Effective Date: 2026-05-04
Last Updated: 2026-05-05

 

This Privacy Policy explains how Cubroid Co., Ltd. ("we", "us", or "our") handles information when you use the CuroAI mobile application ("the App"). CuroAI is an educational coding application that integrates with Cubroid Bluetooth coding cubes and provides AI-powered learning blocks for students aged 9 and up.

We have designed CuroAI to minimize the collection of personal data. Most processing happens directly on your device. This document is provided in English; translations may be added in future versions.

1. Who We Are

Provider: Cubroid Co., Ltd.

App: CuroAI (Bundle ID: com.susoft.curoai)

Contact email: info@cubroid.com

Postal address: #1007, D-dong, Incheon Techno Valley U1 Center, 236, Jubuto-ro, Bupyeong-gu, Incheon, Republic of Korea

If you have questions about this policy or your data, please contact us at the email address above.

2. Summary at a Glance

We do not require an account. You can use CuroAI without signing up, signing in, or providing personal information.

We do not collect analytics or tracking data in this version of the App.

Camera and microphone input are processed on your device for AI features such as hand detection, face recognition, object recognition, pose detection, and speech recognition. Camera frames and audio are not uploaded to our servers.

Some optional AI blocks send text to third-party services (Google Translate for translation, user-defined webhooks for IFTTT). These are clearly labeled and only run when the user adds the corresponding block to their project. See Section 5 for details.

Bluetooth is used solely to connect to Cubroid coding cubes. We do not use Bluetooth for advertising, location, or analytics.

Project files (Scratch .sb3 files) are stored locally on your device. You may export them via AirDrop or the iOS Files app at your discretion.

3. Information We Collect From You Directly

CuroAI does not collect personal information directly. Specifically, we do not ask for, store, or transmit:

Names, email addresses, phone numbers, or postal addresses.

Date of birth or age beyond the App Store age rating gate.

Account credentials, social media identifiers, or contacts.

Photos, videos, or audio recordings. Camera and microphone input is processed in memory for AI inference and is not saved or transmitted by the App.

Precise or coarse location data.

Advertising identifiers (IDFA), device fingerprints, or cookies.

4. On-Device Permissions and How They Are Used

When you use a feature that requires a system permission, iOS will display a standard permission dialog. CuroAI requests the following permissions only.

Camera (NSCameraUsageDescription). Real-time video frames are analyzed locally by on-device machine learning models for face recognition, hand detection, pose detection, object recognition, and color detection blocks. Frames are processed in memory and discarded. They do not leave your device.

Microphone (NSMicrophoneUsageDescription). Captures audio for the speech recognition block. Audio is passed to Apple's on-device Speech framework. See Section 4.1 for details.

Speech Recognition (NSSpeechRecognitionUsageDescription). Required by iOS to use the on-device speech-to-text engine. See Section 4.1.

Bluetooth (NSBluetoothAlwaysUsageDescription, NSBluetoothPeripheralUsageDescription). Discover and connect to Cubroid coding cubes (motors, LEDs, sensors) and to compatible micro:bit devices. Bluetooth communication is between your iPad or iPhone and the physical coding cube. No data is sent to our servers.

You may deny or revoke any of these permissions at any time in Settings then CuroAI on your device. Features that depend on a denied permission will simply be unavailable; the rest of the App continues to work.

4.1 Speech Recognition

CuroAI uses Apple's SFSpeechRecognizer framework. By default on supported devices, recognition runs on-device. In some circumstances, iOS may route speech recognition through Apple's servers; this is determined by iOS, not by the App. When iOS performs server-based recognition, the data is handled under Apple's privacy terms; we do not receive or store this audio. We recommend reviewing Apple's Speech Framework privacy notice at https://developer.apple.com/documentation/speech for details.

5. Optional Features That Send Data to Third Parties

Several AI blocks are opt-in: they only transmit data when you add that specific block to your project and run it. The first time you use such a block, the App may display a notice. The data sent is limited to what is necessary to perform the requested operation.

Translate block. Sends the text you provide to Google LLC (USA) via Google Translate in order to receive a translation.

Text-to-Speech block. Sends the text you provide to Apple Speech Synthesis (on-device) and/or a third-party text-to-speech service in order to receive synthesized audio.

IFTTT Webhooks block. Sends the values you specify to the webhook URL you supply in order to trigger a user-defined automation.

Teachable Machine model loading. Requests a public model file the user pasted from Google LLC (USA) at teachablemachine.withgoogle.com in order to download a pre-trained model for on-device inference. The user's camera input is never sent to Google.

Important notes about third-party services.

These services are operated by their respective providers and are subject to their own privacy policies and terms. We encourage you to review them:

Google: https://policies.google.com/privacy

IFTTT: https://ifttt.com/terms/privacy

We do not have access to the responses these services return; they are delivered directly to the App for use within your project.

We do not retain copies of the data you send to these services.

You should not enter personal information, real names, school names, or other identifying details into these blocks. Educators are encouraged to supervise children when these blocks are used.

If you do not wish to use any third-party AI feature, simply do not add the corresponding block to your project. All non-cloud blocks (Bluetooth hardware, on-device ML, drawing, sound, and so on) work without any internet connection beyond the initial app installation.

6. Data Stored Locally on Your Device

CuroAI stores the following data only on your device:

Scratch project files in .sb3 format that you create or import.

App preferences and UI settings.

Cached assets bundled with the App such as machine learning model files, language packs, and fonts.

We do not have remote access to this data. If you delete the App, all locally stored data is removed by iOS along with the App.

You may export project files at any time via AirDrop or the iOS Files app. Exported files leave the App's sandbox under your control; this Policy no longer applies to them once exported.

7. Children's Privacy

CuroAI is rated 9+ in the App Store and is intended for use by students, including children. We have designed the App accordingly:

We do not require account creation.

We do not collect personal information from any user, including children.

We do not use behavioral advertising, third-party analytics, or tracking SDKs.

We do not knowingly enable contact between users.

For features that send data to third-party services as listed in Section 5, we recommend that a parent, guardian, or educator be involved in deciding whether and how those features are used in classroom or home settings. If you believe a child has provided personal information through one of these third-party services, please contact us at the email above and contact the third-party provider directly.

This App is not directed at children under 13 in a way that would make it subject to COPPA (Children's Online Privacy Protection Act) requirements regarding direct collection from children, because we do not collect personal information at all. However, we make every effort to align our practices with the spirit of children's privacy laws including COPPA, Apple's Kids Category guidelines (even though we are in the Education category), and the EU's GDPR-K.

8. Network Connectivity

The App requires an internet connection only for:

Initial download from the App Store.

Optional third-party AI features as described in Section 5.

Loading a pre-trained Teachable Machine model the user has chosen.

App updates.

Bluetooth hardware blocks, on-device ML blocks (face, hand, pose, and object recognition with bundled models), the block editor, and project save and load all work fully offline.

9. Security

We follow industry-standard practices to protect data in transit.

All third-party API calls listed in Section 5 are made over HTTPS (TLS).

The App declares NSAllowsArbitraryLoads = false in its Info.plist, meaning insecure HTTP connections are disabled at the system level.

The App does not export, store, or transmit cryptographic credentials.

Because we do not collect or store user data on our servers, there is no central database for an attacker to target.

10. Your Rights

Depending on where you live, you may have rights under data protection laws such as the GDPR (European Union, EEA, and UK), the CCPA (California, USA), or the Personal Information Protection Act (Korea). These typically include the right to access, correct, delete, or restrict the processing of your personal information.

Because we do not collect personal information, in most cases there is no data for us to provide, correct, or delete. If you have questions or wish to make a request related to data potentially held by a third-party service we integrate with as listed in Section 5, please contact that provider directly using the links above. You may also contact us, and we will help you identify the right party.

11. International Data Transfers

When you use a third-party block listed in Section 5, the data you submit is transferred to and processed by servers operated by that third party, which may be located outside your country (typically the United States). The transfer is performed under the third party's own legal mechanisms such as Standard Contractual Clauses for transfers from the EU and EEA. We do not control these mechanisms; please review the third party's privacy policy for details.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the Last Updated date at the top of this document.

Update the URL contents accessed by the App Store listing.

For material changes, note the change in the App's release notes for the affected version.

Continued use of the App after a change indicates acceptance of the updated Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your privacy when using CuroAI, please contact:

Cubroid Co., Ltd.

Email: info@cubroid.com

Postal address: #1007, D-dong, Incheon Techno Valley U1 Center, 236, Jubuto-ro, Bupyeong-gu, Incheon, Republic of Korea

We will respond to legitimate inquiries in a timely manner.

This Privacy Policy applies only to the CuroAI mobile application identified by Bundle ID com.susoft.curoai distributed through Apple's App Store. It does not apply to other products or services offered by Cubroid Co., Ltd.