1Data Controller
2Data We Collect
SafeSteps collects only data strictly necessary for the parental control service to function. We do not collect data for advertising or commercial purposes.
| Category | Specific data | Purpose |
|---|---|---|
| Account data | Email, hashed password, name | Authentication & login |
| Device data | Device ID, model, OS version | Parental control functionality |
| App usage | Apps used, screen time per app | Usage reports for parents |
| GPS location | Child's geographic coordinates | Safety monitoring (on request only) |
| Browsing | URLs visited, apps installed | Parental monitoring & blocking |
| Child profile | Name, age group, parent UID | Service operation |
| Consent record | Consent timestamp, version, guardian confirmation | GDPR compliance |
3Legal Basis
- Explicit parental consent — Article 6(1)(a) GDPR
- Performance of contract (providing the service) — Article 6(1)(b) GDPR
- For children under 14 years: parental/guardian consent required — Article 8 GDPR + D.Lgs. 101/2018 (Italy)
4Where Data is Stored
All data is stored in the European Union. We use Google Firebase (Google Cloud) with servers located in Frankfurt, Germany. Google has signed a GDPR-compliant Data Processing Agreement (DPA). No data is transferred outside the EU.
- Transit encryption: TLS 1.2+
- Rest encryption: AES-256
- No data transfers outside the European Union
- Google Firebase GDPR DPA — signed and in force
5Data Retention Period
- Account data: retained until account is deleted by the user
- GPS history and browsing: last 30 days only — auto-deleted
- Aggregated usage statistics: maximum 12 months
- After deletion request: full erasure within 30 days (GDPR Art. 17)
6Who Accesses Your Data
- Registered parent/guardian — accesses their own child's data only
- APS ItaPunjabi (Kulvir Singh) — access for technical support, security and service maintenance only
- Google Firebase — infrastructure provider, subject to GDPR DPA
Your data is NEVER sold, shared or transferred to third parties for commercial purposes. SafeSteps contains no advertising SDKs and no third-party analytics.
7Your Rights (GDPR Art. 15–22)
As a data subject under GDPR, you have the following rights:
Request a copy of all personal data we hold about you.
Correct any inaccurate or incomplete personal data.
Request deletion of your account and all associated data ("right to be forgotten").
Receive your data in a structured, machine-readable format.
Object to the processing of your personal data at any time.
Request that we restrict the processing of your data in certain circumstances.
To exercise any of these rights, contact us at privacy@itapunjabi.com. We will respond within 30 days as required by GDPR.
8How to Delete Your Account
You can permanently delete your account and all associated data at any time:
- Open the SafeSteps app on your device
- Tap the ⚙️ Settings icon (tap it 5 times to unlock)
- Scroll to the bottom and tap "Delete my account & all data"
- Confirm the deletion in the dialog that appears
This action permanently deletes: your account, all child profiles, app limits, GPS history, browsing history, usage statistics, and your Firebase Authentication entry. Deletion is complete within 30 days.
Alternatively, email privacy@itapunjabi.com and we will process the deletion manually within 30 days.
10Contact & Complaints
You also have the right to lodge a complaint with the Italian Data Protection Authority:
- Garante per la protezione dei dati personali
- Website: www.garanteprivacy.it
- Email: garante@garanteprivacy.it
SafeSteps Privacy Policy v1.0 — APS ItaPunjabi — 2026 — This document does not constitute professional legal advice.