JOTHERA — Privacy Policy

Effective date: 10 June 2026 · Data Controller: Josidel Online Business Ventures, Nigeria

JOTHERA is built for children, so privacy is at the heart of everything we do. This policy explains what we collect, why, and your rights — written to satisfy the Nigeria Data Protection Act 2023 (NDPA), the EU/UK GDPR, the US Children's Online Privacy Protection Act (COPPA), and Canada's PIPEDA.

1. Who We Are

The data controller is Josidel Online Business Ventures ("we"), Nigeria. Contact: privacy@jothera.com · WhatsApp +234 811 327 3337.

2. Children's Privacy — Parental Consent First

Children never create their own accounts. A parent or guardian (18+) registers, then creates a child profile. By creating a child profile, the parent gives verifiable consent for us to process the child's limited data described below. Parents can view, edit or delete a child's profile and all its data at any time from the app, or by contacting us. Schools enrolling pupils confirm they hold the necessary parental consents.

3. What We Collect

DataFrom whomWhy
Name, email, phone, password (hashed)Parent / schoolAccount creation, login, support
Child first name, age, grade, avatar, curriculumParentPersonalised lessons & report cards
Learning data: lessons completed, quiz scores, XP, badges, streaksChild's activityProgress tracking, report cards, leaderboard
AI tutor messagesChild / parentTo generate Jota's answers; safety review
Payment confirmation (no card numbers)Payment processorSubscription management
Device/log data (IP, browser, pages)AutomaticSecurity, debugging, performance

We do NOT collect: child surnames (optional), precise location, photos of children, or any data for advertising. We never sell personal data and show no third-party ads to children.

4. Legal Bases (GDPR/NDPA)

Contract (providing the Service you signed up for) · Consent (child profiles, marketing emails — withdraw anytime) · Legitimate interests (security, service improvement) · Legal obligation (tax & accounting records).

5. Where Your Data Lives & International Transfers

Data is stored with vetted processors: Supabase (database & authentication), Vercel (website hosting), Render (application server), Anthropic (AI tutor processing), and our payment processors (e.g. Nomba). These providers may store data in the EU/US under appropriate safeguards (e.g. Standard Contractual Clauses). By using JOTHERA you understand your data may be processed outside your country with these protections in place.

6. AI Tutor Data

Messages sent to Jota are processed to generate replies and are protected by child-safety rules. We do not use children's conversations to train public AI models. Conversations may be reviewed in anonymised form for safety and quality.

7. How Long We Keep Data

Account and learning data: while the account is active and up to 12 months after deletion request completion backups clear. Payment records: 6 years (legal requirement). AI chat logs: up to 12 months. You can request earlier deletion at any time.

8. Your Rights (All Countries)

You (and parents on behalf of children) may: access a copy of your data · correct it · delete it ("right to be forgotten") · restrict or object to processing · port your data · withdraw consent · complain to a regulator. Regulators include: Nigeria — NDPC (ndpc.gov.ng); UK — ICO; EU — your national DPA; Canada — OPC; USA — FTC. We respond within 30 days (or sooner where local law requires).

9. Security

We use HTTPS encryption everywhere, hashed passwords, row-level security on the database (each family can only access its own data), and least-privilege access for administrators. No system is 100% secure; if a breach affects you, we will notify you and the relevant regulator within 72 hours where required.

10. Cookies

We use only essential cookies/local storage for login sessions and preferences. We do not use advertising or cross-site tracking cookies.

11. Schools

For school partnerships, the school acts as the data controller for its pupils and JOTHERA processes pupil data on the school's instructions under our school agreement. Teachers can only see pupils in their own classes.

12. Changes & Contact

We will announce material changes by email or in-app at least 14 days before they take effect. Questions or requests: privacy@jothera.com (data requests) · support@jothera.com (general) · WhatsApp +234 811 327 3337.

⚖️ This policy is a carefully prepared template and not legal advice. Have a qualified data-protection lawyer review it before large-scale school deployments, especially for GDPR-heavy markets.

© 2026 Josidel Online Business Ventures. All rights reserved.