Privacy Policy

1. Introduction

Welcome to WebbyGuard! This Privacy Policy explains how the WebbyGuard application suite ("the App," "we," "us," or "our") handles information when you use our products on Apple platforms (iOS, iPadOS, macOS). This policy is specifically for users in Europe and is designed to comply with the General Data Protection Regulation (GDPR).

By using the WebbyGuard apps, you, as the parent or legal guardian setting up and configuring the app, agree to the handling of information as described in this policy.

2. About the WebbyGuard Suite

WebbyGuard is a two-part system designed to create a safer Browse experience for children:

• WebbyGuard: The child's web browser that uses the Google Gemini API to perform real-time content safety checks on web pages. It is designed to be configured by a parent or guardian.
• WebbyGuard Parent: The companion app for parents/guardians to receive real-time safety alerts when the child's browser detects potentially unsafe content and to provide feedback on those alerts.

The system's goal is to provide a safer Browse experience by analyzing snapshots of web content based on configurable rules and, when necessary, blocking the content and alerting the parent.

3. Information We Handle

WebbyGuard primarily processes information locally on your device or facilitates the transfer of information to third-party services that you configure. We do not operate our own servers to collect or store your personal data.

3.1. Information You (Parent/Guardian) Provide and Configure

• Child User Name: A name you provide to identify the child's device (e.g., "Liam's iPad"). This name is stored in your private iCloud account (via CloudKit) and is displayed in the WebbyGuard Parent app to identify the source of alerts.
• Homepage URL: The starting web address you set for the browser. This is stored locally on the child's device using UserDefaults.
• Content Check Specification: Text you provide describing the rules for the content check (e.g., "protect this 8-year-old from harassment, bullying, hate speech..."). This information is stored locally on the child's device (UserDefaults) and is sent to the Google Gemini API as part of the prompt for content safety analysis.
• Google Gemini API Key: Your personal API key for the Google Gemini service. This is provided by you and stored securely in the Keychain on the child's device. It is required for the content analysis feature and is sent with requests to the Google Gemini API.
• Access PIN: A mandatory numerical PIN you set to protect access to the WebbyGuard app's settings. This PIN is stored securely in the Keychain on the child's device.
• Parent Nicknames: You can set custom nicknames for paired parents in the child's app for easier identification (e.g., "Mom"). These nicknames are stored in your private iCloud account via CloudKit.
• Bookmarks: Websites the user chooses to bookmark within the App. These are stored in the user's private iCloud account using Apple's CloudKit to allow syncing across their devices.

3.2. Information Processed Automatically for Core Functionality

• Web Content Snapshots: Periodically, the child's App takes a snapshot (image) of the currently visible web content. This image is sent, along with your Content Check Specification, Gemini API Key, and feedback history, to the Google Gemini API for safety analysis. If the content is deemed unsafe, this snapshot is also shared with paired parent devices via CloudKit.
• Parent-Child Pairing Information: To link the child and parent apps, a temporary, scannable QR code containing a unique identifier is generated by the child's app and stored in CloudKit's public database. The parent scans this code to accept a secure sharing invitation (a `CKShare`), which links the two accounts. The public record is temporary and expires.
• Safety Alerts Shared with Parents: When unsafe content is detected on the child's device, an alert record is created in a shared CloudKit data zone. This record contains the Child User Name, the reason the content was flagged, the URL of the webpage, the timestamp of the event, and the snapshot image of the content. This information is then visible to all paired parents in the WebbyGuard Parent app.
• Parent Feedback on Alerts: When a parent provides feedback on an alert (e.g., "thumbs up" or "thumbs down") in the WebbyGuard Parent app, this feedback is saved to the corresponding alert record in the shared CloudKit zone. This feedback history is then included in future requests to the Google Gemini API to help tune and refine its analysis.
• Browse Activity (Locally): The WKWebView component used by the App stores Browse history, cache, and cookies locally on the child's device as part of its standard operation. You can clear this data using the "Clear Web Cache" option in the App's settings. WebbyGuard itself does not transmit the Browse history to any external servers, other than the specific URLs of pages that are flagged as unsafe and shared with parents.
• Technical Data for API Calls: When WebbyGuard communicates with Google Gemini or Apple CloudKit APIs, standard technical data such as the device's IP address and request headers are transmitted as part of standard internet communication. This is handled by the respective third-party services according to their privacy policies.

4. How We Store Your Information and Security

We prioritize the security of the information handled by the WebbyGuard suite.

• Local Device Storage (UserDefaults): Non-sensitive settings such as Homepage URL, Content Check Specification, check interval, and whether the glow effect or video blocking are enabled are stored in UserDefaults on the child's device. The WebbyGuard Parent app also uses UserDefaults to cache alert data for faster display upon launch.
• Secure Local Device Storage (Keychain): Sensitive information such as your Google Gemini API Key and the mandatory Access PIN are stored in the secure Keychain on the child's device.
• Apple CloudKit Storage: WebbyGuard uses CloudKit for several purposes:
  1. Private Database: Your bookmarks, child user name, and parent nicknames are stored in your private iCloud database, accessible only to you and synced across your personal devices.
  2. Shared Database: The pairing relationship and the resulting safety alerts (including snapshots, reasons, URLs, and feedback) are managed through a secure `CKShare`, which allows data from the child's private database to be shared only with approved parent accounts.
  3. Public Database: A temporary, expiring record containing a pairing code and share URL is placed in the public database during the pairing process.

Uninstalling the App will remove all locally stored data. Data in CloudKit is managed by you via the App or your iCloud account settings.

5. Third-Party Services

WebbyGuard integrates with third-party services that you configure to enable its core functionality. Your use of these services is subject to their respective privacy policies and terms.

5.1. Google Gemini API

WebbyGuard uses the Google Gemini API to analyze web content snapshots for safety. To use this feature, you must provide your own Google Gemini API Key. When a safety check is performed, the App sends the snapshot image, your Content Check Specification, your Gemini API Key, and your feedback history (the collection of "thumbs up" and "thumbs down" feedback on previous alerts) to Google. Google's handling of this data is governed by Google's Privacy Policy and their API terms of service. Note: Use of the Gemini API may incur charges from Google depending on your usage.

We encourage you to review Google's policies:

• Google Privacy Policy: https://policies.google.com/privacy
• Google AI Studio and Gemini API Terms: Please refer to the terms provided by Google when obtaining your API key.

5.2. Apple CloudKit (Sync and Sharing)

WebbyGuard relies heavily on Apple's CloudKit for its core features:

• Bookmark Syncing: Your bookmarks are stored in your private iCloud database, associated with your Apple ID, allowing them to sync across your devices.
• Parent-Child Pairing and Alerts: CloudKit manages the secure sharing relationship between the child and parent apps. When an alert is generated, the event details (including feedback) are stored in a shared zone in your iCloud account, and CloudKit uses the Apple Push Notification Service (APNs) to send a notification to the parent's device, prompting it to fetch the new alert data.

Your use of CloudKit is governed by Apple's terms and privacy policy:

• Apple Privacy Policy: https://www.apple.com/legal/privacy/en-ww/

6. Information Processing Specific to Children

WebbyGuard is designed for use by children, with the setup, configuration, and provision of API keys intended to be managed by a parent or legal guardian. The "Content Check Specification" you provide is used solely to tailor the AI content safety checks for the child's protection and is shared with the Google Gemini API for this purpose.

Crucially, when unsafe content is detected, information about the child's Browse activity—specifically the snapshot of the page, the reason it was blocked, and the URL—is intentionally shared with the parent/guardian via the secure CloudKit sharing mechanism. The parent or guardian is responsible for the information entered into the App and for reviewing and providing feedback on the alerts generated.

7. Your Rights Under GDPR (For Users in Europe)

As WebbyGuard is exclusively available in Europe, we adhere to the General Data Protection Regulation (GDPR). You (as the parent/guardian) have the following rights regarding the personal data handled by the App:

• Right to Access: You can access most data directly within the App's settings (e.g., homepage URL, child user name, API key, PIN). You can view bookmarks in the child's app and view safety alerts and feedback in the parent's app.
• Right to Rectification: You can modify incorrect or incomplete data directly within the App's settings.
• Right to Erasure ('Right to be Forgotten'): You can delete data by clearing settings fields, deleting bookmarks, or deleting safety alerts in the parent app. In the child's app, the "Clear All Pairings" function will permanently remove the sharing connection and delete all shared alert data from iCloud. Uninstalling the App also removes all locally stored data. For data sent to Google Gemini, you will need to refer to their policies for erasure.
• Right to Restrict Processing: You can restrict processing by not using the app or not completing the initial setup.
• Right to Data Portability: For data stored locally and provided by you, you can manually copy this information from the text fields in the settings.
• Right to Object: You can object to processing by choosing not to use the app.
• Right to Withdraw Consent: Where processing is based on consent (e.g., providing an API key), you can withdraw consent by removing that information from the App's settings.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of personal data infringes GDPR.

To exercise these rights for data managed by the App, you can typically do so through the App's interface. For data processed by third-party services, please refer to their respective privacy policies.

8. Data Retention

Information stored locally on your device by WebbyGuard is retained until you change or delete it, or until the App is uninstalled.

Safety alert data and feedback stored in CloudKit are retained until you delete them via the WebbyGuard Parent app or use the "Clear All Pairings" function in the child's app. Bookmarks are retained until you delete them. Information sent to Google Gemini is subject to their data retention policies.

9. International Data Transfers

When you use WebbyGuard, some information is sent to third-party APIs. This includes snapshot images and feedback history to Google's Gemini API and alert/bookmark data to Apple's CloudKit. The servers for Google and Apple may be located outside of the European Economic Area (EEA).

By configuring and using these third-party services through WebbyGuard, you acknowledge that information will be transferred to these services. We rely on the respective data processing agreements and standard contractual clauses (SCCs) or other valid transfer mechanisms provided by these companies to ensure that your information is protected when transferred outside the EEA. Please refer to their privacy policies for more details.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy within the App or on our App Store page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted.