Privacy Policy

Last updated: April 6, 2026

Our Commitment

Pedium is built on the belief that parental visibility and children's privacy are not mutually exclusive. This policy explains how we collect, process, and protect data for every member of your family.

What We Collect

Pedium only collects data for features that a parent has explicitly enabled. Every feature is off by default. Collectible data categories include:

  • App usage — Which apps are used and for how long
  • Web visits — URLs visited, with AI-generated page summaries
  • Search queries — Search terms entered (redacted of PII)
  • Typed text context — Contextual hints from text input (PII redacted, not raw keystrokes)
  • Audio transcripts — On-device speech-to-text summaries (no audio recordings stored)
  • Location — GPS coordinates (optional, schedule-aware)

How We Protect Data

Privacy protection is applied at every layer:

  • PII Redaction — Names, email addresses, phone numbers, and other personal information are automatically removed before data leaves the device.
  • Encryption — All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields use additional application-layer encryption.
  • Short Retention — Raw activity data is automatically deleted within 24 hours. Only AI-generated summaries are retained, for a default of 30 days.
  • On-Device Processing — Where possible, data processing (such as speech-to-text) happens on the device itself, so raw data never reaches our servers.
  • Consent-First — No data is collected unless the parent has explicitly opted in. Children can view all active tracking at any time.

Consent and Transparency

Pedium requires explicit consent for every data collection feature. Parents configure which features are active through the consent wizard, and can set time-based schedules (e.g., only during school hours). Children always have access to a "What Pedium Sees" view showing exactly what is being tracked.

Data Subject Rights

You have the right to access, export, correct, or delete your family's data at any time. Deletion requests are processed within 30 days. We support:

  • Right to Access — View all stored data via the dashboard
  • Right to Export — Download your data in a machine-readable format
  • Right to Deletion — Request complete removal of all data
  • Right to Rectification — Correct any inaccurate information

Regulatory Compliance

Pedium is designed for compliance with the following regulations:

  • GDPR (General Data Protection Regulation) — Lawful basis, data minimization, right to erasure, DPO contact
  • CCPA/CPRA (California Consumer Privacy Act) — Do not sell personal information, right to know, right to delete
  • COPPA (Children's Online Privacy Protection Act) — Verifiable parental consent, limited data collection, parental access and control

Third-Party Services

Pedium uses third-party AI providers to generate activity summaries. Only redacted, non-identifiable data is sent to these providers. We do not sell, share, or monetize any user data. No advertising SDKs or trackers are included in our applications.

Contact

For privacy questions, data requests, or concerns, contact us at privacy@pedium.io.