How we protect your family's data
Kidence only works if parents and schools can trust us completely with something precious: information about children. This page explains, in plain language, every safeguard we build in — and how our practices line up with the world's strictest children's-privacy expectations.
Our one-sentence promise: we collect the minimum, we protect it seriously, we never make money from it, and when you leave, it's gone.
The five principles behind everything
Minimum data, always
Kidence measures how long and which apps — never what was said or seen. We do not read messages, capture screenshots, log keystrokes, track location, or access photos, contacts, calls, camera, or microphone. We don't even store your child's full birth date — only the birth month and year, which is all we need for age-appropriate insights.
The parent is in charge — and the child is never watched in secret
Monitoring starts only after a parent sets it up and consents. On the child's device, Kidence shows a persistent, always-visible notification whenever monitoring is active, and the app includes a screen where the child can see exactly what is and isn't monitored. There is no hidden mode, and there never will be.
Children's data is never a product
No advertising. No selling or renting data. No data brokers or "partners." Kidence is funded by subscriptions — full stop. The only companies that touch your data are the infrastructure providers who run our service (listed below), under contracts that prohibit any other use.
Insights, not control — and never automated punishment
Kidence shows information and plain-language guidance. It does not block apps, cut off the internet, or restrict the device — and a wellbeing score can never automatically trigger any restriction. Decisions stay with humans in the family.
Leaving is easy and complete
Delete your account from inside the app, or from a public web page even after uninstalling. Deletion permanently removes every child profile, device record, usage event, score and report — including school-linked data — in one irreversible sweep. You can export your data first.
What we collect — and what we never touch
| We collect | We never collect |
|---|---|
| Screen-time durations and session patterns | Message or chat content, from any app |
| Which apps were used, when, for how long | Browsing content or URLs |
| App categories (games, social, education…) | Photos, videos, or files on the device |
| Device basics (model, OS version) | Contacts or call logs |
| Parent account details (name, email) | Location or movement tracking |
| Child's first name, birth month/year, gender | Camera or microphone access |
| Subscription status (payments via Google Play) | Keystrokes, passwords, full birth date, IDs, biometrics |
How we protect it
Encrypted everywhere it moves
All traffic between the app, our servers, and our database is encrypted with TLS, with server certificates cryptographically verified end to end — including on the internal link between our application and the database.
Encrypted where it rests
All stored data is protected with AES-256 encryption at rest in our database infrastructure.
Children are pseudonymous inside the system
Throughout processing, each child is referenced by an irreversible cryptographic code — not by name. Usage records, scores and reports are keyed to that code, which is constructed so it cannot be reverse-engineered into the child's identity.
Strict family isolation
A parent account can only ever see its own family's children. That isn't just policy — it's enforced in every data query, and continuously verified by automated attack tests that try (and fail) to read one family's data from another family's account.
Serious account security
Passwords must be 12–18 characters and are stored with bcrypt, a deliberately slow hashing algorithm built to resist cracking. Login, password-reset and account-deletion endpoints carry always-on brute-force protection — rate limits, attempt caps and automatic lockouts. Password-reset codes are stored only as cryptographic hashes and become invalid after five wrong guesses. Every account must verify its email before doing anything.
Every access is logged — and you can see the log
Access to personal data is recorded in an audit trail, and parents can view their own access log from the app at any time. When an account is deleted, a final audit record of the deletion itself is preserved so the erasure is provable.
Deletion that actually deletes
Account deletion is a hard delete across every table that holds your family's data — profiles, devices, usage history, scores, alerts, reports, consents and any school-program links — executed as a single all-or-nothing operation. It works in-app and from a public web page (kidence.app/delete-account) even after you've uninstalled, protected by an emailed confirmation link.
Data doesn't linger
Usage data is retained only for as long as it serves the insights you signed up for, with automated purging. We keep no indefinite archives of children's activity.
A small, disciplined set of service providers
Kidence runs on Supabase (database), Railway (application hosting), Brevo (transactional email — verification and reports only, never marketing to children), Google Firebase (push notifications, crash diagnostics and aggregate app analytics — with advertising-ID collection disabled), Sentry (error monitoring, configured to scrub personal data), and Google Play (billing). Each processes data solely to provide its service to us — the same list, with the same limits, disclosed in our Privacy Policy. There are no advertising SDKs and no data-broker integrations anywhere in Kidence.
Prepared for the worst, in writing
We maintain a documented breach-response plan. If a breach ever affects your data, we commit to notifying affected families and the relevant authorities within legally required timeframes — and to telling you plainly what happened and what we did about it.
Engineering rigor as a habit
Every change to Kidence runs through 550+ automated tests, including a dedicated security suite that actively attempts brute-force, injection, cross-family access and data-leak attacks against the live code. We run recurring in-depth security audits of how children's data is stored, retrieved and displayed — most recently in July 2026 — and we fix what we find before we build new features.
For schools: how the school portal protects students
- Numbers, not judgments. The portal shows measured screen-time statistics. Individual wellbeing scores and risk levels are exclusively for parents and are never shared with schools.
- No small-group exposure. Any statistic covering fewer than five students is suppressed entirely — a class view can never be narrowed down to a single child.
- Parents opt in, per child, and can leave any time. A child appears in the school program only after their parent explicitly consents; revoking erases the child's school-linked data on a short, published schedule.
- Teachers see less than administrators. Teacher access is limited to their own assigned classes, with school-controlled settings for whether names are visible at all.
- Separate keys to a separate room. The portal runs on its own credentials, authentication tokens and database access paths — school logins cannot touch parent data, and vice versa. School accounts have brute-force lockouts and enforced password rotation.
- If a family deletes their account, the school data goes too. Only the anonymous class-level aggregate remains — with no path back to any individual child.
Where we stand on children's-privacy standards
| What the law asks | How Kidence is built for it |
|---|---|
| Parental consent before processing a child's data | Monitoring exists only inside a parent-created, email-verified account; consent is captured per child, versioned, and re-requested when terms change |
| No advertising to children; no selling children's data | No ads, no ad SDKs, no data sales — structurally, not just contractually |
| Data minimisation | Metadata-only collection; birth month/year instead of full birth date; no location, content, contacts or media |
| The child must not be monitored covertly | Persistent on-device notification + an in-app transparency screen for the child; no stealth mode exists |
| Security safeguards (encryption, access control, logging) | Verified TLS everywhere (including database links), AES-256 at rest, pseudonymisation, family-scoped access, audit logs, always-on brute-force protection |
| Rights to access, portability, correction, erasure | In-app machine-readable export, live-record correction, and a hard-delete cascade across all systems (including school links), in-app and via public web |
| Profiling must never auto-restrict the child | Insights-only by design — scores inform parents; they never trigger device restrictions |
| Breach notification | Documented breach-response plan with committed notification timelines |
| Aggregate school data must not identify individuals | A five-student anonymity floor + numbers-only portal + no per-child risk data to schools |
These expectations come from regimes like India's DPDP Act, the US COPPA rule, the EU/UK GDPR and the UK Children's Code, and their counterparts worldwide. We describe our posture as designed to align — we don't claim certifications we don't hold, and where a market requires something we haven't finished building, we complete it before launching there rather than launching and catching up.
Your rights, in one place
- See what data we hold — export it in a machine-readable format.
- Correct personal details.
- Delete everything, permanently — in-app or at kidence.app/delete-account.
- Withdraw consent or leave a school program, per child.
- Review the audit log of access to your data.
- Ask us anything — grievance / data-protection contact: [email protected].
Children can see what's monitored on their own device at any time, and the monitoring notification cannot be hidden.
Questions we hear from parents and schools
Can Kidence read my child's messages?
No — technically cannot, not merely "does not." The app has no access to message content, notification contents, or what's on screen.
Can the school see my child's wellbeing score?
No. Schools see aggregate screen-time numbers only. Scores and risk levels are visible to parents alone.
Does my child know they're being monitored?
Yes, always. A persistent notification is visible on their device whenever monitoring runs, and the app shows them exactly what is measured.
What happens when my child grows up?
Monitoring is a family decision for minors. When your family no longer needs Kidence, deletion removes the entire history — the record of a child's teenage screen habits doesn't follow them into adulthood.
Where is the data stored?
In professionally managed cloud infrastructure (Supabase/AWS), encrypted at rest, with access restricted to the Kidence service itself.
Who can I talk to?
[email protected] — a real person answers, and privacy questions go to the top of the queue.
Kidence