Privacy Policy

Last Updated: 10/29/2025

Our Commitment to Privacy

At Kidox AI, we understand that privacy is paramount, especially when it comes to protecting children. This Privacy Policy explains how we collect, use, and protect information when you use our AI-powered parental monitoring service.

1. Information We Collect

Account Information

  • Parent/guardian email address and name
  • Billing information for subscription services
  • Organization details for multi-child accounts
  • Device information for connected WhatsApp accounts

Monitoring Data

  • Message content (temporarily collected for context analysis)
  • Message metadata (timestamps, sender information, message types)
  • AI analysis results and threat classifications
  • Alert summaries and safety reports
  • Contact information from monitored conversations

Technical Data

  • Device identifiers and connection status
  • App usage statistics and performance metrics
  • Error logs and diagnostic information
  • IP addresses and location data (if enabled)

Important: Temporary Data Collection

We temporarily collect your child's message content to understand chat context and improve threat detection accuracy. Messages are processed by our AI for analysis and then automatically deleted within a short timeframe. We do not store messages permanently or use them for any purpose other than safety analysis.

2. How We Use Your Information

Safety and Protection

  • Detect cyberbullying, predatory behavior, and harmful content
  • Generate real-time alerts for potential threats
  • Create weekly safety reports and activity summaries
  • Improve AI detection accuracy and reduce false positives

Service Operations

  • Maintain your account and provide customer support
  • Process billing and subscription management
  • Send important service updates and security notices
  • Troubleshoot technical issues and improve performance

Legal Compliance

  • Comply with applicable child protection laws
  • Respond to lawful requests from authorities
  • Prevent fraud and abuse of our services
  • Enforce our Terms of Service
3. AI Processing and Analysis

How Our AI Works

Our AI analyzes message patterns, language, and context to identify potential threats. Messages are temporarily stored for 24-48 hours to understand conversation context and improve threat detection accuracy. Our machine learning models are trained on anonymized data to recognize concerning behaviors while maintaining privacy safeguards.

AI Data Processing

  • Real-time analysis of message content for threat detection
  • Temporary storage of messages for conversation context analysis
  • Pattern recognition for cyberbullying and predatory behavior
  • Sentiment analysis to identify emotional distress
  • Link and media analysis for harmful content
  • Continuous learning to improve detection accuracy

Privacy Safeguards

  • On-device processing where possible to minimize data transmission
  • Encrypted data transmission and storage
  • Automated deletion of messages within 24-48 hours after context analysis
  • Regular security audits and penetration testing
4. Data Security and Protection

Technical Safeguards

  • End-to-end encryption for all data in transit
  • AES-256 encryption for stored data
  • Multi-factor authentication for account access
  • Regular security updates and patches
  • Secure cloud infrastructure with SOC 2 compliance

Access Controls

  • Role-based access controls for our team
  • Strict data minimization principles
  • Regular access reviews and audits
  • Automated monitoring for unauthorized access

Incident Response

  • 24/7 security monitoring and alerting
  • Incident response team and procedures
  • Immediate notification of any security breaches
  • Transparent reporting of security incidents
5. Data Retention and Deletion

Retention Periods

  • Message content: Retained for 24-48 hours for context analysis, then automatically deleted
  • Account data: Retained while your subscription is active
  • Threat alerts: Retained for 90 days for pattern analysis
  • Usage analytics: Retained for 12 months for service improvement
  • Billing records: Retained for 7 years for tax and legal purposes

Data Deletion

  • Message content: Automatically deleted within 24-48 hours after context analysis
  • Account data: Deleted within 30 days of account closure
  • Backup data: Permanently deleted within 90 days
  • You can request immediate data deletion at any time
6. Third-Party Services and Sharing

Service Providers

We work with trusted third-party services for:

  • Cloud hosting and infrastructure (AWS)
  • AI processing and analysis (AI21)
  • Email services (Resend)
  • Application hosting and deployment (Vercel)
  • Content delivery and security (Cloudflare)

Data Sharing Limitations

  • We never sell your personal information
  • We don't share data with advertisers or marketers
  • Third parties are bound by strict confidentiality agreements
  • We only share data necessary for service operations

Legal Disclosures

We may disclose information when required by law, court order, or to protect the safety of children. We will notify you of such requests unless legally prohibited.

7. Children's Privacy (COPPA Compliance)

Parental Consent and Control

Our service is designed for parents and guardians to protect their children. We only collect and process children's data with explicit parental consent and under parental control.

COPPA Compliance

  • Parents must provide verifiable consent for monitoring
  • Children under 13 cannot create accounts independently
  • Parents can review, modify, or delete their child's data
  • We collect only the minimum data necessary for safety
  • No behavioral advertising or profiling of children

Parental Rights

  • Request access to your child's data
  • Modify or delete your child's information
  • Refuse further collection of your child's data
  • Receive notifications of data breaches
8. International Users and GDPR

Your Rights Under GDPR

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Legal Basis for Processing

We process your data based on legitimate interests (child safety), consent (for monitoring), and legal obligations (compliance with child protection laws).

Data Transfers

We ensure adequate protection for international data transfers through approved mechanisms like Standard Contractual Clauses and Privacy Shield frameworks.

9. Your Privacy Controls

Account Settings

  • Adjust alert sensitivity and notification preferences
  • Control what types of content trigger alerts
  • Manage connected devices and monitoring status
  • Export your data or request deletion

Communication Preferences

  • Opt out of marketing communications
  • Choose alert delivery methods (email, SMS, push)
  • Set quiet hours for non-urgent notifications
  • Customize report frequency and content
10. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our service.

Your continued use of our service after such modifications constitutes acceptance of the updated Privacy Policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your privacy rights, please contact us:

Kidox AI Inc.
Data Protection Officer
Email: privacy@kidox.ai
Address: [Your Company Address]
Phone: [Your Phone Number]

For EU residents, you also have the right to lodge a complaint with your local data protection authority.