Doucik Privacy Policy
Last updated: 5 July 2026
Doucik is an AI maths tutor for children, operated by Vzdělávací centrum Doučse, z.s., registered in the Czech Republic (Korunní 2569/108, 101 00 Prague, company ID 22201581). We are the data controller for the personal data described in this policy. Contact: info@doucse.cz.
This policy is written for parents.
1. Who uses Doucik
Accounts are created and managed by a parent or legal guardian (the account holder). Children use Doucik only through a child profile created by their parent. We do not knowingly allow children to create their own accounts. Payment, settings, data requests and deletion are controlled by the parent.
2. What data we collect
From the parent (account holder):
- name and email address (account, receipts, notifications)
- subscription and payment status — payments are processed by our merchant of record; we do not store card numbers
- settings you choose (lesson limits, PIN, notification preferences)
About the child (entered by the parent):
- first name or nickname (so the tutor can address the child)
- school year group (to adapt the difficulty)
Created during lessons:
- chat messages between the child and the tutor
- whiteboard content, including snapshots of the child's writing
- optional photos of homework problems the child uploads
- lesson metadata (topic, duration, progress notes the tutor keeps to personalise future lessons)
- safety events: if the child writes something suggesting they may be at risk (e.g. self-harm), we record the event and notify the parent by email (see section 6)
Technical data: IP address, device/browser type, and essential cookies needed to keep the child logged in securely. We do not use advertising cookies or third-party tracking inside the app. Optional analytics on our public website run only with your consent.
3. What we use the data for
We use the data to provide and personalise tutoring lessons (performance of contract), to show parents lesson summaries and progress, for safety monitoring and crisis notification (vital and legitimate interests — protecting the child), for billing and account emails (contract; legal obligation), for service emails such as the weekly report (legitimate interests; you can opt out), and for improving the service using aggregated, de-identified statistics. Marketing is only ever sent to parents with consent — never to children.
In line with the ICO Children's Code, we act in the best interests of the child: we collect the minimum data needed to teach, we do not profile children for advertising, we never sell personal data, and we never show advertising inside the app.
4. AI processing
Lessons are powered by large language models. To run a lesson, the conversation content (child's messages, whiteboard snapshots) is sent to our AI providers under data-processing agreements: Anthropic (tutoring model), OpenAI (automated safety filter), Microsoft Azure (voice output) and ElevenLabs (premium voice). Our agreements with these providers do not permit them to use our users' data to train their models.
The tutor is an AI and can make mistakes. It is a learning aid, not a replacement for school or professional advice.
5. Where the data lives
Account and lesson data are stored with Supabase in the United Kingdom (London region). Some AI providers process data in the United States; these transfers are covered by the UK Addendum to the EU Standard Contractual Clauses or the UK–US Data Bridge, as applicable.
6. Safety notifications
If our safety systems detect that the child may be at risk (for example messages about self-harm), the tutor responds supportively and signposts Childline (0800 1111), and we send an email alert to the parent. These events are stored so parents can review them. This is a core safety feature and cannot be switched off. Children are told transparently inside the app that parents can see lesson summaries and safety alerts.
7. How long we keep data
- Lesson content and progress: while the child profile is active
- After your subscription ends: 90 days, then deleted or anonymised
- Safety events: 12 months, for the parent's review
- Billing records: as required by law (typically 6+ years for tax)
- Deleted account: personal data erased within 30 days, except where law requires retention
8. Your rights
Parents can, at any time: access the child's data, export lesson history, correct data, delete the child profile or the whole account, object to processing, or withdraw consent — from account settings or by emailing info@doucse.cz. We respond within one month. You can complain to the ICO (ico.org.uk) or the Czech DPA (uoou.gov.cz).
Children can ask us questions about their data at any time through the in-app help; where a child exercises rights, we involve the parent as account holder.
9. Changes
We will notify parents by email of material changes before they take effect.