Privacy Policy
Effective date: 2026-06-20
Stroke Dojos ("we", "us", "our") is an educational product for teaching Traditional Chinese handwriting. We respect your privacy and are committed to protecting personal information collected through our website and services.
Information We Collect
- Account and Contact Information: name, email, organization if you sign up for demos or admin access.
- Usage Data: analytics, pages visited, performance logs and anonymous telemetry to improve the product.
- Content You Submit: character data, lesson content, or pasted AI outputs stored as part of lesson configuration in admin tools.
- Worksheet & Course Access Codes: when an admin issues a worksheet (ZW…) or course (CRS…) code, we store the code, optional student name / class / class number, the issuing organisation, the expiry date, and a hashed device identifier for the bound device. The full access code is stored only as a SHA-256 hash; the raw code is never persisted in cleartext.
- Learning Signals: when a learner uses an access code, we log the activity type (watch / write / recognise / etc.), the word or lesson being practised, an optional score (0–100), and the time-on-task in milliseconds. We do not log the strokes themselves.
How We Use Information
We use data to provide and improve our services, respond to support requests, secure admin features, and perform analytics. We do not sell personal data. Specifically, learning signals and access-code usage are aggregated to:
- Help teachers and organisations see which lessons students have practised and at what score.
- Power dashboards such as the adoption funnel, daily active devices, score distribution, time-on-task percentiles, course completion rate, and a practice-heatmap (hour-of-day × weekday).
- Detect operational issues such as failed code validations or device-lockout errors.
Analytics, Time-Series & Logging
Our analytics pipeline is documented in docs/analytics/ANALYTICS_PLAN.md. In summary:
- Events we emit:
worksheet_access_code_validated,worksheet_access_code_joined,worksheet_activity,course_access_code_validated,course_access_code_joined,course_activity,lesson_code_issued,lesson_code_joined,lesson_code_validate_failed,student_update,usage_recorded,worksheet_pdf_exported,admin_login. - Raw events are written to a
raw_eventscollection with a 90-day TTL. - Daily aggregates are computed by a Cloud Scheduler job (cron
0 2 * * *) and kept for 3 years. - Hourly time-series projections are computed by a Cloud Scheduler job (cron
0 * * * *) and kept for 1 year (hourly) / 5 years (daily bucket). - Server logs go to Google Cloud Logging with a shared structured shape (
ts / level / type / orgId / uid / trace / payload). Logs are never correlated to a child's name. - No advertising networks, no third-party tracking pixels, no Facebook or Google Ads tags on the learner app.
Dashboards (admin panel)
Aggregate the events above into the following tiles at /admin/analytics:
- Adoption funnel — codes issued → validated → joined → activity.
- Daily active devices — unique
deviceHashper day, split across worksheets, courses, and lesson joins. - Score distribution histogram (0–100) with drill-down per lesson.
- Time-on-task p50/p90 per activity type.
- Course completion rate (activityCount / lessonCount).
- Practice heatmap (hour-of-day × weekday).
- Quota burn per organization vs allocation.
- Failure log — top error messages in the last 24 hours.
- Per-student follow-up: attempts, accuracy, time-on-task, score timeline.
GDPR / One-shot deletion
On request we run the deleteUserData Cloud Function which deletes every raw_events, daily_aggregates, and timeseries_events document that contains the supplied organizationId or deviceHash. Deletion completes within 30 days.
If your organisation requires a verbose-logging toggle, contact us — admins can disable client console.debug output via the appSettings.verboseLogging flag.
Third-Party Services
We may use third-party services for analytics and AI processing. If you or an admin uses an external AI service, API keys should be kept on a secure server — we do not embed provider keys in public client builds. Consult the admin documentation for recommended server-side proxy setup.
Infrastructure providers we use today: Google Cloud Firestore, Cloud Storage, Cloud Functions, and Cloud Logging (Google LLC). Hosting: Cloudflare Pages for the public website and admin panel.
Children's Data
Our platform is education-focused. We do not knowingly collect personally identifiable information from children under 13 without parental consent. What we do collect for children: a salted SHA-256 hash of the device identifier, the activity type, score (0–100), and time-on-task — all linked to an access code, not to a name. What we do not collect: the child's full name (unless an admin explicitly typed it on the access code form), home address, contact details, photos, or audio.
If you believe we have collected a child's data without consent, contact us to request deletion. We will action deletion within 30 days.
Data Retention & Security
- Raw events: 90 days (TTL).
- Daily aggregates: 3 years.
- Hourly time-series: 1 year; daily buckets: 5 years.
- Access codes (worksheet + course): kept while active, archived on revocation.
- Activity attempts: kept indefinitely; deletable on request.
We take reasonable measures to protect data, including secure hosting, encryption at rest (Firestore + Cloud Storage default), TLS in transit, and access controls for admin features.
Your Rights
You may request access, correction, or deletion of personal data we hold about you by contacting us (see Contact below). We support a one-shot deletion routine that removes every event document whose key chain contains your organizationId or hashed deviceId.
Changes to this Policy
We will update this page whenever the event catalogue, retention windows, or third-party providers change. The effective date at the top of this page always reflects the latest revision. Material changes will be announced in the admin panel at least 14 days before they take effect.
Contact
For privacy requests or questions, email: flezapphk@gmail.com
This policy may be updated — the effective date at the top shows the latest revision.