Privacy Policy

1. Introduction

My Digital Nanny ("the App") is a parental monitoring application that helps parents stay informed about potentially inappropriate audio content playing on their child's device. This Privacy Policy explains how data is collected, used, and protected.

The App is developed by Greg Brown ("we", "us", "our") and is available on Amazon Fire TV devices and Android phones/tablets.

2. What Data We Process

2.1 Audio Processing (On-Device Only)

• The App captures audio output from apps playing on the child device using Android's AudioPlaybackCapture API.
• All audio processing happens entirely on the device. Audio is processed in short temporary buffers (up to 10 seconds) and immediately discarded after analysis.
• No audio recordings are stored, transmitted, or uploaded to any server.
• Speech-to-text conversion uses VOSK, an offline speech recognition engine that runs locally on the device.

2.2 Alert Metadata

When potentially inappropriate content is detected, the App creates an alert containing only:

• Detection category (e.g., "profanity", "violence")
• Confidence score (a number indicating detection certainty)
• Timestamp
• App package name (e.g., "YouTube")
• Brief explanation text (up to 200 characters, no verbatim transcript)

Alerts are sent to the paired parent device via Firebase Cloud Messaging (encrypted in transit).

2.3 Device Pairing

• Parent and child devices are paired using a temporary 6-digit code.
• Pairing information (device tokens) is stored in Firebase Realtime Database to enable push notification delivery.
• No personal identifiers (name, email, phone number) are required or collected during pairing.

2.4 AI Analysis (Pro Feature, Server-Side)

Pro subscribers benefit from AI-powered features including false-positive validation, daily digests, and parenting advice. These features work as follows:

• PII redaction on-device: Before any text leaves the device, an on-device redactor strips names, email addresses, phone numbers, social media handles, postal codes, and street addresses. Only anonymised text is ever transmitted.
• Anonymous authentication: The app uses Firebase Anonymous Authentication. No email, password, or personal account is required. An anonymous user ID is used solely for rate limiting.
• Server-side processing: PII-redacted snippets (up to 200 characters) are sent to our secure Cloud Functions backend, which forwards them to Google Gemini for analysis. We do not store the snippet content.
• Anonymous term suggestions: The AI may suggest new detection terms. These are logged anonymously (term text and category only — no user ID, device ID, or alert content) to help us improve detection quality.
• Rate limits: API usage is rate-limited per anonymous session to prevent abuse.

2.5 Telemetry (Anonymous)

• The App collects anonymous performance telemetry: detection counts, processing latency, and error rates.
• Telemetry data contains no audio, transcript, or personally identifiable information.
• Telemetry is stored locally on the device and is not transmitted externally.

3. What We Do NOT Collect

• No audio recordings
• No speech transcripts or verbatim text
• No personal information (name, email, phone number, address)
• No location data
• No browsing history
• No contacts or messages
• No photos or videos
• No advertising identifiers

4. Data Storage & Security

• Alert history is stored locally on the parent device in an encrypted database (SQLCipher, AES-256).
• Sensitive configuration is stored using Android EncryptedSharedPreferences.
• Alerts are automatically deleted after 30 days by default.
• Parents can manually delete individual alerts or export and delete all data at any time.

5. Data Sharing

We do not sell, trade, or share any data with third parties. The only data transmissions are:

• Alert notifications from child device to parent device via Firebase Cloud Messaging (Google).
• Email alerts (optional) sent to the parent's configured email address via our email delivery service.
• AI analysis (Pro only) — PII-redacted text snippets are sent to our Cloud Functions backend and forwarded to Google Gemini. See Google Gemini API Terms.

Firebase Cloud Messaging is used solely for notification delivery. See Firebase Privacy Information.

6. Children's Privacy

The App is designed as a parental control tool. It is installed and configured by a parent or guardian. The child device displays a clear, persistent notification when monitoring is active. No data about the child user is collected — only metadata about audio content playing on the device.

7. Permissions

The App requires the following Android permissions:

• MediaProjection / Audio Capture: To capture audio output from apps for on-device analysis. Requires explicit user consent each time.
• Foreground Service: To maintain monitoring while the App is in the background.
• Internet: To send alert notifications to the parent device.
• Notifications: To display monitoring status and deliver alerts.
• Boot Completed: To automatically resume monitoring after device restart (Fire TV).

8. Your Rights

You can at any time:

• Stop monitoring from either parent or child device
• View all stored alerts on the parent device
• Export alerts (JSON or CSV format)
• Delete individual alerts or all alert history
• Unpair devices to permanently end the monitoring relationship
• Uninstall the App to remove all local data

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, contact us at:

Email: gregbrown1@hotmail.co.uk