QuantCore Learning Hub
Privacy Policy
Last Updated: April 28, 2026 · Effective: April 28, 2026
The short version: QuantCore.AI sells the Learning Hub to K–12 schools and to individual learners across the United States. We collect the minimum data needed to teach financial literacy. We never sell student data. We never use student data for advertising or to train AI models. Schools control student data; we act as their service provider under federal and state student-privacy laws.
This Privacy Policy explains how QuantCore.AI (“we,” “our,” “us”) collects, uses, shares, and protects information when you use the QuantCore Learning Hub (the “Learning Hub”) at qntcore.ai. It applies to learners, parents, teachers, schools, districts, and visitors.
1. Our Commitment to Comply With All Applicable Privacy Laws
We comply with all federal and state privacy laws applicable to our users and our schools. This includes, without limitation:
- The Children’s Online Privacy Protection Act (COPPA) and its implementing regulations
- The Family Educational Rights and Privacy Act (FERPA) and its implementing regulations
- The Federal Trade Commission Act and FTC enforcement guidance
- All state student-data privacy laws applicable to our schools — including, by way of example, New York Education Law § 2-d, California’s Student Online Personal Information Protection Act (SOPIPA), Connecticut’s student data privacy law, and similar statutes in every state where our schools are located
- All state consumer privacy laws applicable to our users — including, by way of example, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the consumer privacy laws of all other states with applicable laws in effect
- All state data-breach notification laws
How we handle differences between state laws: Where state laws differ, we apply the strictest applicable standard to all users and student data, regardless of where the user is located. We update our practices automatically as new state laws take effect, without requiring you to read a new version of this Policy.
This means: if your state passes a new student-privacy law tomorrow, we comply with it without needing to revise this Privacy Policy. We track applicable laws continuously and apply the strictest applicable standard everywhere.
2. Two Account Types: Different Privacy Rules
2.1 School-Managed Accounts
When a K–12 school or district licenses the Learning Hub, all student data collected through that license is governed by:
- This Privacy Policy
- The Data Privacy Agreement (DPA) between us and the school
- FERPA, COPPA, and all applicable state student-privacy laws
In case of conflict between this Policy and the DPA, the DPA controls for student data.
2.2 Direct Consumer Accounts
When an adult or consenting teen signs up directly at qntcore.ai, the account is governed by this Privacy Policy and our Terms of Use.
3. Our Role: We Are Your Service Provider
3.1 Under FERPA
When schools use the Learning Hub, we act as a “school official” with a legitimate educational interest under 34 C.F.R. § 99.31(a)(1). Education records remain under the school’s direct control. We use student data only for the educational purposes the school has authorized and we are subject to FERPA’s redisclosure restrictions.
3.2 Under State Student-Privacy Laws
When schools use the Learning Hub, we act as the equivalent designated entity (e.g., “third-party contractor,” “operator,” “service provider,” or “school service provider”) under all applicable state student-privacy laws. We comply with each state’s notice, security, breach-notification, parental-rights, and data-return requirements, applying the strictest applicable standard.
3.3 Under COPPA
Where students under 13 access the Learning Hub through a school account, the school provides consent on behalf of parents under the Federal Trade Commission’s school-authorization doctrine. The school’s consent is limited to the educational use of the Learning Hub. Parents may withdraw consent through the school at any time. We do not collect personal information from children under 13 outside the school context.
3.4 Under State Consumer Privacy Laws
Under state consumer privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and similar laws as they take effect), we are a “service provider” or “processor” when handling school data. We do not retain, use, or disclose personal information for any purpose other than the contracted service.
4. Information We Collect
We collect only what is necessary to operate the Learning Hub safely and effectively.
| Category | Examples | Why We Use It |
|---|---|---|
| Account information | Name, email, age range, password, school name, grade level, teacher name (school accounts) | To create and secure accounts; to provide age-appropriate, grade-aligned content |
| Learning activity (student data) | Lessons completed, quiz scores, simulation results, time on task, progress badges | To deliver lessons, track student progress, and report results to teachers and the school |
| Device and technical data | IP address, browser type, OS, device identifiers, log data | To operate, secure, and improve the platform; to detect fraud or abuse |
| Payment information | School billing contact (school accounts); billing name and payment tokens (consumer accounts only) | To process payments through our payment processor |
| Communications | Messages to support, survey responses | To respond to you and improve our services |
| Cookies and similar technologies | Strictly necessary cookies, privacy-preserving analytics | To remember your settings and measure aggregate usage |
5. How We Use Information
We use information to:
- Provide and operate the Learning Hub (deliver lessons, track progress, save work).
- Personalize learning paths based on grade level, progress, and goals.
- Communicate with users, schools, and parents about accounts, security alerts, and important updates.
- Process payments and manage subscriptions and licenses.
- Improve the Learning Hub through aggregated, de-identified analytics.
- Detect, prevent, and respond to fraud, abuse, security incidents, and legal violations.
- Comply with legal obligations and enforce our Terms of Use.
6. How We Share Information
We share information only in the limited situations below:
6.1 With the School (school accounts)
Student data is shared with the authorized educators, administrators, and parents at the school that licenses the Learning Hub for that student.
6.2 Service Providers / Sub-processors
We use vetted vendors to host the platform, process payments, send email, and provide privacy-preserving analytics. Each is contractually bound to the same confidentiality, security, and use restrictions that apply to us. A current list of sub-processors is at qntcore.ai/subprocessors and is updated whenever sub-processors change.
6.3 Legal Requirements
We may disclose information if required by law, subpoena, or valid court order. We will give the school or affected user advance notice where legally permitted, allowing time to seek a protective order.
6.4 Safety and Rights Protection
We may disclose information when we believe in good faith it is necessary to protect the safety of any person, prevent fraud or abuse, or enforce our Terms.
6.5 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, information may be transferred. We will notify schools and users, and any successor will be bound by this Privacy Policy and existing DPAs.
6.6 No Other Sharing
We do not share or sell student data for advertising, marketing, or any commercial purpose unrelated to the contracted educational service.
7. How We Protect Information
We use industry-standard administrative, technical, and physical safeguards aligned with the NIST Cybersecurity Framework. Our specific commitments:
| Practice | How We Implement It |
|---|---|
| Written security plan | Maintained and updated annually, aligned with the NIST Cybersecurity Framework. Provided to schools upon request and summarized in our DPA. |
| Encryption | All personal information is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). All backups are encrypted. |
| Use limitation | Personal information is used only for the purposes described in this Policy and (for student data) authorized by the school. We do not use student data for advertising, marketing, or to train AI models. |
| No sale of personal information | We do not sell personal information — ever. This includes the broad statutory definition of "sale" used in California and other state privacy laws. |
| Sub-processor controls | All sub-processors are contractually bound to the same confidentiality, security, and use restrictions. A current list is published at qntcore.ai/subprocessors. |
| Breach notification | We notify affected schools, users, and regulators of any unauthorized release of personal information without unreasonable delay, consistent with the strictest applicable timeline (which in some states is as short as 7 calendar days). |
| Data return / destruction | Upon contract termination, student personal information is returned to the school or securely destroyed within 60 days, with written confirmation upon request. |
| Independent audits | We undergo annual independent security review (SOC 2 Type II in progress). |
In the event of a breach affecting personal information, we will notify affected schools, users, and regulators consistent with all applicable breach-notification laws, applying the strictest applicable timeline.
8. How Long We Keep Information
- Direct consumer accounts: while active, plus up to 12 months after deletion for legal and recovery purposes.
- School-managed accounts: as set forth in the school’s Data Privacy Agreement. By default, student data is returned to the school or securely destroyed within 60 days of contract termination.
- Payment records: as required by tax and accounting law (typically 7 years).
- Backup copies: rotated out within 90 days.
After these periods, we delete or de-identify the information.
9. Parental Rights
Parents and guardians of students under 18 may, at any time, exercise the rights granted by COPPA, FERPA, and applicable state law, including:
- Reviewing the personal information we have collected from their child.
- Requesting that we delete their child’s personal information.
- Refusing to permit further collection or use of their child’s personal information.
- Filing a complaint with their school, the school district, their state’s department of education or chief privacy officer, or the Federal Trade Commission.
For school-managed accounts, parents should first contact their school, which will route the request to us under our Data Privacy Agreement. Parents may also contact us directly at info@qntcore.ai with the subject “Parental Request.”
10. Privacy Rights for State Residents
Residents of every state with applicable privacy laws have the rights below regarding their personal information. The specific rights you have depend on your state of residence; we honor the strictest applicable standard:
| Right | What It Means |
|---|---|
| Right to know / access | Request a copy of personal information we have about you and information about how we use and share it. |
| Right to delete | Ask us to delete personal information we hold about you, subject to legal exceptions. |
| Right to correct | Ask us to correct inaccurate personal information. |
| Right to opt out | Opt out of any sharing for cross-context behavioral advertising. (We don’t do this, but the right exists.) |
| Right to limit | Limit our use of "sensitive" personal information. |
| Right to portability | Receive your personal information in a portable, machine-readable format. |
| Right to non-discrimination | We won’t deny service or change pricing because you exercise your privacy rights. |
| Right to appeal | Appeal a denial of a privacy request (where state law provides this right). |
| Right to opt out of automated decision-making | Opt out of any solely automated decision-making with legal or similarly significant effects (where state law provides this right). |
To exercise these rights, email info@qntcore.ai with the subject “Privacy Request.” We will respond within the time required by your state’s law (45 days or less, generally) and may need to verify your identity. Authorized agents may submit requests with proof of authorization. We honor Global Privacy Control (GPC) signals as a valid opt-out request.
11. Cookies & Similar Technologies
- Strictly necessary cookies to keep you signed in and remember preferences.
- Privacy-preserving analytics to understand aggregate usage (no cross-site tracking, no advertising profiles).
We do not use third-party advertising cookies on the Learning Hub. We do not allow ad networks or trackers in school-account environments. You can manage cookies in your browser; some functions may be limited if disabled.
12. International Users
The Learning Hub is hosted and operated in the United States and is intended for users located in the United States. Information is processed in the U.S. and may not be subject to the same privacy protections as your home country. If you access the Learning Hub from outside the U.S., you do so voluntarily and consent to the transfer and processing of your information in the U.S.
13. Do Not Track
Some browsers offer a “Do Not Track” (DNT) signal. There is no industry standard for responding to DNT, so we do not currently respond to it. We honor Global Privacy Control (GPC) signals and otherwise minimize tracking by design.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify users by email and post a prominent notice in the Learning Hub at least 14 days before the changes take effect. For school-managed accounts, we will also notify the school’s designated administrator. The “Last Updated” date at the top reflects the most recent version. Routine updates to comply with newly enacted state laws do not require revision of this Policy because we have already committed to apply the strictest applicable standard.
15. Contact Us
Privacy questions, requests, or concerns? Reach us at:
- Email: info@qntcore.ai (or privacy@qntcore.ai)
- School privacy contact: Designated under our DPA with each school
- Subject lines: "Privacy Request," "Parental Request," "Child Account Deletion," or "Data Breach Inquiry" as applicable
- Website: qntcore.ai
If you are not satisfied with our response, you may file a complaint with:
- Federal Trade Commission — ftc.gov
- Your state Attorney General
- Your state department of education or chief privacy officer (for school-related concerns)