Privacy Policy
For Prime Kids: Parent Helper and Prime Kids Child, operated by Masterclass. Last updated: 11 May 2026 · Effective: 11 May 2026.
Runs on the parent's phone. Collects only account data and what's needed to deliver alerts.
Runs on the child's Android device. Collects screen-time, app, web, and location data needed for parental controls.
- Who runs Prime Kids
- What the Parent App collects
- What the Child App collects
- Why we collect it
- Legal basis for processing
- Who we share it with
- Children's privacy
- How long we keep it
- How we protect it
- Your rights and choices
- Deleting your account and data
- International transfers
- Changes to this policy
- Contact us
1. Who runs Prime Kids
Prime Kids is developed and operated by Masterclass, an educational team based in Ulaanbaatar, Mongolia. We're the “data controller” for the information described in this policy. For privacy questions, requests to access your data, or to delete your account, contact mergenfromrabbit@gmail.com.
Masterclass also runs an educational program; the same team that teaches that program operates Prime Kids. The two activities are separate — nothing about your use of Prime Kids is shared with students, in classroom materials, or in any teaching context.
2. What the Parent App collects
The Parent App (com.parenthelper.parent)
is the dashboard installed on the parent's phone. It does not monitor
anything on the parent's own device. It collects only what's needed
to authenticate you and deliver alerts.
| Type | Used for | Required? |
|---|---|---|
| Email address | Login, password reset, security notices | Yes |
| Password (hashed with bcrypt) | Authentication | Yes |
| Display name | How you appear in your account | Yes |
| Child profile info (name, age, optional avatar) | You provide these when adding a child. We do not require a real legal name — "Anu" is enough. | Required to set up a child |
| Push token (FCM / APNS) | Delivering alerts to the parent device | Yes |
| Device model, OS version, app version, language, time zone | Compatibility, support, localising timestamps | Yes |
| Sign-in IP address & security logs | Detecting unauthorized access; retained 90 days | Yes |
The Parent App does not read your contacts, gallery, microphone, camera (other than the optional avatar picker), browser history, or anything from other apps on the parent's phone.
3. What the Child App collects
3.1 Pairing & device info
When you pair the child device with a parent account, we collect: the one-time pairing code (so we can link the two), the device model, Android version, app version, language, time zone, and battery level.
3.2 App usage data
Using Android's UsageStatsManager, the Child App records which apps were used and for how long each day. This is what powers screen-time reports and per-app limits.
We store: the app's package name (e.g., com.instagram.android), duration in minutes, the date, and whether a limit was reached. We do not read the contents of those apps — we only know they were open.
3.3 Newly-installed apps
When a new app is installed on the child device, the Child App notifies our backend so the parent can approve or block it. We record the new app's package name, name as shown on the device, and install timestamp.
3.4 Web content filtering (local VPN)
If the parent enables web filtering, the Child App runs a local VPN service on the device. This VPN does not tunnel your traffic to our servers — it inspects DNS and request domains locally and decides whether to allow or block each request based on the rules the parent set. The actual content of the page is never read.
What we log to our backend: the domain that was visited or blocked (e.g., facebook.com), a timestamp, and which filter category triggered the decision — never the full URL path, never query parameters, never the page body.
3.5 Location
If the parent enables location features, the Child App collects the device's location periodically using Google's Fused Location Provider, plus entry/exit events for geofences the parent has set (e.g., “School,” “Home”).
Coordinates and timestamps are sent to our backend so the Parent App can show them on a map. Location works in the background by design — that's what makes it useful for safety. Frequency is adaptive (more often when the device is moving) and is disclosed in the in-app permission prompt.
3.6 Search queries inside the device's default search
When web filtering is enabled, the Child App may record search terms entered into the default browser, so that searches matching the parent's filter categories can be blocked. Searches are stored only when they are blocked or flagged; routine searches are not retained.
3.7 Blocked-attempt events
Whenever a rule kicks in (app limit hit, blocked app launched, blocked site visited, schedule active), we record the event so the parent can see it and so the child can be shown a clear in-app explanation.
3.8 Anti-bypass signals
To prevent a child from circumventing the controls, the Child App reports: whether Device Admin is still active, whether the Accessibility Service is still enabled, whether a third-party VPN has been installed, and whether the device has booted recently (so the Child App can restart itself). These signals are sent to the parent as alerts.
3.9 What the Child App does not collect
- Contents of the child's messages, emails, photos, or files.
- Microphone or camera input.
- Banking, payment, or government-ID information.
- Health, fitness, biometric, or sensor data outside what the OS exposes for basic device state.
- Keystrokes outside of search queries flagged by web-filter rules.
- Data from apps not maintained by Masterclass (we read package names and durations — not the contents inside other apps).
4. Why we collect it
We use the data described above only for these purposes:
- Running the service. Authenticating you, syncing rules from the parent app to the child app, delivering alerts.
- Parental-control features. Enforcing screen-time, app blocks, web filters, geofences — the things the parent set up.
- Safety alerts. Notifying the parent of blocked content, geofence events, anti-bypass signals.
- Account security. Detecting suspicious sign-ins, rate-limiting abuse, recovering compromised accounts.
- Support. Helping you when you write to us, and reproducing problems you report.
- Quality. Aggregated, non-identifying statistics about feature usage so we can decide what to improve.
- Legal compliance. Responding to lawful requests and Play Store policy obligations.
We do not use your data for advertising, profiling, marketing emails (other than transactional safety notifications), or to train any machine-learning model.
5. Legal basis for processing
If you live somewhere with comprehensive data-protection law (e.g. the EEA, UK), the legal bases on which we process your information are:
- Contract. Processing necessary to provide the service the parent signed up for.
- Consent. For runtime permissions (location, usage access, device admin, VPN). Consent is granted in OS prompts and may be withdrawn at any time in device settings.
- Legitimate interest. Limited, security-related processing — e.g. logging sign-in IPs to detect account takeover.
- Legal obligation. Where we must respond to lawful requests from competent authorities.
6. Who we share it with
Inside Prime Kids, the data we collect from the Child App is shared with the parent who paired the device. That is the entire point of the service. Outside of that, we use a small number of service providers (“processors”) to run the system:
| Provider | What for | Where |
|---|---|---|
| Google — Firebase Cloud Messaging / APNS | Delivering push notifications | Global Google / Apple infrastructure |
| Google — Fused Location Provider | Resolving device location on Android | On-device + Google location services |
| Google Maps | Rendering the map view in the Parent App | Global Google infrastructure |
| DigitalOcean | Our application servers and database | Singapore region |
These processors have access only to the minimum data needed and are bound by contract. They never see your password and never see message contents in plain text on storage media.
We do not sell your data, rent it, share it with advertisers, data brokers, marketing platforms, or social networks. If our practices ever change, we will notify users and update this policy before any new sharing begins.
7. Children's privacy
Prime Kids is a parental-control app and is intentionally used by children. We take that seriously and our practices follow the spirit of COPPA (US), the UK Children's Code, and the Google Play Families policy.
- No direct child sign-ups. Child profiles are created only inside the Parent App, after the parent has created their own account. The Child App on the child's device can only be activated using a pairing code generated by the parent — there is no path for a child to create an account on their own.
- Parental consent is the consent we rely on. The parent is the verifiable adult who agrees to the data the Child App will collect. The Parent App's setup flow shows the parent a plain-English list of what the Child App will collect and asks for explicit acknowledgment before pairing.
- No marketing to children. We do not show advertising, in-app purchases, or promotional content of any kind.
- Minimum data. We never ask a child for their phone number, school name, real birth date (we only record “under 13 or not” for legal classification), or any other piece of personal information beyond what is needed for the app to function.
- Parental access. A parent may, at any time, request a copy of every piece of data held about a child in their account, or request that the child's profile and all associated data be deleted. Email mergenfromrabbit@gmail.com.
- Child transparency. The Child App is always visible on the child's device — it is not hidden as a system process. The child can open the Child App and see, in their own UI, what is being shared with the parent. Hidden stalkerware is not what we built and not what we will ship.
8. How long we keep it
| Data | Retention |
|---|---|
| Account records (parent & child profile) | Until you delete the account |
| App-usage logs (per child) | Last 180 days |
| Location history | Last 30 days |
| Web-filter events (blocked / allowed) | Last 90 days |
| Geofence events (entry / exit) | Last 90 days |
| Alerts & notifications | Last 180 days |
| Sign-in IP & security logs | 90 days |
| Crash reports | 180 days |
| Push-notification tokens | Refreshed automatically; stale tokens deleted within 30 days |
When you delete your account (see section 11), we erase your record from our active databases within 7 days and from encrypted backups within 30 days. Anonymised, aggregated statistics that no longer identify you may be retained indefinitely.
9. How we protect it
- All data is transmitted over HTTPS using current TLS versions.
- Passwords are stored using bcrypt with a per-user salt; we cannot recover or read your password.
- Location history, web-filter events, and app-usage logs are encrypted at rest on the database server.
- Database access is limited to a small number of named engineers and audit-logged.
- Push tokens, session tokens, and similar bearer credentials are rotated regularly.
- We patch our hosting infrastructure within 7 days of a critical security advisory in any dependency we use.
No system is impossible to compromise. If we ever discover a breach affecting your data, we will notify you by email and through an in-app notice within 72 hours of confirming the breach, and we will tell you what happened, what was affected, and what we are doing about it.
10. Your rights and choices
Depending on where you live, you have some or all of the following rights. Regardless of where you live, Masterclass extends each of these rights to every Prime Kids user.
- Access — ask us for a copy of the data we hold about you.
- Correction — ask us to fix data that's wrong.
- Deletion — ask us to delete your account and your data.
- Portability — ask for your data in a machine-readable format.
- Object — tell us to stop a particular use of your data.
- Withdraw consent — revoke any permission you granted. You can do this in device settings without contacting us.
- Complain — lodge a complaint with your local data-protection authority.
To exercise any of these, email mergenfromrabbit@gmail.com. We aim to respond within 7 days and complete the request within 30 days.
11. Deleting your account and data
You can delete your account in two ways:
- Inside the Parent App: Settings » Account » Delete account.
- From the web: visit our account-deletion page and follow the instructions, or email mergenfromrabbit@gmail.com from the address tied to your account.
Deletion removes the parent account, all child profiles linked to it, all device records, every activity log (apps, web, location, alerts), push tokens, and security logs. Removal from active databases happens within 7 days; removal from encrypted backups within 30 days.
12. International transfers
Our servers are operated by DigitalOcean in their Singapore region. If you are outside Singapore, your data is transferred there when you use Prime Kids. DigitalOcean maintains industry-standard contractual protections (Standard Contractual Clauses for EEA transfers). For push notifications we rely on Google's Firebase Cloud Messaging infrastructure (and Apple's APNS), which are global.
13. Changes to this policy
We may update this policy when the app changes meaningfully or when the law requires it. When that happens we will post the new version on this page, update the “Last updated” date, and — if the change reduces your rights or expands data collection — give you at least 30 days' notice by email and an in-app notice before it takes effect.
14. Contact us
- Email: mergenfromrabbit@gmail.com
- Postal address: Masterclass, Ulaanbaatar, Mongolia (full address available on request)
- Response time: within one business day for most requests, within 30 days for formal data-access or deletion requests as required by law.