Privacy Policy

Your privacy and your family's security are our top priorities.

Last Updated: January 2026
At SafeSurf, we believe that protecting your children online should never come at the cost of your family's privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our parental control services.

🔒 Our Privacy Commitment

SafeSurf is built on three core privacy principles:

  • Minimal Data Collection: We only collect what's necessary to provide our service.
  • No Selling of Data: We will never sell, rent, or share your family's data with third parties for marketing purposes.
  • Strong Encryption: All data is encrypted in transit and at rest using military-grade encryption.

📄 Information We Collect

1. Account Information

When you create a SafeSurf account, we collect:

  • Email address (for account creation and communication)
  • Password (stored encrypted with industry-standard hashing)
  • Region selection (to connect you to the nearest server)

2. Device Information

For each enroled device, we collect:

  • Device type and name (set by you during enrolment)
  • Unique device identifier (randomly generated)
  • Device online/offline status
  • Last check-in timestamp

3. DNS Query Logs

To provide filtering and monitoring services, we log:

  • Domain names requested by your child's device
  • Timestamp of each request
  • Whether the domain was blocked or allowed
  • Device that made the request

🔒 Important Privacy Note:

We do NOT collect or log: full URLs, page content, search queries, form data, or any personally identifiable information from web pages. We only see domain names (e.g., "example.com") through DNS queries.

4. Usage Information

We collect basic usage analytics to improve our service:

  • Feature usage (which features you use)
  • App crashes and errors (for debugging)
  • Performance metrics (connection speed, latency)

🛠 How We Use Your Information

We use the information we collect to:

  • Provide Our Service: Process DNS queries, enforce policies, and display activity logs
  • Account Management: Manage your account, authentication, and subscription
  • Communication: Send important service updates, security alerts, and respond to your inquiries
  • Service Improvement: Analyse usage patterns to improve features and performance
  • Security: Detect and prevent abuse, fraud, and security threats
  • Legal Compliance: Comply with legal obligations and enforce our terms

📋 Data Retention

Free Users

DNS query logs are retained for 24 hours and automatically deleted. Real-time monitoring remains available during this period.

Premium Users

DNS query logs are retained for 30 days, allowing access to historical browsing activity and detailed reports.

Account Data

Account information and device configurations are retained for as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days.

🌐 Data Sharing

We do NOT sell or rent your personal information. We may share limited information only in these circumstances:

Service Providers

We use trusted third-party service providers for:

  • Cloud infrastructure (server hosting)
  • Analytics services (anonymised usage data only)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

  • Comply with legal processes
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users
  • Prevent fraud or abuse

🔐 Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data in transit uses TLS 1.3 encryption. Data at rest is encrypted using AES-256.
  • Authentication: Secure JWT-based authentication with encrypted tokens
  • Access Controls: Strict access controls and authentication for all internal systems
  • Regular Audits: Regular security audits and vulnerability assessments
  • Secure Infrastructure: All servers are hosted in secure, certified data centres

🛡 DNS-over-HTTPS (DoH):

All DNS queries from child devices are encrypted using DNS-over-HTTPS, ensuring that internet service providers and network operators cannot see or log your family's browsing activity.

👤 Your Privacy Rights

You have the following rights regarding your personal information:

Access and Portability

You can access and export all your data through your SafeSurf dashboard at any time.

Correction

You can update your account information and device settings through the parent app.

Deletion

You can delete your account and all associated data at any time through the app settings. Data deletion is permanent and cannot be reversed.

Opt-Out of Analytics

You can opt out of anonymised usage analytics in the app settings.

Do Not Track

SafeSurf respects Do Not Track browser signals and does not track users across other websites or services.

👶 Children's Privacy

SafeSurf is designed to protect children online. We do not knowingly collect personal information from children except as necessary to provide parental control services under parental consent.

Parents have full control over:

  • What devices are enroled
  • What data is logged and monitored
  • How long data is retained
  • When data is deleted

🌐 International Data Transfers

SafeSurf operates in multiple regions (Australia, New Zealand, Singapore). Your data is processed and stored in the region you select during account creation. We do not transfer data between regions except as necessary to provide the service (e.g., account authentication).

If you are located outside our service regions, your data may be transferred to and processed in one of our operational regions. We ensure appropriate safeguards are in place for such transfers.

📧 Cookies and Tracking

SafeSurf uses minimal cookies and tracking technologies:

Essential Cookies

We use essential cookies for authentication and security. These cannot be disabled without affecting service functionality.

Analytics Cookies

We use anonymised analytics cookies to understand how our service is used. These can be disabled in your browser settings.

No Third-Party Tracking

We do not use third-party advertising cookies or social media tracking pixels.

📝 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

  • Email notification to your registered address
  • In-app notification
  • Notice on our website

Continued use of SafeSurf after changes to this policy constitutes acceptance of the updated terms.

Your Choices

You can control your privacy settings through the SafeSurf parent app:

  • Log Retention: Choose how long DNS logs are stored (Free: 24h, Premium: 30 days)
  • Analytics: Opt out of usage analytics
  • Notifications: Control what notifications you receive
  • Data Export: Download all your data at any time
  • Account Deletion: Permanently delete your account and all data

📩 Contact Us About Privacy

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@safesurf.live
Response Time: We aim to respond within 48 hours