Tap Guardian Privacy Policy

• Account Information: Name, email address, and password when you register.
• Child Profile Data: Child's name, age group, and avatar selection. Child profiles are created exclusively by the parent — children never provide information directly.
• Device Information: Device type, operating system, device identifiers, and FCM tokens for push notifications.
• Location Data: Real-time and historical location data from child devices when location permissions are granted by the parent. Location is collected via the device's GPS and network services only while the app or its background service is active.
• App Usage Data: Information about apps installed and used on child devices, including usage duration.
• Screen Time Data: Daily screen time usage, limits set by parents, and schedule configurations.
• Task & Reward Data: Tasks created by parents, task completion status, points earned and spent, reward store purchases, and achievement/badge progress.
• Brain Boost Data: Quiz answers, scores, and completion history. Quiz content is generated based on the child's age group and is not linked to any external educational profile.
• Chat Messages: Messages exchanged between parent and child within the app.
• Phone Number: Parent phone number for SOS emergency alerts and account recovery (optional).
• Website Waitlist: If you join our launch waitlist on tapguardian.io, we collect the email address you submit. It is stored with our email service provider Brevo and used only to contact you about Tap Guardian availability.

• Location (precise & background): Real-time location and safety zone alerts on child devices. Disabled by default; requires explicit parental opt-in.
• Notifications: Alerts for app blocking, location events, task reminders, and chat messages.
• Apple Family Controls / Screen Time API (iOS):On-device screen time enforcement and app blocking. Data is processed on the device and not transmitted to our servers in raw form.
• Android Usage Stats & Accessibility (Android):Usage measurement and app blocking on child Android devices.
• Camera (optional): Used on the child's device to scan the pairing QR code shown on the parent's device, and optionally to set a profile avatar photo. Images are not retained on our servers unless you explicitly upload them as an avatar.
• Photo Library (optional): Choosing an avatar.
• Contacts: Not requested. We do not access your contacts.
• Microphone: Not requested. We do not record audio.

• Directly from you: When you create an account, set up child profiles, configure settings, or contact support.
• Automatically from devices: App usage data, screen time statistics, location data, and device information are collected automatically by the Tap Guardian app installed on child devices, with parental consent.
• From third-party services: Authentication data from Firebase and subscription status from RevenueCat/app stores.

• We do not collect personal information directly from children under 13 (or under 16 in applicable EEA jurisdictions) without verified parental consent.
• Parental Consent mechanism: All child profiles are created and managed exclusively by an authenticated parent account holder. Before any child data is collected, the parent must create an account, affirmatively confirm that they are the child's parent or legal guardian, and expressly consent to the collection of child data via consent checkboxes presented at registration. The parent must be logged in and explicitly create each child profile before any child data is collected. For families on a premium plan, parental identity is further corroborated through Apple App Store or Google Play purchase flows, which involve identity-verified payment credentials.
• Child data deletion timeline: When you delete a child profile, all data associated with that child (location history, app usage, screen time records, chat messages, quiz results, tasks, and rewards) is permanently deleted from our production systems within 14 days and from encrypted backups within 30 days.
• Parents can review, modify, or delete their child's data at any time by editing or deleting the child profile in the app, or by using Settings > Export My Data.
• Child data is only accessible to the parent who created the profile and any authorized co-parents.
• We do not serve any advertising to children. The app contains no ads of any kind.
• We do not sell, lease, or trade children's personal information to third parties for any purpose.
• We do not use children's data for profiling, marketing, or behavioral targeting.
• Parents may revoke consent and request deletion of their child's data at any time by deleting the child profile in the app or by contacting us at privacy@tapguardian.io.

• To provide and maintain the Tap Guardian service.
• To enable parents to monitor and manage children's screen time and digital activities.
• To provide location tracking and geofence alerts.
• To send push notifications for alerts, reminders, and app blocking commands.
• To generate usage reports and weekly summaries.
• To facilitate parent-child communication through in-app chat.
• To send SOS emergency alerts (SMS and voice call) to parents when triggered by a child.
• To improve and personalize the app experience.
• To detect and prevent fraud or abuse.

• Encrypted data transmission (HTTPS/TLS).
• Secure password hashing (bcrypt).
• HTTP-only cookies for session management.
• Firebase Authentication for identity verification.
• Regular security audits and updates.

• Firebase (Google LLC): Authentication, push notifications (FCM), and crash reporting. Firebase Analytics is configured to not collect advertising identifiers (IDFA) or identifiable information from children. Privacy
• MongoDB Atlas (MongoDB, Inc.): Encrypted database hosting for all app data. Privacy
• Railway (Railway Corp.): Server hosting with TLS encryption. Privacy
• RevenueCat (RevenueCat, Inc.): Subscription management. RevenueCat receives only anonymized user identifiers and subscription status — no child data. Privacy
• Apple ScreenTime API / Android UsageStats: On-device screen time management. This data is processed locally on the device. Apple privacy · Google privacy
• Twilio (Twilio Inc.): SOS emergency SMS and voice calls to parents. Twilio receives the parent's phone number and the alert message solely to deliver SOS notifications. See Twilio's privacy policy for details on their data handling. Privacy
• Sentry (Functional Software, Inc.): Server error monitoring. Receives technical error reports and request metadata so we can detect and fix crashes and bugs; not used to profile users. Privacy
• Brevo (Sendinblue SAS): Stores email addresses submitted to our website launch waitlist and sends launch notifications. Receives no app or child data. Privacy

We do not “sell” or “share” your personal information within the meaning of the California Consumer Privacy Act (CCPA/CPRA), and we do not engage in cross-context behavioral advertising. We have not sold or shared personal information of any consumer in the past 12 months and do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age. Data is shared with the services listed above solely to provide the Tap Guardian service.

• Account data (parent name, email): For the life of the account; deleted within 30 days after account deletion.
• Location history: Rolling 7 days, then automatically purged. The most recent known location is retained while the child profile exists so parents can always see a last known position.
• Screen time & app usage records: Per-app usage records are kept on a rolling 30-day basis, then automatically purged. Daily screen-time totals are retained for the life of the child profile.
• Chat messages: Automatically deleted after 90 days, or sooner upon account deletion.
• Brain Boost quiz results & reward history: Individual quiz logs are kept on a rolling 15-day basis. Aggregate points, achievements, and reward history are retained for the life of the child profile and deleted with the profile.
• Encrypted backups: All deleted data is purged from backups within 30 days of deletion.
• Billing & transaction records: Retained 7 years for tax and audit compliance, as required by law.

• Precise geolocation (location of child devices, when enabled).
• Account credentials (email and password used to sign in).

We use Sensitive Personal Information only for the purposes identified in “How We Use Your Information” — to provide location safety features and authenticate your account. We do not use Sensitive PI for inferences about characteristics, profiling, or any purpose other than providing the service. California residents have the right to limit the use and disclosure of their Sensitive PI; to exercise this right, email privacy@tapguardian.io.

• Access your personal data and your children's data.
• Export your data (Settings > Export My Data).
• Correct inaccurate information.
• Delete your account and all associated data (Settings > Account > Delete Account).
• Withdraw consent for location tracking at any time (Settings > Location > Disable).
• Opt out of push notifications through device settings.
• Revoke consent for data collection by deleting individual child profiles or your entire account.

How to withdraw consent: You can revoke consent for any specific data collection at any time through the app's Settings menu. Disabling location services stops all location data collection immediately. Deleting a child profile removes all data associated with that child. Deleting your account removes all family data. You may also email privacy@tapguardian.io to exercise any of these rights.

• Legal basis for processing: We process parent data based on (a) your consent when you create an account, (b) contractual necessity to provide the Tap Guardian service, and (c) our legitimate interest in maintaining app security and preventing abuse. We process child data exclusively based on verified parental consent.
• Your rights: You have the right to access, rectify, erase, restrict processing, data portability, and to object to processing.
• Data transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place through standard contractual clauses with our service providers.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@tapguardian.io.