Privacy Policy
We value your privacy and are committed to transparently explaining how we use, and protect your information.
Privacy Policy
Protejo — AI-Powered Parental Control Platform
Last updated: February 28, 2026
Protejo ("we," "our," or "us") operates the Protejo mobile applications (iOS and Android), web dashboard, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.
Protejo is designed to help parents protect their children online. We take the privacy of both parents and children extremely seriously — especially because our users include minors.
1. Information We Collect
1.1 Account Information
When you create a Protejo account, we collect:
Email address
Password (stored as a bcrypt hash — we never store or see your password)
Parent/child relationship identifiers
Device pairing codes (temporary, valid for 60 seconds)
1.2 Child Device Information
When the Protejo child app is installed and activated, we collect the following data from the child's device:
Data Type | What We Collect | Purpose | Retention |
|---|---|---|---|
Device Info | Device model, OS version, battery level, app version | Service functionality and troubleshooting | Duration of account |
Location | GPS coordinates (latitude, longitude, accuracy) | Real-time location tracking, geofencing, SOS safety features | 90 days for raw points; 365 days for downsampled history |
App Usage | Installed app names, usage duration, foreground time | Screen time monitoring and app management | 30 days for raw data; aggregated stats kept longer |
Screen Time | Daily device usage minutes (threshold-based on iOS) | Screen time reports for parents | 90 days |
SMS Messages | Message content, sender/recipient number, timestamp (Android only) | AI threat detection for cyberbullying, grooming, sextortion | 90 days, then permanently deleted |
Call Logs | Phone number, call duration, call type, timestamp (Android only) | Monitoring for safety concerns | 90 days, then permanently deleted |
Photos | Photo metadata and AI safety analysis results (Android only) | Detection of inappropriate or harmful images | 48 hours for scanned image data, then permanently deleted |
Web Activity | Blocked domain attempts | Web filtering enforcement | 90 days |
Push Tokens | Firebase Cloud Messaging device tokens | Sending commands and notifications to child device | Duration of account |
Heartbeat Data | Device status sent every 15 minutes (battery, connectivity, feature status) | Monitoring device health and feature operation | 30 days |
1.3 Parent Dashboard Data
When parents use the web or mobile dashboard:
Authentication tokens (JWT, session-based)
Dashboard preferences and settings
Screen time rules, bedtime schedules, web filter configurations
Alert acknowledgment history
1.4 Screen Share Sessions
When a parent requests a remote support screen share:
Screen frames are captured from the child's device only with the child's explicit consent
Frames are stored in memory only for the duration of the session (maximum 5 minutes)
Frames are never written to disk or database and are permanently discarded when the session ends
2. How We Use Information
We use collected information exclusively for the following purposes:
Child Safety: Detecting potential threats including cyberbullying, grooming, sextortion, self-harm indicators, and exposure to inappropriate content
AI Threat Analysis: Processing messages, images, and voice content through our AI pipeline to identify harmful patterns and generate threat scores
Parental Monitoring: Providing parents with dashboards showing location, screen time, app usage, and safety alerts
Screen Time Management: Enforcing daily limits, bedtime schedules, per-app restrictions, and web filters set by parents
Emergency Features: Enabling SOS alerts with location sharing and audio recording for child safety
Service Improvement: Aggregated, anonymized usage statistics to improve our AI detection accuracy
We do NOT use collected information for:
Advertising or ad targeting
Selling data to third parties
Building marketing profiles
Any purpose unrelated to child safety
3. AI Processing
Protejo uses a pipeline of 7 AI models to analyze content for safety threats:
Model | Purpose | Data Processed |
|---|---|---|
NSFW Classifier | Detect inappropriate images | Photo thumbnails (resized, max 512px) |
NudeNet | Detect explicit imagery | Photo thumbnails |
CLIP | Image content classification | Photo thumbnails |
Tesseract OCR | Extract text from images/memes | Photo thumbnails |
Whisper | Transcribe voice messages | Audio message files |
Toxicity Scorer | Detect harmful text | Message text content |
LLaVA/Ollama | Contextual threat analysis | Text + image descriptions |
Important: AI processing occurs on our dedicated servers (see Section 5). Image data sent for AI analysis is resized to a maximum of 512 pixels, processed, and the result (safe/unsafe + threat score) is returned. Original images are not stored on AI servers.
4. Data Retention and Automatic Deletion
We enforce strict data retention policies through automated daily cleanup processes:
Data Type | Retention Period | Deletion Method |
|---|---|---|
SMS messages | 90 days | Automated daily cron job |
Call logs | 90 days | Automated daily cron job |
Photo scan data | 48 hours | Automated daily cron job |
Location history (raw) | 90 days | Automated daily cron job |
Location history (downsampled) | 365 days | Automated yearly cleanup |
Screen time reports | 90 days | Automated daily cron job |
Web block logs | 90 days | Automated daily cron job |
Notifications | 90 days | Automated daily cron job |
Heartbeat data | 30 days | Automated daily cron job |
Screen share frames | 5 minutes (in-memory only) | Automatic on session end |
Safety alerts | Duration of account | Deleted on account deletion |
Account data | Duration of account | Deleted on account deletion |
Our automated retention system runs daily at 6:00 AM UTC. Data older than the specified retention period is permanently and irreversibly deleted.
5. Third-Party Services
We use the following third-party services to operate Protejo:
Service | Provider | Purpose | Data Shared | Location |
|---|---|---|---|---|
Cloud Hosting | DigitalOcean | Backend infrastructure | All backend data (encrypted at rest) | United States |
Database | PostgreSQL (on DigitalOcean) | Data storage | All stored data (encrypted at rest) | United States |
CDN & Security | Cloudflare | Traffic routing, DDoS protection | IP addresses, request metadata | Global |
Push Notifications | Firebase Cloud Messaging (Google) | Sending commands to child devices | Device tokens, notification payloads | United States |
Resend | Account verification, parent alerts | Email addresses, alert summaries | United States | |
AI Processing | Hetzner (self-hosted) | Image and text analysis | Resized images, message text | Germany |
App Distribution | Apple App Store | iOS app distribution | App metadata | United States |
App Distribution | Google Play Store | Android app distribution | App metadata | United States |
We do NOT share data with:
Advertisers or ad networks
Data brokers
Social media platforms
Any party not listed above
6. Children's Privacy (COPPA Compliance)
Protejo is a parental control application designed to monitor children's devices with parental consent and knowledge. We comply with the Children's Online Privacy Protection Act (COPPA) and similar international regulations:
Parental Consent Required: Protejo can only be installed on a child's device by a parent or legal guardian who has created an account and initiated the pairing process.
No Direct Child Accounts: Children do not create accounts or provide personal information directly to Protejo.
Minimal Data Collection: We collect only the data necessary to provide safety monitoring features.
Automatic Deletion: All sensitive data (SMS, call logs, photos) is automatically deleted within 48-90 days.
No Advertising: We never show ads to children or use children's data for advertising.
Parental Control: Parents can delete all of their child's data at any time through the dashboard (see Section 8).
Transparent Monitoring: We encourage parents to discuss Protejo's monitoring with their children. Our iOS app requires the child's explicit consent for screen share sessions.
7. Data Security
We implement the following security measures to protect your data:
Encryption in Transit: All data transmitted between devices and our servers uses TLS/HTTPS encryption
Encryption at Rest: Database is encrypted at rest on DigitalOcean managed infrastructure
Password Security: All passwords are hashed using bcrypt with salt
PIN Security: Device PINs are hashed using SHA-256 before storage
Authentication: JWT-based authentication with secure token handling
Rate Limiting: API endpoints are rate-limited to prevent abuse (heartbeat: 6/min, pairing: 5 attempts/5min)
IDOR Protection: All API endpoints verify parent-child relationships through authenticated tokens
Brute-Force Protection: Exponential backoff on failed PIN and pairing attempts
Screen Security: Login and registration screens are protected against screenshots on Android (FLAG_SECURE)
Data Isolation: Each family's data is strictly isolated; parents can only access their own children's data
Regular Audits: We conduct security audits of our codebase and infrastructure
8. Your Rights
For All Users (Global)
Access: View all data we hold about you and your children through the parent dashboard
Correction: Update your account information at any time
Deletion: Delete your account and all associated data
Export: Download a complete copy of your data in JSON format
GDPR Rights (European Users)
Under the General Data Protection Regulation, you have additional rights:
Right to Erasure (Article 17): Request complete deletion of all your child's data via the parent dashboard or by contacting us
Right to Data Portability (Article 20): Export all your child's data in a machine-readable JSON format via the parent dashboard
Right to Restrict Processing: Disable specific monitoring features at any time
Right to Object: Uninstall the child app at any time to stop all data collection
Data Protection Officer: Contact us at privacy@protejo.com for any GDPR-related requests
CCPA Rights (California Users)
Under the California Consumer Privacy Act:
Right to Know: Request details about the personal information we collect
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do not sell personal information to third parties
Non-Discrimination: We will not discriminate against you for exercising your rights
How to Exercise Your Rights
Self-Service: Use the parent dashboard to export or delete data
Email: Contact privacy@protejo.com
Response Time: We respond to all requests within 30 days
9. Data Storage Location
Our primary infrastructure is located in the United States (DigitalOcean). AI processing servers are located in Germany (Hetzner). By using Protejo, you consent to the transfer of data to these locations. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and other applicable regulations.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
Sending an email to the address associated with your account
Displaying a notice in the parent dashboard
Updating the "Last updated" date at the top of this policy
Your continued use of Protejo after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices:
Email: privacy@protejo.com
Support: support@protejo.com
Website: https://protejo.com/privacy
For GDPR-specific inquiries, please contact our Data Protection Officer at privacy@protejo.com.
12. Consent
By creating a Protejo account and installing the Protejo app on your child's device, you consent to the collection and use of information as described in this Privacy Policy. You confirm that you are the parent or legal guardian of the child whose device is being monitored, and that you have the legal authority to consent to this monitoring.
© 2026 Protejo. All rights reserved.
