Privacy Policy
Last updated: March 9, 2026
KidLock ("we", "our", "the app") is a parental control application for Android. This policy explains what information the app handles and how it is protected.
1. Who Uses KidLock
KidLock is installed and configured by a parent or legal guardian ("you"). The device may then be used by a child in a restricted Kid Mode. You are responsible for obtaining any required consent before placing a child's device under parental controls.
2. Data We Collect
2.1 Data stored locally on the device
The following data is stored exclusively on your device using Android's EncryptedSharedPreferences (AES-256 encryption). It never leaves the device unless you create a device backup.
| Data | Purpose |
|---|---|
| Parent PIN (salted PBKDF2 hash only) | Authenticate parent access |
| Child profile names and avatar selections | Identify which child profile is active |
| List of allowed apps (package names) | Enforce app restrictions |
| Per-app daily usage time | Enforce time limits and show usage reports |
| Subscription status and purchase token | Verify premium features via Google Play Billing |
| Consent acceptance and timestamp | Record that you accepted this policy |
We do not store the actual PIN — only a one-way cryptographic hash.
2.2 Data collected by Firebase (Google)
If you accept analytics during setup, the app uses Firebase services provided by Google:
- Firebase Crashlytics — Collects anonymous crash reports (stack traces, device model, OS version) to help us fix bugs. No personal information is included. Crashlytics is active in release builds only.
- Firebase Analytics — Collects anonymous usage events (e.g., "setup completed", "kid mode activated") to help us improve the app. Analytics is disabled by default and only enabled after you give consent during setup.
We have disabled advertising ID (ADID) collection. Firebase does not collect your name, email, phone number, or any child's personal information.
Firebase's data handling is governed by Google's Firebase Privacy Policy.
2.3 Data we do NOT collect
- Names, email addresses, or contact information
- Photos, messages, or any content on the device
- Location data
- Advertising identifiers
- Browsing history
- Contents of other apps
3. Device Permissions
KidLock requires certain Android permissions to function as a parental control tool:
| Permission | Why it is needed |
|---|---|
| Usage Access | Detect which app is in the foreground to enforce restrictions |
| Display Over Other Apps | Show a blocking overlay when an unauthorized app is opened |
| Accessibility Service | Instantly detect app switches for faster blocking |
| Device Administrator | Prevent the app from being uninstalled by the child |
| Battery Optimization Exemption | Keep the monitoring service running reliably |
| Notifications | Show a persistent notification while the monitoring service runs |
The Accessibility Service only monitors which app window is in the foreground. It does not read screen content, keystrokes, or any text displayed in other apps.
4. Data Sharing
We do not sell, rent, or share your data with any third parties. The only external services that receive data are:
- Google Play Billing — Processes subscription purchases. Governed by Google's Privacy Policy.
- Firebase (Crashlytics & Analytics) — Receives anonymous crash and usage data as described above.
5. Data Storage and Security
- All local data is encrypted using AES-256-GCM with a device-bound master key stored in the Android Keystore.
- The parent PIN is hashed with PBKDF2-HMAC-SHA256 (10,000 iterations, 16-byte salt).
- Encrypted data is excluded from cloud backups and device transfers because the encryption keys cannot be transferred between devices.
6. Children's Privacy
KidLock is a tool for parents, not for children. The app does not:
- Collect personal information from children
- Display advertisements
- Allow children to make purchases
- Allow children to share personal information
Analytics events are only logged during parent interactions (setup and settings), not while a child is using the device in Kid Mode.
7. Data Retention and Deletion
All local data is deleted when you uninstall the app or clear the app's data in Android Settings. Firebase crash and analytics data is retained by Google according to their standard retention policies (typically 90 days for crash data, 14 months for analytics).
8. Your Rights
You can at any time:
- Uninstall the app to delete all local data
- Clear the app's data via Android Settings
- Disable analytics by clearing the app's data and declining consent during the next setup
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated through an app update. The "Last updated" date at the top reflects the most recent revision.
10. Contact
If you have questions about this policy, contact us at: privacy@kidlock.cc