Privacy Policy

Last updated: 9 March 2026

Sidekick Junior is operated by Major Matters ("we", "us", "our"). This privacy policy explains how we collect, use, and protect information when you use the Sidekick Junior app.

We take the privacy of children seriously. Sidekick Junior is designed for children aged 6-12 and is used under parental supervision.

1. Information We Collect

Parent Account: Email address and password (securely hashed, never stored in plain text).

Child Profile: First name, age, and a 4-digit PIN (hashed with bcrypt, never stored or transmitted in plain text).

Conversations: Messages sent by the child and responses generated by the AI, with timestamps.

Safety Data: Moderation decisions for each message, safety alert records, and the category and reason for any blocked content.

Usage Data: Daily chat time per child, session timestamps, and PIN entry attempts (deleted after 24 hours).

In-App Purchases: Transaction IDs from the App Store. No payment card details are collected by Sidekick Junior.

Device Information: Push notification token and device platform (for delivering safety alerts to parents).

2. How We Use Your Information

• To provide the service: generating AI responses, enforcing time limits, managing profiles
• To keep children safe: running our 5-layer safety pipeline, blocking inappropriate content, alerting parents
• To give parents oversight: conversation review, usage statistics, safety alerts
• To process purchases: validating bonus time purchases with Apple
• To send notifications: delivering safety alerts via push notification and email

We do not use your data for advertising, marketing, or profiling. We do not sell your data to third parties.

3. AI Processing

Child messages are processed by Anthropic's Claude AI to generate responses and check content safety. Only the message text and conversation history (up to 30 messages) are sent to Anthropic. We do not send your child's name, age, PIN, parent email, or any account identifiers.

Anthropic's data usage policy states that API inputs and outputs are not used to train their models.

4. Third-Party Services

Service	Purpose	Data Shared
Supabase	Database and authentication	Account data, conversations, usage
Anthropic Claude	AI responses and moderation	Message text only
Expo	Push notifications	Push token and alert content
Apple App Store	Purchase validation	Transaction IDs only
Resend	Email alerts	Parent email and alert details

No data is shared with advertisers, data brokers, or analytics providers.

5. Data Retention

• Conversations: Retained while the child profile exists. Deleted when a parent removes the profile.
• Sessions: Automatically deleted 7 days after expiry.
• PIN attempts: Automatically deleted after 24 hours.
• Account data: Retained until the parent deletes the account or child profile.
• Purchase records: Retained indefinitely for audit purposes.

6. Data Security

All data is transmitted over HTTPS/TLS. PINs are hashed with bcrypt. Passwords are hashed with Argon2. Session tokens are cryptographically random with 24-hour expiry. Row Level Security is enforced on all database tables.

7. Children's Privacy

Children do not create their own accounts. A parent creates the account and child profile. We do not collect email addresses, phone numbers, or location data from children. Filters actively block children from sharing personal information. Parents can review all conversations and delete a child's profile at any time.

8. Parental Rights

As a parent, you can: review all conversations, set and adjust time limits, receive safety alerts, remove your child's profile and all associated data, delete your account entirely, and request a copy of your data by contacting us.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the app or email.

10. Contact Us

Email: privacy@majormatters.co

This privacy policy is governed by the laws of England and Wales.

← Back to home