Privacy Policy
The full policy, in plain words.
Last updated: April 6, 2026
Our commitment
Pedium is built on the belief that parental visibility and children's privacy are not mutually exclusive. This policy explains how we collect, process, and protect data for every member of your family.
What we collect
Pedium only collects data for features a parent has explicitly enabled. Every feature is off by default. Collectible categories include:
- App usage — which apps are used and for how long
- Web visits — sites visited, with AI-generated page summaries
- Search queries — search terms, redacted of PII
- Typed text context — contextual hints, PII redacted, never raw keystrokes
- Audio transcripts — on-device speech-to-text summaries; no audio recordings are stored
- Location — GPS coordinates (optional, schedule-aware)
How we protect data
- PII redaction — names, emails, phone numbers, and other personal details are removed before data leaves the device.
- Encryption — data is encrypted in transit (TLS 1.3) and at rest (AES-256); sensitive fields use additional application-layer encryption.
- Short retention — raw activity data is deleted within 24 hours. Only AI-generated summaries are retained, for a default of 30 days.
- On-device processing — where possible, processing such as speech-to-text happens on the device, so raw data never reaches our servers.
- Consent-first — nothing is collected unless a parent opts in, and children can view all active tracking at any time.
Consent and transparency
Pedium requires explicit consent for every data-collection feature. Parents configure which features are active and can set time-based schedules (for example, only during school hours). Children always have a "What Pedium Sees" view showing exactly what is being tracked.
Data subject rights
You can access, export, correct, or delete your family's data at any time. Deletion requests are processed within 30 days. We support:
- Right to access — view all stored data via the dashboard
- Right to export — download your data in a machine-readable format
- Right to deletion — request complete removal of all data
- Right to rectification — correct any inaccurate information
Regulatory compliance
Pedium is designed for compliance with:
- GDPR — lawful basis, data minimization, right to erasure, DPO contact
- CCPA/CPRA — no sale of personal information, right to know, right to delete
- COPPA — verifiable parental consent, limited collection, parental access and control
Third-party services
Pedium uses third-party AI providers to generate activity summaries. Only redacted, non-identifiable data is sent to them. We do not sell, share, or monetize user data, and our apps contain no advertising SDKs or trackers.
Contact
For privacy questions, data requests, or concerns, contact [email protected].