Your Students’ Data Is Safe with Readiverse

At Readiverse, protecting student information is a top priority. We know that schools, teachers, and parents need confidence that their data is handled responsibly. Here’s how we keep it safe.

Data Stays in Canada

All Readiverse data is stored in Canada (AWS ca-central-1 region) using Supabase, an enterprise-grade managed database platform. Your students’ information never leaves Canadian borders.

• Hosted on Amazon Web Services (AWS) infrastructure in Canada
• Managed by Supabase, a trusted database platform used by thousands of organizations
• Fully compliant with Canadian data residency requirements

Encrypted at Every Step

Your data is protected both when it’s moving and when it’s stored.

• In transit: All connections use SSL/TLS encryption (HTTPS) — the same standard used by banks
• At rest: Data stored in our database is encrypted using AES-256 encryption
• Passwords: Never stored in plain text — always securely hashed using industry-standard algorithms (bcrypt)
• Student PINs: Hashed and protected with the same standards as passwords

Only the Right People See the Right Data

Readiverse uses role-based access control to ensure everyone only sees what they’re supposed to.

• Students can only access their own stories, progress, and reports
• Teachers can only view data for students in their own classes
• School administrators can only access information within their school
• No cross-school data access — schools are completely separated

Minimal Personal Information Required

We designed Readiverse so that student accounts do not need to use full or real names. Teachers can set up student profiles using first names, nicknames, initials, or any identifier that works for their classroom. This means less personal information in the system and greater privacy for your students.

Secure Sign-In

We use modern authentication to keep accounts protected.

• JWT-based authentication with automatic session management
• Automatic session expiry — inactive sessions are logged out automatically
• Secure cookies with strict same-site policies to prevent unauthorized access
• Student-friendly PIN login — simple for young learners, still secure

Third-Party Services We Use

We carefully select trusted partners and limit the data we share with them.

Service: Supabase (AWS Canada)
Purpose: Database & backend
Data Shared: All application data (stored in Canada)

Service: Vercel
Purpose: App hosting & performance
Data Shared: Page load metrics

Service: Deepgram
Purpose: Speech recognition for read-aloud
Data Shared: Audio during reading sessions (not stored permanently)

We do not sell or share personal data with advertisers or data brokers.

What We Collect

We only collect what’s needed to provide the Readiverse learning experience:

• Account information: Display name (does not need to be a real or full name), email (teachers only), school, and role
• Learning data: Reading progress, assessment results, and stories created
• Audio data: Voice recordings during read-aloud sessions (used for real-time speech analysis, not stored long-term)
• Usage data: How features are used, to help us improve the platform

We do not collect sensitive personal information beyond what’s listed above.

Children’s Privacy

Readiverse is designed for use in schools with students of various ages.

• Student accounts are created and managed by teachers or school administrators — not by children directly
• We follow principles aligned with COPPA (Children’s Online Privacy Protection Act) and PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act)
• We do not knowingly collect personal information from children without school/teacher authorization
• Parents and guardians can request access to or deletion of their child’s data at any time

Questions?

If you have any questions about how we handle data, or if you need information for a school risk assessment, please reach out:

Email: support@readiverse.ca

We’re happy to provide additional details for your school’s security review process.