Privacy Policy
Last updated: June 1, 2026 · Effective: June 1, 2026
About LiameedS SafeGrow. A family digital-wellbeing platform helping parents manage educational screen time, social media exposure, geofencing, school communication, and learning workflows across Android, iOS, and desktop.
Data Controller: Segoulin Corporate International LLC ("LiameedS", "we"). For school deployments, LiameedS acts as a data processor under the school's direction.
Contact: privacy@liameeds.com | legal@liameeds.com
1. Scope & Who This Covers
This Privacy Policy applies to all LiameedS products: Parent App (Android, iOS), Kids App (Android, iOS), School Portal (web), Desktop App (Windows, macOS), and liameeds.com.
Three user categories: Parent Users, Child Profiles, and School Users (teachers, admins).
2. Data We Collect — By Feature
2.1 Parent Account
- Email, hashed password, display name, country, language preference.
- Phone number (optional — SMS alerts only).
- Firebase UID, push notification device token.
- Subscription metadata (no raw card numbers stored by LiameedS).
2.2 Child Profile Data COPPA
- First name, age/birthdate range, school grade, educational system selection.
- Anonymous pairing device UID. No email, phone number, or social media credentials.
- Avatar (preset illustrations only — no facial recognition performed).
2.3 Device Monitoring & Safety Telemetry
| What we collect | What we do NOT collect |
|---|---|
| Foreground app name + usage duration | Message content, keystrokes, screenshots |
| Screen time totals by category | Browser history text content |
| Blocking events (app/domain blocked, rule triggered) | Notification content from other apps |
| Security flags: root/VPN/DNS anomaly (boolean) | Biometric data |
| Device admin status (boolean) | Passwords or payment data from child device |
2.4 Location & Geofencing
- GPS coordinates: collected only when the location permission is granted AND GPS is enabled in the parent's profile settings. Disabled by default.
- Geofence entry/exit events: timestamp + zone name (parent-defined labels).
- Location history auto-deleted after 7 days (automated Cloud Function purge). Never used for advertising.
2.5 Photos — Snap & Send Feature
- Homework photos captured by the child and uploaded to the family's private Firebase Storage namespace.
- Accessible only to the parent and child within the same account.
- No facial recognition or biometric analysis is performed on uploaded images.
- Retained 12 months or until manually deleted by the parent, whichever comes first.
2.6 SOS & Emergency Signals
- When a child activates SOS, their GPS coordinates and a timestamp are sent to all guardians on the account. SOS events are retained for 90 days.
2.7 School Integration Data FERPA-aware
- Assignments: title, subject, due date, completion status.
- Attendance records: present / absent / late / excused (teacher-entered).
- Grade reports: subject scores, comments (school-entered).
- School messages: sender, subject, body (encrypted at rest).
- Class roster: student display name + school-assigned ID (no SSN required).
2.8 AI & Gemini-Powered Features GDPR Art. 22
- Google Gemini AI generates: parental insight summaries, weekly reports, curriculum recommendations, and reading quiz questions.
- AI inputs: anonymized usage patterns, school grade level, parent-provided text.
- We do not train foundational AI models on your family data.
- All AI outputs are advisory only. Parents can override, dismiss, or ignore any AI-generated recommendation.
- To opt out of AI insights: email privacy@liameeds.com.
2.9 Support & Crash Reporting
- Support messages and emails submitted through support channels.
- Anonymized crash stack traces via Firebase Crashlytics.
- SMS opt-in/opt-out event records (retained 5 years for TCPA compliance).
3. Legal Basis for Processing (GDPR) GDPR
| Processing Activity | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance (Art. 6(1)(b)) |
| Child profile & parental controls | Contract + Legitimate interest in child safety (Art. 6(1)(b)(f)) |
| App usage monitoring & blocking | Legitimate interest in child safety (Art. 6(1)(f)) |
| Location / geofencing | Explicit consent — disabled by default (Art. 6(1)(a)) |
| AI recommendations | Legitimate interest; opt-out available (Art. 6(1)(f)) |
| School data processing | Contract with school entity (Art. 6(1)(b)) |
| SMS notifications | Explicit consent — revocable at any time (Art. 6(1)(a)) |
| Security & fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. Children's Privacy COPPA
- Age threshold: For children under 13 (US) or under 16 (EU/UK), parental authorization is required before any data collection. Enforced by requiring a parent account before any child profile is created.
- No direct child accounts. All consent is given by the parent/guardian.
- No behavioral advertising to children, regardless of platform.
- No advertising profiles are built for or about children.
- Parents can review, correct, and permanently delete all child data at any time via the Parent App or by contacting privacy@liameeds.com.
- We encourage parents to disclose monitoring to their children in an age-appropriate way. In some jurisdictions (e.g., certain EU member states), disclosure to the child is legally required.
5. Device Monitoring Transparency (MDM Disclosure)
The LiameedS Kids App uses the following system permissions to deliver parental control functions. All are disclosed here:
| Android Permission | Purpose | What We Do NOT Do |
|---|---|---|
| Accessibility Service | Detect foreground app name; enforce blocking rules | Read message content, capture keystrokes, screenshot |
| Device Administrator | Prevent unauthorized app uninstallation | Remote wipe or lock device without parent action |
| Background Location | Geofence monitoring (only when parent enables) | Sell or share location; use for advertising |
| Usage Stats | Screen time tracking by app | Access in-app content or text |
| Notification permission | Deliver safety alerts to child device | Read notification content from other apps |
On iOS, device management relies on Apple's Screen Time APIs and does not use MDM profiles unless explicitly configured by the school.
6. Automated Processing & AI Rights GDPR Art. 22
LiameedS uses automated processing (Google Gemini AI) for: weekly insight reports, curriculum recommendations, reading quiz generation, and usage-pattern alerts. These are advisory only — no decision producing legal or significant effects is taken solely by automated means. You have the right to:
- Request a human review of any AI-generated output.
- Express your point of view regarding automated processing.
- Opt out of AI-generated insights by contacting privacy@liameeds.com.
Quebec Law 25 (Canada): we disclose significant automated decision-making and provide a right to human review upon request.
7. School & Education Data FERPA
- For school deployments, the school entity is the data controller for student education records. LiameedS acts as a data processor under the school's instructions.
- FERPA: We process student education records only as directed by the school and in accordance with FERPA's legitimate educational interest exception.
- Student data deletion: Upon school termination or student departure, student education records are deleted within 30 days upon written request.
- No advertising use: Student data is never used for advertising or commercial profiling.
- School DPA available: Schools and districts deploying LiameedS should execute a Data Processing Agreement. Contact legal@liameeds.com.
8. Data Retention
| Data Category | Retention Period | Deletion Trigger |
|---|---|---|
| Parent account | Account duration + 30 days | Account deletion request |
| Child profile | Parent account duration | Parent request or account closure |
| App usage & blocking events | 12 months rolling | Automated purge; earlier on request |
| Location history | 7 days rolling | Automated Cloud Function purge |
| SOS events | 90 days | Automated purge |
| Snap & Send photos | 12 months or manual deletion | Parent deletion request or expiry |
| School / student data | School relationship duration | Written request + 30 days after termination |
| Support communications | 12 months | Automated purge |
| SMS consent records | 5 years | Required for TCPA compliance audit |
| Security & system logs | 90 days | Automated purge (Cloud Function) |
| Billing & transaction records | 7 years | Tax/legal compliance requirement |
9. Third-Party Services & Sub-processors
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase | Database, auth, hosting, push notifications, crash reporting | Account data, anonymized telemetry |
| Google Gemini AI | AI insights, quiz generation, curriculum recommendations | Anonymized usage patterns, grade level, parent-provided text |
| Google Places API | Wellness Hub — nearby places search | Approximate location (city/country) |
| Google Geocoding API | Convert city name to coordinates when GPS unavailable | City name, country code |
| Firebase Crashlytics | Crash reporting | Anonymized stack traces, device model, OS version |
| Khan Academy (optional) | Educational resource links — parent-initiated only | No data shared (URL linking only) |
| SMS provider (Vonage or equivalent) | Security alerts via text message | Phone number, alert message content |
| Stripe (or app-store billing) | Subscription billing | Billing name, email (no raw card numbers) |
All sub-processors are bound by data processing agreements and applicable law.
10. Your Rights — By Jurisdiction
EU / EEA (GDPR) GDPR
- Access — request a copy of personal data we hold about you.
- Rectification — correct inaccurate personal data.
- Erasure ("right to be forgotten") — request deletion, subject to legal retention obligations.
- Restriction — pause processing while a dispute is resolved.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Complaint — lodge a complaint with your national supervisory authority (CNIL for France, ICO for UK, etc.).
United Kingdom (UK GDPR + ICO Children's Code)
- All GDPR rights apply under UK GDPR.
- In compliance with the UK ICO Age Appropriate Design Code: children's data is processed with privacy-by-default settings, data minimization, and no profiling for commercial purposes.
- Lodge complaints with the ICO.
California, USA (CCPA / CPRA) CCPA
- Right to Know — categories and specific pieces of personal information collected, used, or disclosed in the past 12 months.
- Right to Delete — request deletion, subject to exceptions.
- Right to Opt-Out of Sale/Sharing — We do not sell or share personal information for cross-context behavioral advertising.
- Right to Correct — correct inaccurate personal information.
- Right to Non-Discrimination — we will not discriminate for exercising CCPA rights.
- Submit requests: privacy@liameeds.com
Canada (PIPEDA + Quebec Law 25)
- Right to access, correct, and withdraw consent for personal information processing.
- Quebec Law 25: right to human review of significant automated decisions.
- Privacy Officer: privacy@liameeds.com
All Users
To exercise any privacy right: privacy@liameeds.com. We respond within 30 days (up to 90 days for complex requests with notice). Identity verification may be required.
11. International Data Transfers
Data may be processed via Google Cloud infrastructure in the US, EU, and other regions. For transfers from the EEA/UK to third countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and UK International Data Transfer Agreements (IDTAs).
12. Security
- All data in transit encrypted using TLS 1.2 or higher.
- Data at rest encrypted via Google Firebase infrastructure (AES-256).
- Firestore security rules restrict access to authenticated account owners only.
- Child data isolated by account — no cross-account access is architecturally possible.
- CI/CD pipeline includes automated secret scanning and PII leak detection on every code change.
- Role-based access controls and audit logging for all production systems.
13. Data Breach Notification
- We notify affected users within 72 hours of becoming aware of a personal data breach (GDPR Art. 33).
- Notification includes: nature of the breach, categories of data affected, likely consequences, and remediation measures taken.
- We notify relevant supervisory authorities as required by applicable law.
- California residents: notified per California Civil Code § 1798.82.
- Security incident reports: security@liameeds.com
14. SMS & Push Notification Consent
- SMS is optional. Providing your phone number and opting in constitutes express consent to receive safety alerts, pairing codes, and service notifications.
- Message and data rates may apply. Frequency varies based on account activity.
- Opt out: reply STOP to any message. Help: reply HELP.
- Mobile opt-in data is never shared with third parties for their marketing purposes.
- SMS consent is not a condition of service.
15. Student Privacy Pledge
LiameedS SafeGrow commits to the following, aligned with the Student Privacy Pledge and ClassDojo-model standards:
- ✅ We will not sell student personal information.
- ✅ We will not use student data to behaviorally target advertising.
- ✅ We will not build advertising profiles of students.
- ✅ We will not disclose student data except as required for educational purposes or by law.
- ✅ We will provide access to and deletion of student data upon school or parent request within 30 days.
- ✅ We will maintain a comprehensive security program proportionate to the data we hold.
- ✅ We will not retain student personal information beyond the period needed for educational purposes.
- ✅ We will support transparent data practices so schools, parents, and students know what data is collected and why.
16. Cookies & Web Tracking
- Landing website: minimal cookies for session management and language preference (localStorage).
- School Portal (web app): Firebase session cookies for authentication only.
- No third-party advertising cookies or tracking pixels on pages accessible to children.
- Google Analytics may be used on the landing site for aggregate, anonymized traffic metrics only.
17. Changes to This Policy
- We will update the "Last updated" date at the top of this page for any changes.
- For material changes, active users will be notified via in-app notice and/or email at least 30 days before the change takes effect.
- Continued use of LiameedS after the effective date constitutes acceptance of the revised policy.
18. Contact & Data Rights Requests
Privacy & Data Rights: privacy@liameeds.com
Legal & DPA Requests: legal@liameeds.com
Security Incidents: security@liameeds.com
General Support: support@liameeds.com | support center
Mailing address: Segoulin Corporate International LLC, United States
We respond to all privacy requests within 30 days. Complex requests may require up to 90 days; we will notify you if an extension is needed.