Privacy Policy
Last updated: March 16, 2026 · Effective: March 16, 2026
The short version: MyKidsDay is a parental monitoring tool. Parents authorize us to monitor their child's device activity. We collect only what's needed to generate nightly summaries. We never sell data. We never share data with third parties except as required to operate the service. Children's data is handled with the highest care.
1. Who We Are
MyKidsDay ("we," "us," or "our") operates mykidsday.ai, an AI-powered parental monitoring platform. We provide parents with nightly AI-generated summaries of their child's digital activity to support informed, calmer parenting.
Contact us: privacy@mykidsday.ai
2. Information We Collect
Parent Account Information
- Name and email address
- Password (hashed using bcrypt — never stored in plain text)
- Billing information (processed by Stripe — we never see or store card numbers)
- Notification preferences and timezone
Child Device Activity (collected with parent authorization)
- DNS queries (websites and domains visited)
- App usage and screen time (via Apple Screen Time API)
- iMessage and SMS metadata (contact names, message volume, tone analysis — not full message content stored permanently)
- Search terms (from DNS-level monitoring)
iCloud Credentials (optional)
- If a parent connects their child's iCloud account, we store the credentials in AES-256 encrypted form
- Credentials are used solely to retrieve iMessage data for summary generation
- We strongly recommend using Apple app-specific passwords rather than the primary Apple ID password
- Parents may delete stored credentials at any time from Settings
3. How We Use Information
- To generate nightly AI-powered summaries for parents
- To calculate risk scores and surface parenting nudges
- To send summary emails via Resend
- To process payments via Stripe
- To improve our AI models (using anonymized, aggregated data only — never individual child data)
- To provide customer support
We do not use child activity data for advertising. We do not sell data to third parties. Ever.
4. COPPA — Children Under 13
MyKidsDay is designed for use by parents to monitor their children. We do not knowingly collect personal information directly from children under 13. All data collection is parent-authorized and parent-controlled. Parents may review, export, or delete their child's data at any time by contacting privacy@mykidsday.ai.
In compliance with the Children's Online Privacy Protection Act (COPPA):
- Parents provide verifiable consent by creating an account and authorizing monitoring
- Parents may request deletion of all data at any time
- We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary
- We retain child activity data for a maximum of 12 months, after which it is automatically deleted
5. Data Retention
- Daily activity logs: retained for 90 days, then deleted
- Nightly summary emails: retained for 12 months
- Account information: retained until account deletion
- iCloud credentials: deleted immediately upon parent request or account deletion
- Billing records: retained as required by law (typically 7 years)
6. Data Security
- All data transmitted over HTTPS/TLS
- Passwords hashed with bcrypt (cost factor 12)
- iCloud credentials encrypted with AES-256-CBC
- JWT authentication with cryptographically secure secrets
- Rate limiting on all authentication endpoints
- Database access restricted to application server only
- Regular security audits planned quarterly
7. Third-Party Services
- Stripe — payment processing (privacy policy)
- Resend — transactional email delivery (privacy policy)
- Anthropic Claude — AI summary generation. Prompts include anonymized activity data. Anthropic does not use API inputs to train models by default.
- DigitalOcean — cloud infrastructure hosting in the United States
8. Your Rights
You have the right to:
- Access all data we hold about you and your child
- Correct inaccurate information
- Delete your account and all associated data
- Export your data in a portable format
- Withdraw consent for monitoring at any time
- Lodge a complaint with a supervisory authority
To exercise any of these rights, email privacy@mykidsday.ai. We respond within 5 business days.
9. Cookies
We use only essential cookies required for authentication (JWT tokens stored in localStorage — not cookies). We do not use tracking cookies, analytics cookies, or advertising cookies.
10. Changes to This Policy
We will notify registered users by email of any material changes to this privacy policy at least 30 days before they take effect. Continued use of MyKidsDay after changes take effect constitutes acceptance of the updated policy.
11. Contact
Questions about this privacy policy or your data:
📧 privacy@mykidsday.ai
🌐 mykidsday.ai