Bookworm

Privacy Policy

How student and school data is handled

Read the current privacy policy in English or Turkish. The embedded legal text below remains the official source for Bookworm's data handling commitments.

Help Center

Official privacy text

This page keeps the source legal document intact and lets you switch languages without leaving the shared public site shell.

PRIVACY NOTICE

Last updated: March 01, 2026

SUMMARY OF KEY POINTS

This summary highlights the most important points of this Privacy Notice. You can use the table of contents below to navigate to any section.

  • Who uses Bookworm: Bookworm is designed for primary school students ages 7-12, and student access is provided through a school or educational institution license.
  • What we collect: We collect only the information needed to create school-managed student accounts, deliver AI-powered reading experiences, measure learning activity, operate the service, and respond to support requests.
  • How we use data: We use information to provide and secure the service, generate stories, images, and narration, track progress, and improve reliability and educational usefulness.
  • Who we share data with: We share information only with service providers and other parties necessary to run Bookworm, comply with law, or protect the service. We do not sell student data or use it for targeted advertising.
  • Your choices: School administrators, and parents or guardians acting through the school relationship, may contact us to request access, correction, deletion, or further information about personal data.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  4. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  5. HOW LONG DO WE KEEP YOUR INFORMATION?
  6. HOW DO WE KEEP YOUR INFORMATION SAFE?
  7. WHAT ARE YOUR PRIVACY RIGHTS?
  8. CONTROLS FOR DO-NOT-TRACK FEATURES
  9. CHILDREN'S PRIVACY AND SCHOOL LICENSE MODEL
  10. DO WE MAKE UPDATES TO THIS NOTICE?
  11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

We collect only the information reasonably necessary to provide, secure, and support the Bookworm service.

School and account information

  • School or institution name, administrator name, and contact details
  • License, onboarding, billing, and support records
  • Student account details provisioned by or on behalf of the school, such as display name, class or grade information, and internal account identifiers

Usage and educational activity information

  • Story topics, prompts, and generated story activity
  • Reading progress, listening activity, quiz results, and vocabulary activity
  • Leaderboard, achievement, and in-app interaction data needed to operate the service

Technical and diagnostic information

  • Device, browser, app, log, and performance information
  • Security and fraud-prevention signals
  • Support messages and related communications

Students may log in using their Turkish National ID number (TC Kimlik No) only to generate or verify an internal account identifier within the school access flow. We do not store the TC Kimlik No on our servers.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process personal information to:

  • Create and manage school-linked student accounts
  • Generate, deliver, and display stories, images, and audio narration
  • Track reading progress and educational engagement
  • Maintain service security, stability, and technical performance
  • Provide customer support, troubleshoot issues, and communicate with schools
  • Comply with legal obligations and protect our rights or the rights of others

We do not sell personal information. We do not use student information for targeted advertising. We do not use student prompts or personal data to train our own AI models.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We share personal information only when necessary to provide Bookworm, comply with the law, or protect the service and its users.

  • Service providers: We use trusted vendors for infrastructure, AI generation, storage, and support workflows.
  • School relationship: Student information and activity may be made available to the licensed school or its authorized administrators as part of the school-managed service.
  • Legal and safety reasons: We may disclose information when required by law, court order, regulatory request, or where necessary to investigate misuse or protect children, schools, users, or Bookworm.
  • Business transfers: If our business is reorganized, merged, financed, or sold, relevant information may be transferred subject to applicable law and appropriate safeguards.

4. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

Yes. Bookworm uses artificial intelligence to support story creation and delivery. At the date of this notice, our core providers include:

  • Google LLC (Gemini API): story text generation
  • Replicate / Black Forest Labs (FLUX Schnell): story image generation
  • Inworld AI: text-to-speech narration
  • Supabase Inc.: database and hosted infrastructure services

User prompts may be transmitted to these providers to generate stories, visuals, or narration. Users should not include unnecessary personal or sensitive information in prompts. Although we use filtering and age-appropriate safety controls, AI-generated output may still contain errors or unexpected results. If inappropriate content appears, please contact us promptly at alacayiryener@gmail.com .

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep personal information only for as long as reasonably necessary for the purposes described in this notice, including to operate the service, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Student account information is generally retained for the active license term.
  • After a school license ends, student account data is generally retained for up to 30 days and then permanently deleted, unless a longer period is required by law or for a documented security or dispute reason.
  • Support or transactional records may be retained for a longer period where reasonably necessary for legal, accounting, or operational purposes.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We use administrative, technical, and organizational measures designed to protect personal information, including access controls, secure hosting, monitoring, and protections for data in transit and at rest where applicable.

No system can be guaranteed to be 100% secure. If you believe a Bookworm account or data set has been compromised, contact us immediately at alacayiryener@gmail.com .

7. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on applicable law and the school relationship through which Bookworm is provided, you may have rights to request access to personal information, request correction of inaccurate data, request deletion, object to certain processing, or request a copy of applicable records.

Because Bookworm is typically provided through a school license, parents or guardians should first contact the school administrator where appropriate. You may also contact us directly using the details in Section 11 or by sending a data request as described in Section 12.

8. CONTROLS FOR DO-NOT-TRACK FEATURES

Some browsers offer a Do-Not-Track ("DNT") setting. Because there is no universally accepted standard for responding to DNT signals, Bookworm does not currently respond differently to those signals. If a standard is adopted in the future, we may update this notice accordingly.

9. CHILDREN'S PRIVACY AND SCHOOL LICENSE MODEL

Bookworm is intended for children ages 7-12 in educational settings and at home under school-linked supervision. Students are not the direct contracting party for the service. The licensed school or educational institution is the contracting party and is responsible for the authorized onboarding of student users.

  • The school is responsible for obtaining any parental or guardian notices, permissions, or consents required under applicable law or school policy.
  • Student access is limited to the scope of the school's licensed use of the service.
  • We do not knowingly permit open, unsupervised self-registration by children outside the school-managed access model described in our service documents.

If you believe a child's information has been provided to us outside the authorized school relationship or in a way that violates this notice, contact us promptly at alacayiryener@gmail.com .

10. DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We may update this Privacy Notice from time to time to reflect changes in the service, our providers, legal requirements, or our practices. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide notice to the licensed school or administrator contact.

11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, or need to report a privacy or security concern, you may contact us at:

Yener Alacayir
Mimar Sinan Mahallesi 1175 Sokak No 27 Daire 6
Erzincan, 24000
Turkey

Email: alacayiryener@gmail.com

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

To request access to, correction of, or deletion of personal information, you may send us a Data Subject Access Request ("DSAR") by email at alacayiryener@gmail.com .

Please include enough information for us to identify the relevant school, account, or request, and note whether you are acting as a school administrator, parent, guardian, or authorized representative. We may ask for additional information to verify identity or authority before acting on the request.