How we keep students,
parents, and tutors safe.

Verified parental consent (COPPA). Any student account where the listed age is under 13 enters Koydo's existing verified-parental-consent flow — the same one used in Sprouts (2-5) and Junior (5-8) tiers. A child cannot complete signup until a parent has verified their identity through an email + phone challenge, optionally followed by a small payment-card verification ($0.50 refundable charge — the FTC's recognized "verifiable means" of confirming an adult relationship). Until consent is verified, no AI conversation occurs, no progress is stored, no data is collected.

Tutor background checks for teaching minors. Tutors whose marketplace profile or Pro Educator account indicates they teach under-18 students must hold a current verified background-screening badge before minor-facing bookings. The badge is visible on the tutor's profile once cleared. Tutors without a current badge cannot be searched by parents conducting an "under-13 student" search. Background checks expire annually and require re-running.

No off-platform contact in first exchanges. First-contact messages between a student/parent and a tutor go through Koydo's in-platform messaging. Phone numbers, email addresses, and personal social-media handles are auto-redacted in the first three messages. This is a meaningful difference from italki, Preply, and Cambly — none of which gate first-contact information exchange. The redaction protects against contact-grooming attempts.

Lesson recordings stay private to the parent. If a lesson is recorded (always opt-in, never required), the recording is visible only to the parent (and the tutor + the child, of course). Lesson recordings are never made public, never used as marketing material without explicit written parent consent.

For users under 13, Koydo follows the April 2025 amended COPPA Rule. We require Verifiable Parental Consent (VPC) before any personal information is collected from a child under 13. Acceptable VPC methods include a verified credit-card $0.50 charge (refunded automatically), a signed-and-returned consent form, or knowledge-based authentication. We minimize data collection to first name plus first initial (never full name), age, target language, and progress data. No behavioral advertising. No third-party tracking pixels on child-facing surfaces. If a parent writes a review on a tutor that mentions their child, the review system allows only first name plus initial, never full name, and the parent must explicitly acknowledge that their review will be publicly searchable.

On-device AI by default. The default AI tutor path runs on the device via Apple Foundation Models on iOS 26 and macOS 26. Student utterances during AI conversation do not leave the device for the common case. Cloud LLM falls back only when AFM is unavailable (older devices, language models AFM doesn't yet support).

Cloud AI honors disallow-prompt-training. When the cloud AI path is used, all requests route through Vercel AI Gateway with the disallowPromptTraining: true flag set. Every upstream provider in the gateway's allowlist (OpenAI, Anthropic, Google, Mistral, Cohere, etc.) honors this flag. Student utterances are not used for model training, period.

FERPA-aligned for school deployments. Lingua for Schools accounts are issued under a signed Data Processing Agreement. Per-tenant data residency (US-only on request, EU-only for European institutional buyers). Audit logs of admin + instructor data access. Standard FERPA "school official" relationships honored. Schools control roster, schools control export.

GDPR compliance. EU users (whether consumer learners or institutional accounts) get standard GDPR rights honored: right to access, right to rectification, right to erasure, right to data portability. Erasure requests fulfilled within 30 days. Data Protection Officer reachable at dpo@koydo.app. EU data residency for EU-listed accounts.

SOC 2 Type II in progress. Audit period Q1-Q3 2026. Report available to enterprise customers under NDA after publication.

Koydo Lingua's AI-driven features — pronunciation scoring, AI tutor conversation, AI essay grading, AI placement testing, AI-mediated progress evaluation — are classified as high-risk AI systems under Annex III §3 of the EU AI Act (Education and Vocational Training). Effective 2 August 2026, the EU AI Act requires transparency about how these systems work, what they output, and the user's ability to override or disable them. Lingua's intended compliance posture by that date is summarized below.

• Purpose: AI features support language learning. They do not make admissions, grading, or credential decisions on their own.
• Models: Third-party LLMs routed through Vercel AI Gateway with disallowPromptTraining: true — your inputs are never used to train any model.
• Training data: Public language corpora only. No student-specific training. Apple Foundation Models run entirely on-device when available.
• Human override: Pro Educator and Schools admins can disable the AI tutor per cohort. Educators can override AI essay grades. Students can request human review of any AI-graded work.
• Risk management: Documented in the Privacy Policy and the EU AI Act Disclosure (link below).

Full disclosure at koydo.app/legal/automated-decisions.

Tutor profiles surface their verification level visibly to anyone searching the marketplace or considering hiring through Pro Educator:

• Email verified — basic email-click confirmation. Free, required for all tutors.
• Phone verified — SMS OTP through Twilio. Free, encouraged for all tutors.
• Stripe Connect connected — the tutor has set up payment receiving through Stripe Connect Express, which includes Stripe's own KYC (legal name, DOB, address, last 4 of SSN for US, equivalent for non-US). Free.
• Verified-tutor badge (third-party background screening) — full criminal-record search across federal + state databases, sex-offender registry, identity verification. Required for any tutor teaching minors. ~$25-40 one-time, pass-through cost from the screening provider. Renews annually.
• Certified credentials (future) — verified language teaching certifications (TESOL, DELE, JLPT, HSK examiner credentials) via direct issuer API or document upload + manual review.

Reviews require a completed paid lesson. A student can only review a tutor after they've completed at least one paid lesson package with that tutor through Koydo's payment infrastructure (either Direct Stripe or Koydo Payments). Anonymous reviews and review-bombing are not possible.

Tutors get one response per review. Tutors can post a single public response to any review. No extended back-and-forth threads. Both review and response are subject to content moderation.

Sub-3-star reviews are content-moderated before publishing. Reviews under 3 stars enter a moderation queue checked for abusive language, personal information disclosure, or threats. Reviewers retain the right to publish their honest opinion; we filter only for actual abuse, not negative sentiment.

Report-abuse button on every profile, every message, every review. Reports trigger a Koydo content-moderation review within 24 hours. Confirmed abuse → tutor warned, then suspended, then banned. Repeat student abusers similarly. Bans are permanent and the tutor's verified-tutor badge is revoked.

Full plain-English explainer of how tutors get paid (Direct Stripe vs Koydo Payments, the 1% rolling chargeback reserve, the annual reconciliation, the negative-balance handling, the high-risk transaction hold) lives at /how-tutors-get-paid. The corresponding TOS clauses are in Section 14 of the Pro Educator Terms of Service (10 sub-sections covering balance, recoupment, statements, ops charges, negative balance, rolling reserve, high-risk hold, dispute cooperation, no marketplace commission, future marketplace-lesson treatment).

WCAG 2.2 AA across every learner surface. Color contrast, keyboard navigation, screen reader semantics, focus management — all hold AA. AAA-grade where the cost is reasonable.

Reduce-motion respected. Atelier motion canon includes a reduce-motion fallback for every animation. prefers-reduced-motion halts everything except essential transitions.

50 languages currently shipping (44 at native voice quality + 5 in preview tier). The remaining 7 of CHARTER's 56-language target lack acceptable native TTS voices on any provider; we ship them when ElevenLabs / Google / Apple ship voices acceptable to native-speaker reviewers.

RTL languages full bidi support. Arabic, Hebrew, Persian, Urdu fully right-to-left including in the tutor dashboard, gradebook, parent share-links.

Email trust@koydo.app for any abuse report, safety concern, or content moderation question. Response within 24 hours on weekdays. For privacy / GDPR / data-subject requests, email dpo@koydo.app.

Critical safety concerns (suspected child endangerment, ongoing harassment, illegal activity) trigger immediate escalation. We cooperate with law enforcement requests received through proper legal channels.