Effective Date: November 1, 2025
Website: ThistlevaleAcademy.com
Owner: Jessica Crago
Hosting Platform: Content Creator Machine (CC Machine)

1. Purpose of This Policy

This Privacy Policy explains how we collect, use, disclose, and protect personal information on the Site—a fantasy-based educational and community platform for children and families.
“Site” refers to the website and any associated mobile apps or online services operated by us.
“We,” “us,” and “our” refer to Thistlevale Academy.
“Personal information” means any data that can identify a specific individual, such as an email address or IP address, as defined under the Children’s Online Privacy Protection Act (COPPA).

Because the Site is designed to include users under the age of 13, we comply with COPPA and other applicable privacy standards, including those for international users where relevant (e.g., the UK's Age-Appropriate Design Code under GDPR).

2. Information We Collect

We collect only what’s necessary to operate the Site, provide services, and maintain safety.
All collection from children under 13 requires verifiable parental consent upfront. This may include:

-Account Information: Character name (alias), e-mail address including parent or guardian email address, password.

-Parental/Guardian Contact Information: For consent, communications, and oversight.

-Activity Data: Course/lesson progress, participation in community events and group chats, timestamps, IP address, device/browser data for security and performance.
We do not derive or collect geolocation data.

-Payment & Purchase Details: If you purchase digital products, the transaction is handled via the platform/processor (e.g., Stripe, Square); we do not retain full payment card details ourselves.

-Technical/Usage Data: Cookies, browser/device identifiers, usage logs, for analytics and site optimization.

We do not knowingly collect or request users’ real full names, home address, school name, phone number, social security number, or other highly sensitive identifying information from children without verified parental consent.

We prioritize “privacy by design,” ensuring no data is collected from children without parental involvement.

3. How We Use the Information

We use collected information for purposes such as:

-Creating and managing user accounts and parental consent verification.

-Delivering course content, digital products, and community features through the Site hosted on CC Machine.

-Moderating user activity, chats, events, and ensuring a safe environment for children and all members.

-Sending notifications, updates, parental communications, event invitations, and important safety or policy notices.

-Processing digital purchases and granting access to purchased content.

-Improving site performance, diagnosing problems, optimizing features, and customizing user experience.
We may anonymize usage data for internal improvements, ensuring it no longer identifies individuals.

-Ensuring security, preventing fraud or misuse, and complying with legal obligations, such as responding to valid law enforcement requests (limited to what's required) or COPPA audits.

We will not sell or rent personal information to third parties.

4. Parental Consent and Control

Because our Site is used by children, we require verified parental or guardian consent before granting full access to the Site’s membership, community, and course features.
We use COPPA-compliant methods for verification, such as email-plus (e.g., confirmation via a $0.00 credit card charge or video call) or signed forms.

Parents or guardians may at any time:

-Review the personal information we have about their child or dependent via a dedicated parent portal [link to portal].

-Request deletion of their child’s account or associated data.

-Withdraw consent for further data collection or participation by contacting us at [[email protected]].

We follow procedures compliant with COPPA for parental access, review, correction, and deletion of child-personal data.

We will respond to such requests within 10 business days. For instructions on exercising these rights, visit our parent dashboard or email us.

5. Community Safety, Character Names & Privacy Rules

To protect privacy and maintain a safe environment:

-All users must choose and use a character name or alias—real names are discouraged or prohibited in public profiles, community chats, event forums.

-Personal identifying details such as full legal name, photo of face, home address, phone number, school or location must not be publicly shared or posted.

-Private messaging between members is disabled to ensure child safety.

-Group chats, forums, and events on the Site (hosted via CC Machine) are moderated in real time where possible (by human or AI moderators); activity may be recorded for safety and audit purposes, with violations logged for parental reporting.

-Any content posted that violates these privacy rules may be edited, removed, or the user may be suspended.

Users can report violations via the in-Site reporting button or by emailing [[email protected]].

6. Disclosures for Safety and Legal Compliance

We are committed to protecting the safety and well-being of our community, particularly children and families. In limited circumstances, we may share your personal information (or that of your child) with third parties to prevent harm, ensure compliance with the law, or respond to safety concerns. This includes:

Notifications to Parents or Guardians: If a report involves a child under 13 (or as required by applicable laws like COPPA), we may notify the account's verified parent or guardian with limited details about the incident to facilitate resolution and support.

Reporting to Authorities: In cases of serious violations (e.g., potential child exploitation, threats of harm, or illegal activity), we will share relevant information—such as usernames, incident descriptions, and timestamps—with law enforcement or child protection agencies as legally required or permitted.

We only disclose the minimum information necessary and never for marketing or unrelated purposes. These disclosures are governed by strict legal standards, and we do not sell your data. For more on our commitment to child safety, see our Terms and Conditions and Community Guidelines.

If you have questions about a specific disclosure, contact us at [email protected].

8. Data Security and Retention

-We employ administrative, technical, and physical safeguards to protect personal information, such as password protection, restricted access, encryption where appropriate.
We regularly purge unnecessary data to minimize risks.

-Only authorized staff and trusted vendors (including CC Machine service providers) have access to personal data under strict confidentiality obligations.

-We retain personal information as long as needed for specific purposes:
Account data for the duration of membership + 1 year for safety records; activity logs for 90 days unless needed for disputes or compliance.
After accounts are deleted, associated data will be removed from active systems within 30 days unless required to be retained for legal reasons.

-If we become aware of a data breach where user personal information may have been compromised, we will notify affected users and their guardians via email within 30 days, per applicable laws and CC Machine policies.

9. Your Rights

Parents/guardians and users have the following rights (as applicable by law and age):

-Children under 13: Rights (access, review, correction, deletion, withdrawal of consent) exercised via parents/guardians.

-Users 13 and older: Direct exercise of applicable rights, including access, review, and request correction of personal information.

-Request deletion of account and associated personal information.

-Withdraw consent for ongoing processing of child-personal data.

-Contact us to ask how we handle your data or to raise a privacy concern.
If applicable (e.g., for EU users), this includes rights like data portability under GDPR.

To exercise these rights, email [email protected].

10. Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in law, technology, platform (CC Machine) features, or our practices.

When we make significant changes—especially those expanding data collection—we will update the “Effective Date,” post the new version on this page, and email parents of active child accounts.

For such changes affecting children, we will seek renewed parental approval.
Continued use of the Site after such updates constitutes acceptance of the revised policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or data we hold about your child or you, please contact us at:
Email: [email protected]