DRAFT — this policy is pending legal review and may change before the public launch. Contact us with any questions.

Privacy Policy

Last updated: July 2026

ParentalRadar is operated by [COMPANY NAME], a company registered in the United Arab Emirates ("we", "us"). This policy explains what we collect, why, and the rights you and your family have. It is written to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

The short version

  • We collect screen-time metadata, never content.
  • We never read messages, chats, photos, keystrokes, browsing history, or precise location.
  • Parents control all family data and can delete any of it, at any time, from Settings.
  • We do not sell personal data or use it for advertising.

What we collect

  • Parent account: name, email address, and a securely hashed password.
  • Child profile: first name (or nickname) and birth year, used only to pick age-appropriate agreement templates.
  • Device usage metadata from the child's Android device: total daily screen minutes, longest session length, late-night minutes, and minutes per app category (social, video, games, browser, education, productivity, other).
  • Family activity inside ParentalRadar: agreements, recognitions, requests, trust scores, and risk signals derived from the metadata above.
  • A push-notification token for the child device so the app can receive family updates.

What we never collect

  • Message or chat contents, on any platform.
  • Photos, videos, or screenshots.
  • Keystrokes or passwords typed by your child.
  • Web pages visited or search history.
  • Microphone or camera access.
  • Precise location.

Children's data and parental consent

ParentalRadar processes a child's usage metadata only after a parent or legal guardian creates the child profile, generates an invite code, and links the child's device — this is how we obtain verifiable parental consent. The child app shows the child exactly what is shared, and family agreements are designed to be accepted by the child on their own device.

How we use data

  • To show parents and children the same picture: usage summaries, trust scores, and early risk signals.
  • To generate optional AI coaching insights. When a parent requests one, summary metadata (never content) is sent to Anthropic's Claude API for processing. Anthropic does not train models on this data under our API terms.
  • To send push notifications to the linked child device (via Google Firebase Cloud Messaging).
  • To send account emails such as password resets (via Resend).

Website analytics

Our public website (landing, waitlist, and download pages) uses Umami, a privacy-focused analytics tool that is cookieless and does not identify individual visitors or track them across other sites. We see only aggregate statistics such as page views, referrers, and countries. The signed-in parent dashboard and the child app contain no analytics or advertising trackers of any kind.

Where data is stored and who processes it

We use vetted service providers to run ParentalRadar: Supabase (database hosting), Render (API hosting), Vercel (web hosting), Google Firebase (push notifications), Anthropic (AI insights), Resend (email), and Umami (cookieless website analytics, public site only). Some providers process data outside the UAE; where that happens, we rely on the providers' contractual safeguards as permitted by the PDPL. [CONFIRM REGIONS DURING LEGAL REVIEW]

Retention and deletion

Data is kept while your account is active. From Settings, a parent can at any time delete a child's telemetry, unlink devices, delete a child profile, or delete the entire family account — deletions are immediate and permanent. If you delete your account, all family data is removed from our database.

Your rights under the PDPL

  • Access and receive a copy of your personal data.
  • Correct inaccurate data.
  • Delete your data (available directly in Settings).
  • Withdraw consent at any time by unlinking devices or deleting the account.
  • Complain to the UAE Data Office if you believe we have mishandled your data.

Security

Passwords are stored hashed, device credentials and invite codes are stored as one-way hashes, all traffic uses HTTPS, and each family's data is isolated per account. No system is perfectly secure; if a breach affecting your data occurs, we will notify you and the UAE Data Office as the PDPL requires.

Contact

Questions or requests: [CONTACT EMAIL] — [COMPANY NAME], [REGISTERED ADDRESS], United Arab Emirates. We may update this policy; material changes will be announced in the app.