Privacy Policy

We value your privacy and are committed to transparently explaining how we use, and protect your information.

PROTEJO PRIVACY POLICY

Effective Date: January 25, 2026
Last Updated: January 25, 2026

IMPORTANT LEGAL NOTICE: This Privacy Policy governs the collection, use, processing, and protection of personal information by Speshelly Ltd. and its affiliates ("Protejo," "we," "us," or "our") in connection with the Protejo child safety monitoring services and platforms accessible through protejo.net and associated mobile applications (collectively, the "Services").

By accessing, registering for, or using the Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy and our Terms of Service. If you do not agree with any provisions of this Policy, you must immediately cease all use of our Services.

TABLE OF CONTENTS

  1. Company Information and Legal Framework

  2. Services Overview and Data Processing Purpose

  3. Information We Collect

  4. How We Use Your Information

  5. Information Sharing and Disclosure

  6. Legal Basis for Data Processing

  7. Data Retention and Storage

  8. International Data Transfers

  9. Children's Privacy Protection

  10. Your Privacy Rights

  11. Data Security Measures

  12. Cookies and Tracking Technologies

  13. Third-Party Integrations

  14. Jurisdictional-Specific Provisions

  15. Policy Updates and Amendments

  16. Contact Information and Complaints

  17. COMPANY INFORMATION AND LEGAL FRAMEWORK
    ==========================================

Data Controller Information

Company Name: Speshelly Ltd.
Registration: Hong Kong Limited Liability Company
Company Number: 79247370
Registered Address: 1150 S Olive St, Los Angeles, CA 90015, United States
Business Address: 1150 S Olive St, Los Angeles, CA 90015, United States
European Representative: For EU-related inquiries, contact privacy@protejo.net. A formal EU representative will be designated in accordance with GDPR Article 27.
UK Representative: For UK-related inquiries, contact privacy@protejo.net. A formal UK representative will be designated in accordance with UK GDPR Article 27.
Contact Email: privacy@protejo.net
Data Protection Officer: dpo@protejo.net
Emergency Contact: emergency@protejo.net

Protejo operates globally and complies with applicable privacy laws in all jurisdictions where our services are offered, including but not limited to:

• General Data Protection Regulation (GDPR) — European Union
• Children's Online Privacy Protection Act (COPPA) — United States
• California Consumer Privacy Act (CCPA) and CPRA — California, USA
• Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada
• Privacy Act 1988 — Australia
• Personal Data Protection Act (PDPA) — Singapore
• Personal Data (Privacy) Ordinance (PDPO) — Hong Kong
• Federal Data Protection Act (FADP) — Switzerland
• Law of Georgia on Personal Data Protection — Georgia
• Protection of Privacy Law, 5741-1981 — Israel

  1. SERVICES OVERVIEW AND DATA PROCESSING PURPOSE
    =================================================

What Protejo Does

Protejo is an AI-powered child safety platform that monitors children's digital communications across messaging platforms, social media, and other digital interactions to detect and alert parents, guardians, and authorized professionals to potential threats including cyberbullying, online predators, harmful content, self-harm indicators, and other digital safety concerns.

Our Services include three main offerings:

• Protejo Family: Consumer service for parents and guardians
• Protejo Pro: Professional service for mental health practitioners and therapists
• Protejo Business: Enterprise service for schools, organizations, and institutions

Technical Processing Overview

Our Services utilize advanced artificial intelligence algorithms, natural language processing, computer vision, and machine learning technologies to:

• Analyze text communications in real-time across 8+ languages
• Process multimedia content including images, videos, and audio
• Detect patterns indicative of potential safety threats
• Generate risk assessments and safety alerts
• Provide comprehensive safety analytics and reporting

  1. INFORMATION WE COLLECT
    =========================

IMPORTANT: Comprehensive Data Collection Notice
Due to the nature of our child safety services, we collect and process extensive personal information. This section details ALL categories of information we may collect, process, or access through your use of our Services.

3.1 Account Registration Data

• Full name and contact information
• Email address and phone number
• Billing address and payment details
• Account credentials and security information
• Service plan and subscription details
• Customer support interactions

3.2 Child and Monitored User Data

• Child's name, age, and basic demographics
• School information and educational details
• Device information and identifiers
• Contact lists and social connections
• Digital communications content (full text)
• Multimedia files (images, videos, audio)

3.3 Communications Content

• Text messages and instant messaging
• Social media posts and interactions
• Email content and metadata
• Comments, reactions, and shares
• Private and group conversations
• Multimedia messages and attachments

3.4 Digital Activity Data

• Website browsing history and patterns
• Application usage and interactions
• Search queries and terms
• Online purchases and transactions
• Gaming activities and communications
• Streaming and content consumption

3.5 Technical and Device Data

• Device identifiers and specifications
• Operating system and software versions
• IP addresses and network information
• Location data and GPS coordinates
• App permissions and access logs
• Performance and diagnostic data

3.6 Sensitive Personal Data

• Mental health and emotional state indicators
• References to personal relationships
• Academic and social challenges
• Behavioral patterns and preferences
• Physical and emotional development
• Family dynamics and home environment

Data Collection Methods

We collect information through various methods:

• Direct Collection: Information you provide during registration and account setup
• Automated Collection: Data collected through our monitoring software and APIs
• Third-Party Integration: Information received from connected platforms and services
• Device Monitoring: Data collected directly from monitored devices and applications
• Manual Input: Information manually entered by account administrators

  1. HOW WE USE YOUR INFORMATION
    ===============================

Primary Service Purposes

• Safety Monitoring: Real-time analysis of digital communications for safety threats
• Threat Detection: Identification of cyberbullying, predatory behavior, and harmful content
• Alert Generation: Creation and delivery of safety alerts and notifications
• Risk Assessment: Evaluation of safety risks and threat severity levels
• Behavioral Analysis: Pattern recognition for emotional and behavioral changes
• Safety Reporting: Generation of comprehensive safety reports and analytics

Secondary Processing Purposes

• Account management and customer service provision
• Billing, payment processing, and subscription management
• Service improvement and feature development
• Technical troubleshooting and system maintenance
• Legal compliance and regulatory reporting
• Fraud prevention and security enhancement
• Marketing and promotional communications (with consent)
• Research and analytics for service optimization

Artificial Intelligence and Automated Processing

Important: Our Services extensively utilize artificial intelligence, machine learning, and automated decision-making systems. These systems process all collected data to identify potential safety threats and generate alerts. While we strive for accuracy, no automated system is perfect, and false positives or missed threats may occur.

• Natural Language Processing for text analysis in 8+ languages
• Computer vision algorithms for image and video content analysis
• Behavioral pattern recognition and anomaly detection
• Sentiment analysis and emotional state assessment
• Predictive modeling for risk assessment
• Automated alert prioritization and categorization

  1. INFORMATION SHARING AND DISCLOSURE
    =====================================

Authorized Recipients

We may share your information with the following categories of recipients:

Service Providers and Processors

• Cloud computing and data storage providers
• AI and machine learning service providers
• Payment processors and billing services
• Customer support and communication platforms
• Security and fraud prevention services
• Analytics and performance monitoring services

Mandatory Disclosures

We may disclose personal information when required by law or to protect safety:

• Child Protection: Reports to child protective services or law enforcement when we identify imminent threats to child safety
• Legal Process: Compliance with court orders, subpoenas, warrants, and legal investigations
• Emergency Situations: Disclosure to emergency services when immediate intervention is necessary
• Regulatory Compliance: Reporting to educational authorities, licensing bodies, or regulatory agencies as required

Business Transfers

In the event of merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy.

Professional Service Providers

For Protejo Pro users, information may be shared with licensed mental health professionals, therapists, and healthcare providers as specifically authorized by the account holder and in accordance with applicable healthcare privacy laws.

  1. LEGAL BASIS FOR DATA PROCESSING
    ===================================

We process personal information based on the following legal grounds:

GDPR Legal Bases (EU/EEA Users)

• Consent: Explicit consent for monitoring and processing child communications
• Contract: Performance of our service agreement with you
• Legitimate Interests: Child safety protection, fraud prevention, and service improvement
• Legal Obligation: Compliance with child protection and mandatory reporting requirements
• Vital Interests: Protection of life and safety in emergency situations

Hong Kong PDPO Legal Bases

• Data collected for a lawful purpose directly related to the function of Protejo
• Data collection is necessary and not excessive for child safety purposes
• Data subjects are informed of collection purposes through this Privacy Policy
• Personal data is retained only as long as necessary for the purpose of collection

Consent Requirements

For certain processing activities, we require explicit consent:

• Monitoring of children's digital communications
• Processing of sensitive personal data
• Marketing and promotional communications
• Non-essential cookies and tracking technologies
• Data sharing with third-party research partners

  1. DATA RETENTION AND STORAGE
    =============================

Retention Periods

Active Monitoring Data
Retained for the duration of active service plus 30 days for technical processing.

Safety Alerts and Reports
Retained for 7 years for child protection and legal compliance purposes.

Account Information
Retained for 3 years after account closure for billing and legal purposes.

Financial Records
Retained for 7 years as required by tax and accounting regulations.

Media Files (Images, Voice Messages, Videos)
Automatically and permanently deleted from our servers after 48 hours. No exceptions. No archive.

Data Deletion

Upon service termination or valid deletion request:

• Active monitoring data is deleted within 30 days
• Media files are automatically deleted after 48 hours during active service
• Aggregated and anonymized data may be retained indefinitely
• Legal hold data is preserved as required by law
• Backup systems are purged within 90 days

  1. INTERNATIONAL DATA TRANSFERS
    ================================

Cross-Border Data Processing

Protejo is incorporated in Hong Kong and operates globally. Personal information may be transferred across international borders and processed in Hong Kong, the United States, European Union, Israel, and other countries where we or our service providers maintain facilities.

Transfer Safeguards

For transfers outside your jurisdiction, we implement appropriate safeguards:

• Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
• Standard Contractual Clauses: EU-approved contractual protections for GDPR compliance
• Binding Corporate Rules: Internal data protection standards across our global operations
• Certification Programs: Participation in recognized privacy certification frameworks
• Specific Derogations: Necessary transfers for service provision and safety protection
• Hong Kong Cross-Border Transfers: Compliance with PDPO Section 33 requirements for transfers outside Hong Kong

Data Localization Compliance

We comply with local data residency requirements in jurisdictions that mandate in-country storage, including provisions for:

• Local data centers and processing facilities
• Regional service provider partnerships
• Jurisdiction-specific access controls
• Regulatory compliance reporting

  1. CHILDREN'S PRIVACY PROTECTION
    =================================

SPECIAL PROTECTIONS FOR CHILDREN
Children's privacy requires enhanced protection. This section outlines our specific measures for protecting minors' personal information in compliance with COPPA, GDPR Article 8, Hong Kong PDPO, and other applicable children's privacy laws.

Age Verification and Consent

• Service Access: Only adults (18+) may register for and configure monitoring services
• Parental Consent: Verifiable parental consent required for monitoring children under 13
• Teen Privacy: Enhanced privacy protections for users aged 13-17
• Educational Context: Specific protections under FERPA for school-based monitoring

Child Data Processing Limitations

• Data collection limited to safety protection purposes only
• No behavioral advertising or commercial profiling of children
• Enhanced security measures for child-related information
• Restricted data sharing with third parties
• Expedited deletion upon parental request

Parental Rights and Controls

Parents and legal guardians have the right to:

• Review all information collected about their child
• Request correction or deletion of child's personal data
• Control data sharing and third-party access
• Withdraw consent and terminate monitoring at any time
• Receive detailed reports on data processing activities

What the Child Experiences

• The child does NOT receive any notification that monitoring is active
• There is NO app installed on the child's phone
• The child's messaging apps work normally with no slowdown or visible changes
• The child's privacy is respected for normal, safe conversations
• Only content flagged as dangerous by AI is made visible to the parent

  1. YOUR PRIVACY RIGHTS
    ========================

Universal Privacy Rights

Regardless of your location, you have the following rights regarding your personal information:

Access and Portability Rights

• Right to Access: Request copies of all personal information we hold about you
• Data Portability: Receive your data in a structured, machine-readable format
• Processing Information: Details about how and why we process your information

Correction and Deletion Rights

• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure: Request deletion of your personal information (with limitations for legal compliance)
• Right to Restriction: Limit how we process your information in certain circumstances

Control and Objection Rights

• Right to Object: Object to processing based on legitimate interests
• Automated Decision Rights: Object to decisions based solely on automated processing
• Consent Withdrawal: Withdraw consent at any time (without affecting prior processing)

Hong Kong PDPO Rights

• Right to request access to and correction of personal data held by Protejo
• Right to request information about our data policies and practices
• Right to be informed of the kind of personal data held and the main purposes for which it is used

Exercising Your Rights

To exercise your privacy rights:

• Online Portal: Access our self-service privacy portal at privacy.protejo.net
• Email Request: Send detailed requests to privacy@protejo.net
• Written Request: Mail requests to our business address with identity verification
• Customer Support: Contact support@protejo.net for assistance

Response Timeline

We will respond to valid requests within:

• GDPR Requests: 30 days (extendable to 60 days for complex requests)
• CCPA Requests: 45 days (extendable to 90 days with notification)
• Hong Kong PDPO Requests: 40 days from receipt of request
• Emergency Requests: Within 72 hours for safety-related concerns
• Other Jurisdictions: As required by applicable local laws

  1. DATA SECURITY MEASURES
    ===========================

Comprehensive Security Framework

We implement industry-leading security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

Encryption
• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• End-to-end encryption for sensitive communications
• Hardware security modules (HSMs) for key management

Access Controls
• Multi-factor authentication (MFA) requirements
• Role-based access control (RBAC)
• Principle of least privilege implementation
• Regular access reviews and deprovisioning

Infrastructure Security
• SOC 2 Type II compliant data centers
• Network segmentation and firewalls
• Intrusion detection and prevention systems
• Regular security testing and penetration testing

Monitoring and Response
• 24/7 security operations center (SOC)
• Real-time threat detection and response
• Comprehensive audit logging
• Incident response procedures

Organizational Security Measures

• Employee Training: Regular privacy and security awareness training
• Background Checks: Comprehensive screening for personnel with data access
• Confidentiality Agreements: Strict contractual obligations for all staff
• Security Certifications: ISO 27001, SOC 2, and other relevant certifications
• Third-Party Assessments: Regular independent security audits

Data Breach Notification

In the event of a data breach affecting personal information:

• Regulatory authorities notified within 72 hours (where required by GDPR)
• Hong Kong Privacy Commissioner for Personal Data notified as required under PDPO
• Affected users notified without undue delay
• Detailed incident reports provided as required
• Remediation measures implemented immediately
• Post-incident reviews and security improvements

  1. COOKIES AND TRACKING TECHNOLOGIES
    ======================================

Types of Cookies and Technologies Used

Essential Cookies
Required for basic service functionality.
• Authentication and session management
• Security and fraud prevention
• Load balancing and performance
• User preference storage

Analytics Cookies
Help us understand service usage patterns.
• Google Analytics (anonymized)
• Service performance monitoring
• Feature usage statistics
• Error tracking and diagnostics

Marketing Cookies
Support marketing and advertising activities.
• Campaign effectiveness measurement
• Social media integration
• Personalized content delivery
• Cross-platform user recognition

Cookie Management

You can control cookie usage through:

• Browser Settings: Disable or delete cookies through browser preferences
• Cookie Consent Banner: Manage preferences through our consent management platform
• Opt-Out Tools: Use industry opt-out tools like NAI Consumer Opt-Out
• Do Not Track: We honor Do Not Track browser signals where technically feasible

  1. THIRD-PARTY INTEGRATIONS
    ==============================

Platform Integrations

Our Services integrate with various third-party platforms to provide comprehensive monitoring:

• Messaging Platforms: WhatsApp, Telegram, Discord, Snapchat
• Social Media: Instagram, TikTok, Twitter, Facebook
• Email Services: Gmail, Outlook, Apple Mail
• Gaming Platforms: Xbox Live, PlayStation Network, Steam
• Educational Systems: Google Classroom, Microsoft Teams for Education

Service Provider Categories

Technology Infrastructure
• Amazon Web Services (AWS) — Cloud infrastructure
• Microsoft Azure — AI and machine learning services
• Google Cloud Platform — Data processing and analytics
• Cloudflare — Content delivery and security

Data Processor Agreements

All third-party service providers are bound by:

• Comprehensive data processing agreements
• GDPR-compliant Standard Contractual Clauses
• Regular security assessments and audits
• Incident notification and response procedures
• Data return and deletion obligations

  1. JURISDICTIONAL-SPECIFIC PROVISIONS
    =======================================

Hong Kong (PDPO)
• Compliance with the Personal Data (Privacy) Ordinance (Cap. 486)
• Adherence to the six Data Protection Principles
• Registration with the Office of the Privacy Commissioner for Personal Data where required
• Cross-border data transfer compliance under Section 33
• Data breach notification to the Privacy Commissioner

European Union (GDPR)
• Legal basis requirements for all processing
• Enhanced consent mechanisms for children
• Data Protection Officer appointment
• Privacy by design and by default
• Data protection impact assessments
• Supervisory authority cooperation

United States (COPPA/CCPA)
• Verifiable parental consent for children under 13
• California Consumer Privacy Act compliance
• FERPA compliance for educational settings
• State-specific privacy law compliance
• Mandatory reporting obligations

Canada (PIPEDA)
• Meaningful consent requirements
• Privacy breach notification obligations
• Cross-border transfer restrictions
• Provincial privacy law compliance

Australia (Privacy Act)
• Australian Privacy Principles compliance
• Notifiable data breach scheme
• Cross-border disclosure restrictions
• Children's privacy considerations

Israel (Privacy Protection Law)
• Database registration requirements
• Transfer abroad authorization
• Individual rights enforcement
• Privacy Protection Authority oversight

Singapore (PDPA)
• Consent and notification obligations
• Data protection officer appointment
• Data breach notification requirements
• Cross-border transfer restrictions

Switzerland (FADP)
• Federal Data Protection Act compliance
• Cross-border transfer safeguards
• Data subject rights enforcement
• Federal Data Protection and Information Commissioner oversight

Georgia (Personal Data Protection Law)
• Compliance with the Law of Georgia on Personal Data Protection
• Registration with the State Inspector's Office where required
• Data subject rights as defined under Georgian law

Other Jurisdictions
• Local privacy law compliance
• Data localization requirements
• Regulatory registration and reporting
• Cross-border transfer mechanisms

  1. POLICY UPDATES AND AMENDMENTS
    ==================================

Notification of Changes

We may update this Privacy Policy to reflect:

• Changes in applicable privacy laws and regulations
• New service features and data processing activities
• Enhanced security measures and technical improvements
• Business model changes or corporate transactions
• User feedback and privacy best practices

Material Changes Process

For material changes affecting your privacy rights:

• 30-Day Notice: Email notification to all registered users
• Website Banner: Prominent notice on all service pages
• In-App Notification: Direct notification through mobile applications
• Consent Refresh: Request for new consent where required by law
• Opt-Out Period: Opportunity to object or withdraw consent before changes take effect

Version Control

All previous versions of this Privacy Policy are archived and available upon request for reference and compliance purposes.

  1. CONTACT INFORMATION AND COMPLAINTS
    =======================================

Privacy Contact Information

General Privacy Inquiries
Email: privacy@protejo.net
Response Time: 5 business days

Data Protection Officer
Email: dpo@protejo.net
Response Time: 10 business days

Customer Support
Email: support@protejo.net
Response Time: 48 hours

Emergency Safety Concerns
Email: emergency@protejo.net
Phone: +1 (323) 686-3424
Response Time: 24 hours

Legal and Compliance
Email: legal@protejo.net
Postal Address: Speshelly Ltd., Attn: Legal Department, 1150 S Olive St, Los Angeles, CA 90015, United States

Regulatory Complaints

If you believe we have not adequately addressed your privacy concerns, you may file complaints with:

Hong Kong
• Office of the Privacy Commissioner for Personal Data (PCPD)
• Website: www.pcpd.org.hk
• Hotline: +852 2827 2827

European Union
• Your local Data Protection Authority
• European Data Protection Board (EDPB)
• Irish Data Protection Commission (lead authority)

United States
• Federal Trade Commission (FTC)
• California Attorney General (CCPA violations)
• State attorneys general offices

United Kingdom
• Information Commissioner's Office (ICO)
• Website: www.ico.org.uk

Other Jurisdictions
• Office of the Privacy Commissioner of Canada
• Australian Information Commissioner (OAIC)
• Israel Privacy Protection Authority
• Singapore Personal Data Protection Commission (PDPC)
• Swiss Federal Data Protection and Information Commissioner (FDPIC)
• Local privacy regulatory authorities

Alternative Dispute Resolution

We participate in alternative dispute resolution programs for privacy-related complaints:

• JAMS Privacy and Data Protection Arbitration Rules
• Better Business Bureau (BBB) privacy dispute resolution
• Industry-specific privacy complaint resolution programs

EFFECTIVE DATE AND ACKNOWLEDGMENT

This Privacy Policy is effective as of January 25, 2026. By using our Services after this date, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

Document Version: 1.1
Last Review Date: January 25, 2026
Next Scheduled Review: July 25, 2026

© 2026 Protejo (Speshelly Ltd.). All rights reserved.

Get App

Download

Download