SafeFeed shield logo SafeFeed

Privacy Policy

Last updated: 27 April 2026 · Draft pending legal review before public launch.

I built SafeFeed because I wanted a kids' video app that wasn't quietly profiling my children. So this policy is short, it's in plain English, and it tells you exactly what happens to your family's data.

The two-line summary: We collect what's needed to make the apps work and nothing else. We never sell, share, or rent your data. Children's data is handled under COPPA and UK GDPR Age-Appropriate Design Code rules, period.

What we collect

From parents

  • Email address and password, for signing in.
  • Display name (whatever you want shown to your family — usually a first name).
  • Subscription state (active / trial / past due) from Apple or Google's billing systems. We see that you have a subscription, not your card number.
  • Push notification token, so we can ping you when your kid watches a video you sent.
  • The list of videos you've shared, who you sent them to, and timestamps. Held for 12 months for your history view, then deleted.

From children

  • A nickname (e.g. "Lily") and an age range — both entered by the parent, not the child.
  • An avatar emoji — chosen by the parent.
  • Whether they've downloaded and watched each video sent to them. We use this for two things: (a) deleting the video file from our servers once everyone's downloaded it, and (b) telling the parent who shared it that their kid watched it.
  • A push notification token on the child's device, so we can deliver "your parent sent you a video" notifications.

What we do NOT collect from children

  • No email address. The child doesn't enter one — they don't have an account in any conventional sense.
  • No advertising ID. The child app explicitly disables Android ad-ID collection in its manifest.
  • No location data. We don't ask for it, the manifest doesn't request it.
  • No third-party analytics SDKs in the child app. (We use Firebase Analytics for product metrics, configured in strict mode — anonymous categorical events only, no user IDs ever, no advertising-ID collection.)
  • No contacts, no microphone, no camera (the kid app doesn't use any of those).

Video content

Videos shared through SafeFeed are delivered directly to your child's device and are not stored permanently on our servers. Metadata about shared videos — such as the title, platform, who shared it, and watch status — is retained for 12 months to power your history view, then deleted. We do not analyze, scan, or use video content for any purpose other than delivery to your family.

Who has access to your data

  • You and your family. The parent app shows the parent's own data; the child app shows the child's own feed. Cross-family reads are blocked at the Firestore rules level — a misbehaving client can't read another family's data even if it tries.
  • Our backend. Server-side code (Firebase Admin SDK + a small Python service) needs administrative access to manage the data. Our staff can technically read it during operations work; in practice we don't, except when investigating a specific issue you've reported.
  • Nobody else. We do not sell data. We do not rent data. We do not share data with advertisers, brokers, analytics partners, or anyone else.

Subprocessors

SafeFeed uses the following third-party services to operate:

  • Google Firebase — authentication, database, cloud messaging, and analytics.
  • Railway — backend infrastructure.
  • Stripe — payment processing, we never see your full card number.
  • Apple App Store — payment processing for iOS subscribers.

COPPA + UK GDPR-K commitments

SafeFeed is a "general audience app" under COPPA, but the child app is plainly designed for under-13 use. We've structured it accordingly:

  • The parent (verifiable account holder over 13) explicitly creates each child profile.
  • Children don't enter PII — no email, name, address, or phone. The parent enters a nickname.
  • No third-party advertising. No behavioural profiling. No interest categories built about children.
  • Parents can delete all their family's data at any time from the Settings → Delete account flow.
  • We comply with verifiable-parental-consent requirements: the parent's act of installing the parent app, paying for the service, and entering child information IS the consent record.

Your rights

You can:

  • See and edit your data — most of it lives in the parent app's Settings screen.
  • Export your data on request — email hello@safefeed.app and we'll send a JSON dump within 30 days.
  • Delete your data — Settings → "Delete my family's data" wipes everything within 30 days, both children and parents.
  • Restrict processing or object to use — same email, we'll discuss.

How long we keep things

  • Video files: until every recipient has downloaded them, then deleted (usually within an hour).
  • Video metadata: 12 months from share date, then deleted.
  • Account data: as long as your account is active. After deletion: removed within 30 days.
  • Backups: we keep encrypted operational backups for up to 30 days after deletion, after which deleted data is gone.

Where data lives

Firebase data is hosted in Google's US data centers. Railway data is hosted in the US. If you're in the UK / EU and this matters to you for GDPR purposes, get in touch — we're happy to discuss specifics.

Security

All data is encrypted in transit and at rest. Access to your family's data is strictly controlled — only you and the family members you've added can see your content. We use industry-standard authentication and regularly review our security practices. If you discover a security issue, please email hello@safefeed.app and we'll respond promptly.

Changes to this policy

If we change this policy materially we'll tell you in the parent app and ask you to acknowledge. For minor edits (typo fixes, clarifications) we'll just update the "last updated" date at the top.

Contact

Questions about privacy, complaints, data requests, takedowns: hello@safefeed.app.

SafeFeed, Ltd is a Colorado limited liability company run by Etienne Hardre. There's no PR department.