QrioCity Privacy Policy

This Privacy Policy explains how QrioCity handles personal information when you visit our website, apply for pilot access, create or manage an account, or use the QrioCity learning service.

QrioCity is designed for children, but children may only use it when a parent, legal guardian, or authorised school has approved that use. In this policy, parent also means a legal guardian where the context allows.

If a school or organisation uses QrioCity under a separate written agreement, that agreement may include additional privacy and data handling terms for that organisation.

Adult account information: name, email address, authentication details, family or school role, support messages, billing details if paid plans are introduced, and consent or account settings.

Child profile information: a child's first name or nickname, age or age band, avatar choice, timezone, profile settings, optional PIN status, usage limits, and parent-approved preferences.

Learning session information: questions, prompts, child drafts, AI responses, conversation context, child-visible recent chats where enabled, topic summaries, guide mode events, usage information, safety categories, and safety review records where needed.

Technical information: device, browser, IP address, approximate region, timestamps, error reports, security events, and service logs. Normal operational logs should not include raw child message content.

Website information: pages visited and basic analytics if we use privacy-preserving analytics. We do not need advertising pixels or retargeting trackers for the child-facing product.

We do not want children to share home addresses, phone numbers, passwords, school details, private family information, or other sensitive personal details unless a parent, guardian, or school has specifically told them it is safe and necessary.

The MVP is text-only. QrioCity should not collect child photos, voice recordings, uploaded identity documents, precise location, or open-ended media prompts unless a later feature and updated policy specifically explain that collection.

We do not sell child personal information and do not use child information for advertising profiles.

We use personal information to provide QrioCity, create and manage accounts, personalise age-aware learning, run child profiles, maintain session boundaries, apply usage limits, and provide parent or school controls.

We use learning session information to generate AI responses, support guide mode, create parent summaries, detect safety risks, investigate misuse, troubleshoot the service, and improve reliability and safety.

We may use adult contact details to send service messages, pilot updates, safety notices, billing messages, support replies, and important changes to this policy or our terms.

We may use de-identified or aggregated information to understand product quality, safety performance, cost, reliability, and common learning topics. We should not use identifiable child examples in public marketing or case studies without explicit permission.

QrioCity uses artificial intelligence systems, including large language models provided by third parties, to generate responses and support safety checks. This means prompts, conversation context, and safety-related information may be sent to AI providers so the service can work.

AI processing may happen outside New Zealand or Australia, depending on the provider and route used. For the family pilot, the expected default is direct LLM provider processing. For future school contracts, QrioCity may offer regional provider routing where required and technically available.

Before live child use, QrioCity will be configured so AI provider and logging settings are intended to prevent child content being used for advertising, avoid unnecessary retention, and use appropriate contractual or platform controls where available.

Automated systems help classify safety risks, assignment-completion attempts, and response quality. Important safety decisions may involve human review where needed.

QrioCity is designed to give parents useful insight without default transcript surveillance. Parent views may show topics explored, time or usage patterns, guide mode moments, bonus controls, and safety alerts.

Children may be able to see and continue their own recent chats where the product enables that feature. That does not mean parents automatically see every full chat by default.

Full transcript access may be available through an explicit request, a safety-triggered review, a school or legal process, or another clearly stated workflow. We will consider child privacy, age, maturity, safety, identity verification, and applicable law before providing access.

We may share information with service providers that help us operate QrioCity, such as hosting, database, authentication, email, payment, analytics, support, error monitoring, and AI model providers.

If a school provides access, we may share appropriate account, usage, safety, and administration information with authorised school staff according to the school agreement and applicable law.

We may share information where we reasonably believe it is necessary to protect a child or another person, respond to a serious safety concern, investigate misuse, comply with the law, enforce our terms, or respond to a valid request from an authorised agency.

If the business is restructured, sold, or transferred, personal information may be transferred as part of that process, subject to appropriate confidentiality and privacy protections.

QrioCity is being designed for New Zealand and Australian families first. The intended production architecture is to keep the main database and API in the Australia region where practical.

Some providers, including AI model providers, authentication, email, payment, or support services, may process information in other countries. Before live child use, we should confirm the provider list, locations, and safeguards.

Where New Zealand privacy law applies, we will take reasonable steps required for overseas disclosure of personal information, such as using providers with comparable safeguards, contractual protections, or informed authorisation where needed.

We use technical and organisational safeguards intended to protect personal information, including access controls, authentication, encryption in transit, role-based access, safe logging practices, and audit records for sensitive access.

No system is perfectly secure. If we identify a privacy or security incident that creates serious harm risk, we will take steps to contain it, assess it, notify affected people or regulators where required, and improve the relevant controls.

We keep personal information only for as long as we need it for the purposes in this policy, unless a longer period is required for safety, legal, billing, audit, dispute, or operational reasons.

The intended MVP default is short retention for normal session metadata and summaries, with longer retention only where needed for child-visible recent chats, safety records, account history, legal obligations, or billing records.

Parents, guardians, and eligible users may request account or child profile deletion. Some information may remain for a limited time in backups, audit logs, safety records, or legal records where we have a valid reason to keep it.

You may ask to access or correct personal information we hold about you or a child you are authorised to represent.

Children and young people have their own privacy rights. Parent or guardian requests for a child's information may need to be assessed case by case, including the child's age, maturity, best interests, safety, identity verification, and any legal restrictions.

We may ask for information to verify identity or authority before responding to an access, correction, or deletion request.

School use should be governed by a separate agreement that covers student data, authorised users, school roles, parent or caregiver notices, data residency requirements, retention, exports, deletion, incident handling, and end-of-contract processes.

Teachers and school administrators should only access student information for authorised learning, safety, support, and administration purposes.

We may send adults service messages and pilot updates. If we later send optional marketing emails, adults will be able to opt out.

We do not send marketing emails to children and do not target children with advertising.

We may update this policy as QrioCity develops, when our data handling changes, or when legal, safety, operational, or provider requirements change.

If a change is material, we will take reasonable steps to give notice, such as updating this page, notifying account owners, or asking for renewed consent where appropriate.

Privacy contact: info@qriocity.co.nz.

QrioCity is preparing for limited pilot access. Formal service provider details will be added before live product access where required.