KidGuard

Privacy Policy

Effective date: 14 May 2026

1. Introduction

This Privacy Policy explains how KidGuard (“KidGuard”, “we”, “us”) collects, uses, and shares information when you use our parent web portal at kidguard.family and our KidGuard Android application (together, the “Service”). The Service is operated by a sole trader based in the United Kingdom. Questions about this policy can be sent to support@kidguard.family.

2. Information we collect

We collect the following categories of information:

  • Parent account data: email address, hashed password (when not using Google sign-in), preferred language, and country derived from your IP at sign-up for pricing currency selection.
  • Child profile data:a parent-chosen display name, birth year (used to estimate appropriate question difficulty), grade level, region, and subject preferences. We do not require a child's real name or photograph.
  • Device data: a randomly generated device identifier, the Android version, Firebase Cloud Messaging token, and the times the device is locked or unlocked.
  • Usage data: records of which questions were shown to the child, whether each was answered correctly, and the time spent in answering. These records power the answer-history view in the parent portal.
  • Billing data:payments are processed by Stripe (https://stripe.com); card details are entered directly on Stripe's secure checkout and never reach KidGuard. We receive only a Stripe customer identifier, subscription identifier, plan, status, and billing country. Purchase records (subscription status, billing history) are stored in KidGuard's database; payment details are stored only by Stripe.
  • Support correspondence: the contents of emails you send to our support address.

3. How we use information

We use the information above to:

  • Operate, maintain, and improve the Service.
  • Authenticate parent accounts and protect them from unauthorised access.
  • Show usage history and answer statistics in the parent portal.
  • Generate appropriate practice questions based on the child's grade, region, and subject choices.
  • Process subscription payments and issue receipts.
  • Send service-related emails (account verification, billing, important changes).
  • Detect, investigate, and respond to abuse or security incidents.
  • Comply with our legal obligations.

We rely on contractual necessity for the data needed to deliver the Service, your consent for optional features (e.g. marketing email opt-in), and legitimate interest for security and fraud prevention. We do not use your information to train artificial intelligence models or to build advertising profiles.

4. How we share information

We share information only with the following third parties, each acting as a processor or sub-processor on our behalf:

  • Supabase — database, authentication, and storage hosting. Our primary region is EU (Frankfurt, Germany).
  • Vercel — web hosting for the parent portal and serverless edge functions.
  • Firebase Cloud Messaging (Google) — push notifications to the Android app for remote commands such as lock-now.
  • Stripe Payments Europe, Limited— payment processing for subscription billing and refunds. Stripe receives your card details directly via its hosted checkout and returns a customer / subscription identifier to KidGuard. See Stripe's privacy policy at stripe.com/privacy.
  • Amazon Web Services (Lambda) — parsing of CSV / Excel custom question uploads. Files are processed in memory and not retained.

We do not sell personal data. We do not share data with advertisers. We may disclose information when required by law, in response to valid legal process, or to protect the rights and safety of users.

5. Children's data

KidGuard is a parental tool. The parent creates the account, configures the rules, and is the data controller for any child profile information they enter. KidGuard acts as the parent's processor for that information.

We follow the principles of the UK Age-Appropriate Design Code (Children's Code). In particular: we collect the minimum data needed to deliver the Service to the child, we do not show advertising to children, we do not profile children for marketing, and we do not use behavioural nudges to encourage extended use. Question content is generated from age-appropriate templates and reviewed for safety.

Parents may at any time review, edit, or delete a child profile from the parent portal. Deleting a child profile removes the associated answer history within 30 days.

6. Your rights

If you are in the United Kingdom, the European Economic Area, or another jurisdiction with comparable rights, you have the right to access, correct, delete, restrict, and port the personal data we hold about you, and to object to certain processing (UK GDPR / EU GDPR Articles 15–22). You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

Most of these rights are exercisable directly inside the parent portal (Account Settings → Export data; Account Settings → Delete account). For anything you cannot do yourself, email support@kidguard.family and we will respond within 30 days.

7. Data retention

  • Active accounts: retained until the account is deleted by the parent.
  • Answer-history records: retained for 90 days by default; visible to parents inside the portal during this window.
  • Deleted accounts: personal data is removed within 30 days, except where retention is required to meet a legal obligation.
  • Billing records: retained for 7 years to comply with HMRC tax record-keeping requirements in the United Kingdom.
  • Backups: historical backups expire on a rolling 35-day schedule.

8. International transfers

Primary data storage is located in the European Union (Frankfurt). Some processors operate outside the UK and EU — most notably Firebase, which processes some data in the United States. Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions, as applicable.

9. Cookies

The parent portal uses essential cookies for authentication and a language-preference cookie. These are required for the site to function and cannot be disabled.

Payment is handled on Stripe's domain (checkout.stripe.com), so any fraud-prevention cookies set during checkout are set by Stripe on that domain and never on kidguard.family. We do not use third-party analytics cookies, advertising cookies, or cross-site tracking pixels. You can withdraw cookie consent at any time by clearing your browser's site data; the consent banner will reappear on your next visit.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be signalled by updating the effective date at the top of this page and, where appropriate, by notifying account holders by email at least 14 days before the change takes effect.

11. Contact

KidGuard is operated as a sole trader based in the United Kingdom. For privacy questions or to exercise any of the rights above, email support@kidguard.family. A postal address is available on request.