Privacy Policy
Effective Date: March 18, 2026
Dharma Universal Inc. · MiniFounder.ai
MiniFounder.ai is a K-12 vibe coding education platform that teaches children ages 5 and up to build real AI-native applications using plain English prompts and AI assistance. The Platform is owned and operated by:
- Company: Dharma Universal Inc.
- Headquarters: 455 Market St Ste 1940, San Francisco, California 94105, United States
- Contact Email: dharma@dharmauniversal.ai
- Website: https://minifounder.ai
Throughout this policy, “we,” “us,” and “our” refer to Dharma Universal Inc. “You” refers to the parent or legal guardian who creates an account, and “child” or “children” refers to minors who use the Platform under parental supervision.
MiniFounder.ai is fully committed to complying with the Children's Online Privacy Protection Act (COPPA), a federal law that protects the privacy of children under 13 years of age. Our commitments include:
- We do not collect personal information from children under 13 without verifiable parental consent.
- A parent or legal guardian must create and manage all accounts for children under 13.
- Parents have the right to review, modify, or delete their child's personal information at any time.
- We do not engage in behavioral advertising targeted at children.
- We do not condition a child's participation on disclosing more information than is reasonably necessary.
- We maintain reasonable security procedures to protect children's information.
- We do not share children's personal information with third parties except as described in this policy for operational purposes.
We collect only the minimum information necessary to operate the Platform and deliver our educational services.
Account Information (provided by parents):
- Parent email address and password (encrypted)
- Child's first name (no last name required)
- Child's age
- Avatar emoji selection
Platform Activity (generated through use):
- Lesson progress and completion status
- XP earned, level, and streak data
- Code created in the AI Sandbox (prompts and generated outputs)
- Apps published to the Founder Store
- FounderBucks balance and transaction history
- Upvotes and play counts on published apps
Technical Information (collected automatically):
- Browser type and version
- Device type (mobile, tablet, desktop)
- IP address (for security and fraud prevention only)
- Pages visited and session duration
- Cookies essential for authentication and session management
- Last names of children
- Photos or videos of children
- Precise geolocation data
- Social media accounts
- School names or addresses
- Phone numbers of children
- Any biometric data
MiniFounder.ai includes several AI-powered features that are currently in beta. These features are powered by third-party AI models and may produce inaccurate, incomplete, or unexpected results.
Current beta AI features include:
- Vibebot: AI chat assistant that helps children build apps through natural language prompts.
- Vibe: AI code generation engine that converts prompts into functional HTML/CSS/JavaScript.
- Shield: AI content moderation system that filters inappropriate content.
- Sage: AI mentor that provides educational guidance and feedback.
These features use the Anthropic Claude API (a third-party service). Prompts sent by children are transmitted to Anthropic for processing. Anthropic's data handling is governed by their own privacy policy. We do not send personally identifiable information to Anthropic — only the prompt content and session context necessary to generate responses.
AI-generated code and content are provided for educational purposes only and should not be relied upon for production applications.
We use collected information exclusively for the following purposes:
- To create and manage parent and child accounts
- To deliver educational content, lessons, and the AI Sandbox experience
- To track learning progress, XP, levels, and streaks
- To operate the Founder Store marketplace
- To manage FounderBucks virtual currency
- To process subscription payments through Square
- To send transactional emails to parents (account activity, billing, security alerts)
- To improve the Platform and develop new educational content
- To ensure platform security and prevent fraud or abuse
- To comply with legal obligations
- We do not sell, rent, or trade personal information to anyone. Ever.
- We do not serve advertisements of any kind. MiniFounder.ai is 100% ad-free.
- We do not use children's data for behavioral profiling or targeted marketing.
- We do not share data with data brokers or analytics companies.
FounderBucks are a virtual currency used within the MiniFounder.ai platform. They have no real-world monetary value and cannot be exchanged, transferred, or redeemed for cash or any goods or services outside the Platform.
We maintain transaction logs for FounderBucks activity, including:
- FounderBucks earned through lesson completions and achievements
- FounderBucks spent on in-platform items (themes, avatars, badges)
- Current balance per child profile
These logs are retained for the duration of the account and are deleted upon account termination in accordance with our data retention policy.
- You own 100% of all code and apps you build on MiniFounder.ai
- You may download your code at any time while your account is active
- Downloaded code is yours to use freely — no restrictions apply
- We store your code to run the platform — we do not claim it as ours
- We do not sell, license, or monetize your code to third parties
- Upon account deletion we delete your stored code within 30 days — download first
- We recommend downloading your projects regularly as a personal backup
We share data only with the following third-party service providers, strictly for operational purposes:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, storage | Account data, lesson progress, app content |
| Anthropic | AI code generation (Claude API) | Prompt text, session context (no PII) |
| ElevenLabs | Text-to-speech voice synthesis | Text content for voice generation (no PII) |
| Square | Payment processing | Parent email, billing details (handled by Square) |
| Vercel | Web hosting and deployment | IP address, browser metadata (server logs) |
Each provider is contractually obligated to handle data in accordance with applicable privacy laws. We do not share data with any providers not listed above without updating this policy and notifying you.
We retain data only for as long as necessary to provide our services:
| Data Type | Retention Period |
|---|---|
| Account data (profiles, progress) | Deleted within 30 days of account deletion request |
| AI interaction logs (prompts, responses) | Deleted within 90 days automatically |
| Billing and payment records | Retained for 7 years as required by tax law |
| Published apps | Removed within 30 days of account deletion |
| Security and access logs | Retained for 12 months for fraud prevention |
When you request account deletion, we initiate the process immediately. All personal data is purged from our active systems within 30 days. Backup systems are purged within 90 days. Billing records required by law are anonymized and retained separately.
As a parent or legal guardian, you have the following rights regarding your child's information:
- Review: Request a copy of all personal information we hold about your child.
- Correct: Update or correct any inaccurate information.
- Delete: Request complete deletion of your child's account and all associated data.
- Restrict: Limit how we use specific types of data.
- Withdraw Consent: Revoke your consent for data collection at any time, which will result in account deactivation.
- Export: Request a machine-readable export of your child's data (lesson progress, app code, XP history).
To exercise any of these rights, contact us at dharma@dharmauniversal.ai. We will respond to all requests within 30 days. No fees are charged for exercising your privacy rights.
We implement industry-standard security measures to protect the information of our users:
- TLS/SSL Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
- Row Level Security (RLS): Our Supabase database enforces row-level security policies, ensuring users can only access their own data.
- Supabase Auth: Authentication is handled through Supabase's enterprise-grade authentication system with bcrypt password hashing.
- Sandboxed Code Execution: All user-generated code runs inside sandboxed iframes with restricted permissions — no access to parent page data or external resources.
- Regular Security Reviews: We conduct periodic security reviews of our codebase and infrastructure.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will provide at least 30 days' notice before changes take effect.
- We will send an email notification to the parent email address on file.
- We will display a prominent notice on the Platform.
- We will update the “Effective Date” at the top of this policy.
Continued use of the Platform after the effective date of changes constitutes acceptance of the revised policy. If you do not agree with any changes, you may delete your account at any time.
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
| Purpose | Contact |
|---|---|
| Privacy inquiries | dharma@dharmauniversal.ai |
| Data deletion requests | deletion@minifounder.ai |
| General support | support@minifounder.ai |
| Legal matters | legal@minifounder.ai |
Dharma Universal Inc.
455 Market St Ste 1940, San Francisco, California 94105, United States
© 2026 Dharma Universal Inc. All rights reserved. MiniFounder.ai Privacy Policy — Effective March 18, 2026.