sign in with Google, we receive your name, email address, and profile picture from your Google account, solely to create and identify your teacher account in Alquie. We do not access any other data from your Google account.

๐Ÿ”’
Limited Use. Alquie's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use this data for advertising, we do not sell it, and we do not share it except as strictly necessary to provide the service to you.

Student data

๐Ÿ›ก๏ธ
Students do NOT need an email or password. They access via a unique code generated by their teacher. This design deliberately minimizes personal data collected from minors.
DataPurposeSource
Name (entered by teacher)Identification within the virtual classroomEntered by teacher
Unique access codeAuthentication without email or passwordAuto-generated
Academic progressTrack completed activities, points, and achievementsPlatform usage
Avatar customizationSave chosen character and appearanceStudent choices
Activity submissionsAllow teachers to review student workStudent submissions

Data we do NOT collect

  • Biometric data (fingerprints, facial recognition)
  • Precise geographic location
  • Financial information from students
  • Social media data from students

3 How we use data

We use data exclusively for these purposes:

  • Service delivery: manage courses, record progress, display rankings and gamification.
  • Authentication and security: verify user identity and protect accounts.
  • Service communications: important platform notices (to teachers only, never to students).
  • Product improvement: anonymous, aggregated analytics to improve the platform.
  • Legal compliance: respond to legitimate requests from competent authorities.
๐Ÿšซ
What we never do: We do not use student data for advertising. We do not sell data to third parties. We do not share data for purposes beyond delivering the educational service.

4 Student data & minors

Alquie is designed for use with primary school students. We apply enhanced protections to data belonging to minors.

Teacher as data controller

When a teacher creates a course and enters student names, the teacher acts as the data controller for that data. Alquie acts solely as the data processor, handling data only according to the teacher's instructions and exclusively to deliver the educational service.

The teacher is responsible for:

  • Having the appropriate institutional or parental authorization to enter student data into digital educational platforms.
  • Informing parents or guardians about Alquie's use, when required by local regulations.
  • Entering only necessary data (a first name or nickname is sufficient โ€” full surnames are not required).

COPPA compliance (US)

Alquie does not knowingly collect personal information directly from children under 13. Student data is entered by teachers (adults) acting as the responsible party. Students authenticate via access codes โ€” no email or personal registration is required from the child.

FERPA-aligned practices

When used in US educational institutions, Alquie functions as a "school official" under FERPA โ€” we receive and process student education records solely to provide contracted services, under the direct control of the educational institution.

โœ…
Our student data commitments:

โ€ข We will never sell or monetize student data under any circumstances.
โ€ข We will never use student data for behavioral advertising of any kind.
โ€ข We will never use student data to train AI or machine learning models.
โ€ข We will not share student data with third parties except as strictly necessary to provide the service, under confidentiality agreements.
โ€ข We will permanently delete student data when the teacher requests it.

5 Guardian access

At the teacher's request, Alquie lets a teacher invite a guardian (parent or legal guardian) so they can access a read-only report of the relevant student. This report shows information generated in the classroom: completed activities, points, progress trends, and recognitions.

  • The guardian can only view the report of the student(s) linked to their account; they cannot edit any data, content, or class roster.
  • It is the teacher who decides which student and which email the invitation is sent to; Alquie never contacts guardians on its own.

Legal basis (GDPR Art. 6): legitimate interest of the teacher/school in keeping the guardian informed about the student's progress, carried out under the control and authorization of the responsible teacher. The teacher, as data controller, is the party who must hold the authorization required to share this information with the guardian.

The guardian may exercise their rights (access, rectification, removal of their access) by writing to hello@alquie.com.

6 Our privacy commitments

๐Ÿ”’
1. We don't sell data. We never sell teacher or student data to third parties, under any circumstances.

2. No AI training. Data entered into Alquie โ€” names, student responses, course content โ€” is never used to train or fine-tune AI models.

3. No advertising. Alquie shows no advertising to students. We don't use behavioral data for user profiling.

4. Real deletion. When a teacher deletes a student or course, the data is removed from the active database immediately. For technical continuity reasons, a copy may persist in encrypted backups for a short period (in our current configuration, up to 7 days) before it is overwritten during routine backup rotation. We keep no active or accessible copies of the deleted data.

5. Data minimization. We collect only the data strictly necessary for the platform to function.

6. Transparency about AI use. Some visual assets on Alquie โ€” characters, illustrations, and graphic elements โ€” were created using generative AI tools. This is distinct from commitment #2: we are talking about how we build the platform, not what we do with your data. Teacher and student data is never used to feed any AI system, ours or third parties'.

6bis AI processing (Pro+ Plan)

If you use the AI generation features of the Pro+ Plan, the prompts you write are sent to Google Gemini API to produce the requested content. We operate under Google's paid plan, which means Google contractually commits not to use these prompts to train its models (consistent with commitment 2 of this policy).

Legal basis (GDPR Art. 6): contract performance โ€” you use the tools because you requested them as part of your Pro+ subscription.

Usage recommendation: we suggest you do not include real student names, sensitive personal data, or identifying information in your prompts. Generic content (subject, grade level, topic, learning objectives) is enough for the AI to generate quality material.

You can review your AI usage detail and current limits at any time at Settings → AI Usage.

7 International transfers & sub-processors

Alquie uses Supabase as its database and infrastructure provider. Supabase servers are primarily located in the United States, which constitutes an international data transfer.

Supabase complies with the EU-US Data Transfer Framework and maintains security measures equivalent to those required by GDPR.

Sub-processors we use

Sub-processorPurposeLocation
SupabaseDatabase and infrastructureUnited States
CloudflareHosting, CDN, and anti-bot protection (Turnstile)Global (processes IP addresses)
ResendTransactional emails (confirmations, invitations)United States
Google Gemini APIAI content generation (Pro+ only)United States โ€” paid plan, no training on your data
Paddle (Paddle.com Market Ltd)Payment processing and subscription billing, as Merchant of Record. Processes payment data; Alquie does not store your card.United Kingdom

Each sub-processor is contractually required to protect data to a standard equivalent to our own. We do not use teacher or student data to train AI systems.

Regardless of where data is stored, all commitments in this policy apply in full. Any sub-processors we use must accept data protection obligations equivalent to ours.

8 Payment data

Card data is collected and processed by Paddle (Paddle.com Market Ltd), our payment provider acting as Merchant of Record, not by Alquie. Alquie only receives the minimum information needed to manage your subscription (plan status, renewal dates, billing country). We do not store card numbers. See Paddle's privacy policy.

9 Retention & deletion

Data typeRetention period
Teacher account dataWhile the account is active. Deleted 90 days after cancellation.
Student data (name, progress)While the course is active. Removed from the active database immediately if the teacher removes the student or deletes the course.
Active student sessionsAutomatically expire after 12 hours of inactivity.
Audit logs90 days (to verify that deletions were properly executed).
Billing and payment recordsKept for the period required by Chilean tax and accounting law (around 6 years), even after you cancel your account. These records are held primarily by our payment provider as the issuer of the invoices.

About backups

When data is deleted it is removed from the active database immediately โ€” the student can no longer log in and the data stops being displayed and processed. For technical continuity reasons, a copy may persist in encrypted backups for a short period (in our current configuration, up to 7 days), after which it is overwritten during routine backup rotation. We keep no active or accessible copies of the deleted data.

How deletion works

When a teacher deletes a student from the management panel, the system automatically and immediately:

  1. Deletes all of the student's activity submissions.
  2. Deletes progress records, points, and coins.
  3. Terminates all active sessions (the student can no longer log in).
  4. Deletes attendance records.
  5. Removes the student's record from the database.
  6. Generates an audit log entry the teacher can download as proof.
๐Ÿ“‹
Deletion certificate: Teachers can download an audit log confirming the date, time, and scope of any data deletion. This allows them to demonstrate to schools or parents that data was properly removed.

10 Student privacy & regulatory compliance

Alquie is built to meet the strictest student-privacy standards across the regions where it is used. In every case, the teacher or school acts as the data controller and Alquie acts as the data processor.

  • COPPA (US, children under 13): we do not collect personal data directly from students; they access with a code under teacher supervision.
  • FERPA (US): the educational records generated (submissions, points, progress) are accessible only to the course teacher and their accepted collaborators.
  • GDPR and GDPR applied to minors (GDPR-K): lawful, transparent processing with reinforced safeguards for minors' data.
  • Chile (Law 19.628 / Law 21.719 on personal data): the teacher/school is the data controller; Alquie is the processor.

10bis Cookies & local storage

Alquie uses cookies and browser local storage only for what is strictly necessary:

  • Session & authentication: keep you securely signed in.
  • Preferences: remember settings such as the site language.
  • Anti-bot security: Cloudflare Turnstile, to protect forms and access from abuse.

We do not use advertising cookies or third-party tracking cookies for commercial purposes. You can delete or block cookies from your browser settings; note that some features (such as staying signed in) may stop working.

11 Your rights

Depending on your country of residence, you may have all or some of the following rights regarding your data:

Access
Request a copy of the personal data we hold about you.
Rectification
Correct inaccurate or outdated data.
Erasure
Request deletion of your personal data (right to be forgotten).
Portability
Receive your data in a machine-readable format to transfer to another service.
Objection
Object to processing of your data in certain circumstances.
Restriction
Request that we limit use of your data while a dispute is being resolved.

To exercise any of these rights, email us at hello@alquie.com. We'll respond within 30 days.

If you believe we have not handled your request properly, you have the right to lodge a complaint with the data protection authority in your country.

12 Security

We implement technical and organizational measures to protect data against unauthorized access, loss, or alteration:

  • Encryption in transit: all communications with Alquie use HTTPS/TLS.
  • Encryption at rest: stored data is encrypted in the database.
  • Minimum access: each teacher can only access their own courses and students' data.
  • Secure session tokens: students use opaque 64-character tokens that automatically expire every 12 hours.
  • Brute force protection: failed login attempts are rate-limited.
  • Audit logging: all sensitive actions (data deletions, access changes) are recorded.

Breach notification

In the event of a security breach affecting your personal data or that of your students, we will notify you without undue delay and, where required by law, within the established deadlines (e.g., 72 hours under GDPR), informing you of the scope and the measures taken.

13 Contact

If you have questions about this policy, want to exercise a right, or have any concern about the privacy of your or your students' data, please reach out:

Got questions?

If you have any questions about this policy or want to get in touch, write to us.

hello@alquie.com

This policy was published on June 19, 2026. We reserve the right to update this policy to reflect changes in the platform or applicable law. We will notify you of significant changes by email or via a prominent notice on the platform.