Critikid Logo

Privacy Policy

Last updated: April 13, 2026

This Privacy Policy explains how Stephanie Yvonne Simoes, IE (doing business as “Critikid”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use our websites, products, and services.

This Privacy Policy is intended to help you understand our privacy practices and your choices when using our Services.

1. Information We Collect

Information you provide directly

  • Contact details (name, email).

  • Access and login information: Access works differently depending on how our Services are used. For the “For Schools” platform, teachers log in with their email address, but students do not create accounts and do not enter email addresses. Students access assigned content through a class code or link. For courses outside the “For Schools” platform, users access course materials by email (via one-time passcode or Google login). Parents may choose to use their own email address or their child’s email address for this purpose. We do not use password-based login for Critikid accounts.

  • Purchases: We use Paddle, Inc. as our merchant of record. We do not see or store your full card details.

  • Communications: Messages you send us (support requests, testimonials).

Information related to “For Schools” subscription

We collect and process information needed to provide the school subscription and classroom features, such as:

  • Teacher or administrator email addresses.

  • Classroom information created by teachers.

  • Student names entered in the classroom.

  • Lesson progress data, such as whether a student has started or completed a lesson.

  • Quiz scores and written responses submitted through classroom activities.

We collect only the information reasonably necessary to provide, maintain, and improve the educational service.

For student information collected through the “For Schools” platform, we use student personal information only to provide and support the educational services requested by the school, teacher, or educational organization. We do not use student personal information for targeted advertising, behavioral profiling, or unrelated commercial purposes.

We may use de-identified or aggregated information to maintain, analyze, and improve our Services, provided it cannot reasonably be used to identify a student.

School authorization and student privacy requests

When Critikid is used through a school, teacher, or educational organization, we may rely on the school or educational organization to authorize our collection and use of student personal information under COPPA where permitted by law. In that context, we collect and use student personal information only for the educational purpose authorized by the school or educational organization and not for unrelated commercial purposes.

Upon request from the school or educational organization, we will provide a description of the types of student personal information we collect, give the school or educational organization a way to review student personal information, delete student personal information, and prevent further use or online collection of student personal information, subject to legal, security, and operational requirements.

Parents or guardians who want to review, correct, or delete student information collected through a school account may contact the school or educational organization, or contact us at privacy@critikid.com. We may need to verify the request, including by working with the school or educational organization, before disclosing, changing, or deleting student information.

Information collected automatically

  • Device, usage, and technical data (such as browser type, device type, pages visited, time spent, referring URL, approximate location, IP address, performance data, error data, and request metadata as needed for security, analytics, debugging, and service operation).

  • Cookies and similar technologies (see Section 3).

Information from service providers

  • Payment status and fraud-prevention signals from Paddle.

  • Analytics data collected through our self-hosted Umami installation (see Section 3).

  • Cloudflare analytics, security, and network performance data (see Section 3).

  • Error monitoring and performance data collected through Sentry (see Section 3).

  • Advertising performance metrics from the Meta pixel (see Section 3).

2. How We Use Information

We use personal information to:

  • operate and improve our website;

  • monitor performance and fix bugs;

  • deliver purchased products and free resources;

  • provide customer support;

  • send administrative emails (e.g., invoices);

  • send newsletters and educational emails you subscribe to;

  • personalize and measure marketing and deliver targeted advertising (see Section 3);

  • set up and administer teacher and classroom access;

  • allow students to join classrooms;

  • display student progress, quiz scores, and written responses to authorized teachers;

  • detect, prevent, and address fraud or abuse;

  • comply with legal obligations.

Where GDPR or UK GDPR applies, we rely on one or more lawful bases for processing personal data, depending on the purpose of the processing. These may include:

  • To provide the services you purchase or request, including courses and school subscriptions.

  • Your consent, for example for marketing emails or non-essential cookies and pixels where required.

  • Our legitimate interests, such as improving the site, understanding how it is used, keeping it secure, and preventing fraud, so long as those interests are not overridden by your rights.

  • Compliance with legal obligations, such as tax, accounting, and regulatory requirements.

3. Cookies, Pixels, and Analytics

We use cookies and similar technologies, including local storage, pixels, and analytics beacons, for site operation, security, debugging, performance, payments, split testing, remembering preferences, and marketing.

Essential technologies and privacy-focused analytics

Some technologies are part of running Critikid and are always active. These include technologies used to deliver pages, keep the service secure, prevent fraud, measure site performance, debug issues, understand aggregate usage, and maintain consistent site behavior.

These always-active technologies include our self-hosted Umami analytics, Cloudflare network and analytics services, and Sentry error monitoring and performance tracing. We use them for internal operations, service improvement, security, and troubleshooting, not to build advertising profiles for students or to target advertising in school or student-facing areas.

Optional preferences and marketing

Our Cookie Notice lets you accept all, deny, or choose among optional preferences and marketing technologies. We store these choices in your browser so the site can remember them.

The preferences category may be used to remember details that make sign-in or checkout easier, such as discount codes or Paddle customer details. The marketing category is used for advertising pixels.

Meta Pixel

We use the Meta (Facebook/Instagram) pixel to understand how visitors use our site and to show relevant ads on Meta platforms. The pixel may collect information about your device, pages visited, and actions like purchases. Meta may combine this with other data they hold.

We do not load the Meta pixel unless marketing consent has been granted. We do not use the Meta pixel on classroom-only or student-facing areas of the For Schools platform, including /join, /classrooms, /my-classrooms, and /my-school routes.

You can opt out of Meta personalized ads via Meta’s Ad Preferences.

Analytics (Umami)

We use a self-hosted installation of Umami to collect information about website usage, such as which pages are visited and how visitors interact with the site. We also send custom events to Umami, such as course interactions, lesson and quiz navigation, form events, paywall and purchase-flow events, discount banner events, split-test views, and similar product usage events.

Because Umami is self-hosted on Critikid’s own servers, this analytics data is not sent to Umami’s servers. Our Umami setup does not use tracking cookies or identify individual visitors. We use Umami for internal analytics, product improvement, and troubleshooting. Umami event data may include limited context about how a visit or interaction reached the site, such as UTM parameters, normalized referrer information, or split-test variant labels.

Cloudflare Web Analytics and network services

We use Cloudflare for website delivery, security, performance, and analytics. Cloudflare may process technical information such as IP address, browser and device information, URLs visited, referrer, approximate location, request headers, server timing data, performance data, and security-related events.

We also use Cloudflare Web Analytics, which loads a beacon script from static.cloudflareinsights.com, to understand aggregate website traffic and performance.

Sentry error monitoring and performance tracing

We use Sentry to monitor errors, debug issues, and measure site performance. Sentry may receive information such as error messages, stack traces, URLs or routes, browser and device information, request context, trace identifiers, release/environment information, and related diagnostic metadata.

Split testing

We may use split testing to compare different versions of pages or features. For example, the homepage may set a splitTestIdentifier cookie to assign a visitor to a version and keep that assignment consistent. This cookie may last for about one year. We may include the split-test variant in analytics events so we can understand which version performs better.

Checkout attribution

When you start a Paddle checkout, we may send attribution and context data to Paddle as checkout metadata. This may include UTM parameters, ref, z, normalized referrer information, inferred ad source from parameters such as fbclid, gclid, or twclid, split-test variant labels, and the feature or product area that opened checkout. We use this to understand purchase attribution and improve checkout.

Your choices

  • Manage cookies in your browser settings.

  • Use our Cookie Notice (linked in the footer) to manage optional preferences and marketing technologies.

  • Use advertising platform opt-outs (Meta and YourAdChoices).

4. When We Share Information

We do not sell personal information for money. We share only as necessary:

  • Service providers (hosting, database and authentication infrastructure, CDN, security, error monitoring, email delivery, analytics-related infrastructure, advertising, payments).

  • Business transfers (e.g., sale or merger of our business).

  • Legal/safety (to comply with law or protect rights/safety).

  • Teachers and schools: If Critikid is used through a “For Schools” subscription, relevant classroom information will be made available to the teacher(s), school administrator(s), or other authorized personnel responsible for managing the subscription or classroom. This includes student names, lesson progress, quiz scores, and written responses.

For student personal information, we take reasonable steps to use service providers that are capable of maintaining the confidentiality, security, and integrity of the information and to require appropriate confidentiality and security commitments from them.

Note: Under some US state privacy laws, use of advertising pixels may be considered a “sale” or “sharing” for targeted advertising. See Section 7 for privacy choices and opt-out rights.

5. International Data Transfers

Our website is hosted in Germany. Some providers we use, such as Paddle, Cloudflare, Sentry, Meta, email providers, and other infrastructure providers, may process data outside the EU. Where required, we rely on appropriate safeguards or transfer mechanisms provided under applicable data protection law.

6. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required for legal, tax, accounting, security, or fraud-prevention reasons.

  • Account and access information is kept while the account or access relationship remains active, and for a reasonable period afterward to support account recovery, customer support, security, and legal obligations.

  • Purchase and transaction records are kept as needed for tax, accounting, refund, fraud-prevention, and legal recordkeeping obligations.

  • Marketing email information is kept until you unsubscribe or ask us to delete it. We may keep limited suppression records so we do not email you again.

  • For Schools student information, including student names, classroom participation, lesson progress, quiz scores, and written responses, is kept to provide classroom access, show student progress to authorized teachers, support the school subscription, maintain security, and respond to school or parent requests. We keep this information while the relevant school, classroom, or access relationship remains active, unless the school requests deletion earlier or a longer period is legally required. After the relationship ends, we delete or de-identify student personal information within a reasonable period, subject to backup, security, legal, and dispute-resolution needs.

  • Support and communications are kept as long as needed to respond, maintain business records, and resolve disputes.

Analytics, CDN/security, error monitoring, and diagnostic logs may be retained for shorter operational periods according to our needs and the retention settings of the relevant service providers.

7. Your Rights

Depending on your location, you may have rights including access to your personal data, correction of inaccurate data, deletion of data, restriction or objection to processing, data portability, and withdrawal of consent where processing is based on consent. You may also have the right to complain to your local data protection authority.

US state privacy choices

Where required by US state privacy laws, including California, you may have the right to opt out of the “sale” or “sharing” of personal information or the use of personal information for targeted advertising. Critikid does not sell personal information for money, but our use of advertising pixels on non-student pages may be considered a “sale,” “sharing,” or targeted advertising under some laws.

You can exercise this choice through our Cookie Notice linked in the footer by selecting Deny or by turning off Marketing technologies. We also honor Global Privacy Control (GPC) signals where legally required. When GPC is detected, or when marketing consent has not been granted, we do not load the Meta pixel.

We do not use the Meta pixel on classroom-only or student-facing areas of the For Schools platform, and we do not knowingly sell or share personal information of children under 16.

8. Children’s Privacy

Our services are intended for parents, homeschoolers, teachers, schools, and students using Critikid under the supervision of a parent, teacher, or school.

We do not knowingly collect personal data directly from children under 13 without appropriate authorization.

On the “For Schools” platform, students do not create accounts and do not provide email addresses. Limited student information may be provided or managed by teachers, schools, or other educational organizations so that students can join classes, access assigned content, submit written responses, complete quizzes, and allow teachers to monitor progress.

Where a school or educational organization authorizes student use, we support the school’s ability to review and request deletion of student personal information and to prevent further use or collection, as described above.

For courses outside the “For Schools” platform, a parent may choose to register with their own email address or their child’s email address to access learning content. By doing so, you consent to that use.

If you believe we collected a child’s data without appropriate authorization, contact us to delete it.

9. Marketing Choices

  • Emails: Unsubscribe anytime via the link in our emails or by contacting us.

  • Cookies & pixels: Manage in your browser, via our Cookie Notice, or through ad platform preferences.

10. Do Not Track

We do not currently respond to browser “Do Not Track” signals, but we honor Global Privacy Control (GPC) where legally required.

11. Changes to This Policy

We may update this policy from time to time. The “Last updated” date shows when it was last revised.

12. Contact Us

Controller: Stephanie Yvonne Simoes, IE (dba Critikid)
Email: privacy@critikid.com
Postal: Tbilisi, Georgia