SSafeFeed

Privacy Policy

Last updated: 27 April 2026 · Draft pending legal review before public launch.

I built SafeFeed because I wanted a kids' video app that wasn't quietly profiling my children. So this policy is short, it's in plain English, and it tells you exactly what happens to your family's data.

The two-line summary: We collect what's needed to make the apps work and nothing else. We never sell, share, or rent your data. Children's data is handled under COPPA and UK GDPR Age-Appropriate Design Code rules, period.

What we collect

From parents

  • Email address and password, for signing in.
  • Display name (whatever you want shown to your family — usually a first name).
  • Subscription state (active / trial / past due) from Apple or Google's billing systems. We see that you have a subscription, not your card number.
  • Push notification token, so we can ping you when your kid watches a video you sent.
  • The list of videos you've shared, who you sent them to, and timestamps. Held for 12 months for your history view, then deleted.

From children

  • A nickname (e.g. "Lily") and an age range — both entered by the parent, not the child.
  • An avatar emoji — chosen by the parent.
  • Whether they've downloaded and watched each video sent to them. We use this for two things: (a) deleting the video file from our servers once everyone's downloaded it, and (b) telling the parent who shared it that their kid watched it.
  • A push notification token on the child's device, so we can deliver "your parent sent you a video" notifications.

What we do NOT collect from children

  • No email address. The child doesn't enter one — they don't have an account in any conventional sense.
  • No advertising ID. The child app explicitly disables Android ad-ID collection in its manifest.
  • No location data. We don't ask for it, the manifest doesn't request it.
  • No third-party analytics SDKs in the child app. (We use Firebase Analytics for product metrics, configured in strict mode — anonymous categorical events only, no user IDs ever, no advertising-ID collection.)
  • No contacts, no microphone, no camera (the kid app doesn't use any of those).

Video content

When a parent shares a video, our backend downloads it from the source platform (YouTube, TikTok, etc.) and uploads the file to Firebase Storage so it can be delivered to the child's device. The file stays in Storage just long enough for every recipient to download it — typically a few minutes. Once everyone's downloaded it, we delete it.

Metadata about the video (title, source URL, source platform, who shared it, who received it, watch timestamps) is retained for 12 months so you have a history view in the parent app. After 12 months it's deleted.

We do not watch, scan, fingerprint, train AI on, or otherwise process the video content beyond delivering it.

Who has access to your data

  • You and your family. The parent app shows the parent's own data; the child app shows the child's own feed. Cross-family reads are blocked at the Firestore rules level — a misbehaving client can't read another family's data even if it tries.
  • Our backend. Server-side code (Firebase Admin SDK + a small Python service) needs administrative access to manage the data. Our staff can technically read it during operations work; in practice we don't, except when investigating a specific issue you've reported.
  • Nobody else. We do not sell data. We do not rent data. We do not share data with advertisers, brokers, analytics partners, or anyone else.

Subprocessors

SafeFeed runs on:

  • Firebase (Google) — Auth, Firestore, Storage, Cloud Messaging, Analytics, Crashlytics. Firebase's data protection terms apply.
  • Railway — hosts our Python backend that handles video downloads.
  • Apple App Store and Google Play — process subscription payments. We never see your card.

COPPA + UK GDPR-K commitments

SafeFeed is a "general audience app" under COPPA, but the child app is plainly designed for under-13 use. We've structured it accordingly:

  • The parent (verifiable account holder over 13) explicitly creates each child profile.
  • Children don't enter PII — no email, name, address, or phone. The parent enters a nickname.
  • No third-party advertising. No behavioural profiling. No interest categories built about children.
  • Parents can delete all their family's data at any time from the Settings → Delete account flow.
  • We comply with verifiable-parental-consent requirements: the parent's act of installing the parent app, paying for the service, and entering child information IS the consent record.

Your rights

You can:

  • See and edit your data — most of it lives in the parent app's Settings screen.
  • Export your data on request — email hello@safefeed.app and we'll send a JSON dump within 30 days.
  • Delete your data — Settings → "Delete my family's data" wipes everything within 30 days, both children and parents.
  • Restrict processing or object to use — same email, we'll discuss.

How long we keep things

  • Video files: until every recipient has downloaded them, then deleted (usually within an hour).
  • Video metadata: 12 months from share date, then deleted.
  • Account data: as long as your account is active. After deletion: removed within 30 days.
  • Backups: we keep encrypted operational backups for up to 30 days after deletion, after which deleted data is gone.

Where data lives

Firebase data is hosted in Google's US data centers. Railway data is hosted in the US. If you're in the UK / EU and this matters to you for GDPR purposes, get in touch — we're happy to discuss specifics.

Security

Authentication uses Firebase Auth (industry-standard token-based). Firestore reads and writes are gated by security rules that are audited every time we touch them. The backend is a single Python service with credentials stored as Railway secrets. We're not perfect — nobody is — but we take it seriously, and there's no third-party SDK in the child app whose security posture we don't control.

Changes to this policy

If we change this policy materially we'll tell you in the parent app and ask you to acknowledge. For minor edits (typo fixes, clarifications) we'll just update the "last updated" date at the top.

Contact

Questions about privacy, complaints, data requests, takedowns: hello@safefeed.app.

SafeFeed is a sole-proprietor operation in Colorado, USA, run by Etienne Hardre. There's no PR department. Email goes to me.