Privacy Policy
The short version
- • We collect only what we need to run practice and show parents progress.
- • Parents control their child's profile — students don't give us a last name or email.
- • We never sell your data, and card details go straight to Stripe.
- • You can delete your account and all its data at any time.
This summary is for convenience — the full policy below is what governs.
Who we are
claura is an independent SHSAT test-preparation platform. We are not affiliated with, endorsed by, or associated with the New York City Department of Education or any official SHSAT program.
Information we collect
| Data | What & why |
|---|---|
| Parent account | Email address and password (stored only as a bcrypt hash, never as plain text). |
| Student profile | First name, grade, access code, and PIN (bcrypt-hashed). We do notcollect a student's last name or email address. |
| Practice data | Question answers, session timing, and Ask claura (our AI tutor) transcripts — used to power adaptive learning and parent diagnostics. |
| Payment | Processed by Stripe. We store only a Stripe payment intent ID and the purchase amount — never raw card data. |
How we use your data
- To power adaptive question selection and ability estimates.
- To generate parent-facing diagnostics and weekly email digests.
- To provide the AI Socratic tutor (transcripts are retained for 1 year per our data policy).
- To calibrate item difficulty using aggregate (anonymized) response patterns.
Cookies & analytics
We use a small number of essential cookies to keep you signed in and remember preferences like your theme. For product analytics we keep our own anonymous, aggregate usage counts (which pages and features are used) on our own servers — with no personal identifiers and no third-party analytics service. We do not use third-party advertising or cross-site tracking cookies.
COPPA & children
Protecting children under 13
Students under 13 may only create accounts with verifiable parental consent. Parents create and manage their child's profile. We do not knowingly collect personal information from children under 13 without parental consent.
Read our COPPA noticeData sharing
We do not sell personal data. We share data only with: Stripe (payments), Resend (email), and Anthropic (powers Ask claura, via the Claude API — student messages are subject to Anthropic's privacy policy). Product analytics are kept first-party on our own servers, not shared with any analytics provider.
These companies are our service providers: they process data only to operate claura on our behalf, under contract, and never for their own purposes. We never share your or your child's personal information with third parties for their own marketing, advertising, or any other independent use.
Data retention
| Data | Kept for |
|---|---|
| Practice attempt data | Active enrollment, plus 2 years. |
| Ask claura transcripts | 1 year from the date of the conversation. |
| Account data | Until a parent requests deletion. |
| Transaction records | Up to 180 days after account deletion, stripped of personal identifiers, for fraud, tax, and payment-dispute purposes — then permanently deleted. |
Data security
Parents sign in with a one-time code sent to their email — we never store a parent password. Student PINs and one-time sign-in codes are stored only as cryptographic hashes, and all data is encrypted in transit over HTTPS. Access to production data is limited to staff who need it to operate the service. No system is perfectly secure, but if we ever discover a breach affecting your data, we will notify affected parents promptly.
International users
claura is operated from the United States, and our service providers may process data in the U.S. If you access claura from outside the U.S., you consent to processing your information in the U.S., where privacy laws may differ from those in your country.
Your rights
Parents may request deletion of their account and all associated data at any time. The fastest way is in your account settings; you can also email us. The one exception: anonymized transaction records (no name, email, or other identifier — just the payment and amount) are kept briefly after deletion for fraud, tax, and payment-dispute purposes, then permanently deleted (see the retention table above).
Contact
Questions about this policy or your data? Email privacy@claura.app. We aim to respond to privacy requests within 30 days.