Children’s Privacy Notice
Effective date: May 2026
For parents of children under 18, and especially under 13.
OrderToAI LLC (operating as Diraasa) takes children’s privacy seriously. This Notice explains, in plain language, what we do and do not do with information about your child. It is designed to comply with the United States Children’s Online Privacy Protection Act (COPPA) and to set the standard we apply to every child on the platform regardless of where they live. This Notice is in addition to our main Privacy Policy.
1. Children cannot create their own accounts
Children under 18 cannot create or hold accounts in their own name. A child uses the platform only through a parent or legal guardian’s account. The parent is the contracting party with Diraasa and the parent is in control of the child’s data at all times.
2. What information we collect about a child
| What | Why |
|---|---|
| First name | So the teacher can address the child during class |
| Age | To match age appropriate teachers and apply COPPA protections |
| Gender (optional) | For teacher matching preferences |
| Learning preferences and progress | To deliver and improve classes |
| Class transcripts | For safety, quality, and to share with the parent after each class |
We do not collect a child’s last name (the parent enters their own last name), email or phone, home address, social media handles or third party identifiers, photographs or videos, geolocation, voiceprints or facial biometrics, or behavioral or advertising profile data. We do not run ads and we do not profile children for any purpose.
3. Verifiable Parental Consent (VPC)
For children under 13, COPPA requires us to obtain verifiable parental consent before collecting any personal information about the child. We use one of two FTC approved methods.
Method 1 (default): Credit card verification. When you add a child under 13, we ask Stripe to place a temporary 50 cent authorization on a payment method on file. The authorization is reversed immediately. This confirms you are an adult with a valid card. The card details remain with Stripe; we do not see them.
Method 2 (alternative): Signed consent form. If you do not wish to add a payment method, we email you a signed consent PDF. You print it, sign it, scan it, and email it back. A Diraasa administrator reviews and verifies it within 48 hours. Your child’s profile is created in a “pending consent” state until verification completes.
You can withdraw consent at any time by deleting the child’s profile from your account settings or by emailing info@diraasa.com. We will delete the child’s data within 30 days of withdrawal. Consent is valid for one year. We will email you a reminder 30 days before consent expires.
4. How class data works for children
Every class on Diraasa is audio transcribed (no video is recorded). The transcript is shared with you, the parent, after the class. You can read, download, or delete transcripts at any time from your account. Transcripts are stored for one year and then deleted. The teacher loses access to a transcript 90 days after the class. You retain access for the full year unless you delete the transcript sooner.
5. What teachers see about your child
Teachers see only the child’s first name, age, any learning preferences or progress notes you have shared, and the classes booked with that teacher. Teachers never see your child’s last name, your contact information, your address, your billing information, or any data about other teachers your child has used.
6. Sharing
We do not share children’s personal information with advertisers, data brokers, or any third party except: Stripe (for the VPC payment authorization; Stripe does not learn the child’s name or age); Daily.co (to deliver the classroom video; receives only first name and a session token); Deepgram (to transcribe class audio; does not retain audio under our contract); authorities, when we have a credible safeguarding concern (see the Safeguarding Policy).
7. Your rights as a parent
- Review the personal information we have collected about your child.
- Request that we delete that information at any time.
- Refuse to permit any further collection or use of your child’s information.
- Receive an exportable copy of your child’s data (transcripts, progress notes, profile).
To exercise any of these rights, sign in to your account or email info@diraasa.com. We respond within 14 days. If you disagree with our response, you may file a complaint with the United States Federal Trade Commission at ftc.gov/complaint or with the data protection authority in your country.
8. UK and EU children
Children in the United Kingdom and European Economic Area are protected under the UK GDPR and GDPR. The age below which a child cannot consent on their own to information society services varies by country. On Diraasa, we apply a single rule that exceeds the strictest of these: no child under 18 holds an account, and parental consent is required for any child under 16 in the EEA or UK in addition to the COPPA process for under 13s.
9. Safeguarding
If you ever have a concern about a teacher’s behavior toward your child, contact info@diraasa.com immediately. We respond within four hours and follow the protocol described in the Safeguarding Policy.
10. Contact
Privacy and safeguarding: info@diraasa.com.