KindEye← Home

KindEye Privacy Policy

Effective Date: April 22, 2026 Last Updated: April 22, 2026

1. Introduction

Welcome to KindEye. We built this service for parents and grandparents who want to keep their kids safer online without needing a computer science degree. We know you're trusting us with something important — a window into your child's digital life — and we take that responsibility seriously.

This Privacy Policy explains what information KindEye ("we," "us," or "our") collects, how we use it, how we protect it, and what choices you have. It applies to our website, our web dashboard, the KindEye Windows desktop agent, and all related services (collectively, the "Service").

KindEye is operated by Virtual Dedication Ltd., a company organized under the laws of Bulgaria ("KindEye," "we," "us," or "our").

Please read this policy carefully. By creating a KindEye account or installing our agent on a child's computer, you confirm that you have read and understood this policy and that you consent to the practices described here on behalf of yourself and any child whose device you choose to monitor.

If anything in this policy is unclear, we want to know. Email us at privacy@kind-eye.com and a human will write back.

2. Geographic Scope

KindEye is designed, marketed, and offered only to residents of the United States, Canada, Australia, the United Kingdom, and selected other non-EU/EEA jurisdictions.

We do not offer the Service in the European Union, the European Economic Area, or Switzerland. We do not knowingly collect, process, or store personal data of residents of those regions. Our website, billing system, and account-creation flow are not intended for EU/EEA users, and we do not rely on any transfer mechanism (such as Standard Contractual Clauses) because we do not accept EU/EEA customers.

If you believe you are a resident of the EU, EEA, or Switzerland and have created a KindEye account, please contact us immediately at privacy@kind-eye.com. We will delete your account and any associated data.

This policy is written to comply with applicable laws in the jurisdictions where we do operate, including the Children's Online Privacy Protection Act (COPPA) in the United States, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Canada's PIPEDA, the Australian Privacy Act 1988, and the UK Data Protection Act 2018.

3. Information We Collect

We've tried hard to collect only what we actually need to do our job. Here's what we collect and from whom.

3.a. Information We Collect From Parents (Account Holders)

When you create and use a KindEye account, we collect:

  • Account information: Your name and email address (required to create an account).
  • Phone number (optional): Only if you enable SMS alerts.
  • Payment information: When you subscribe to a paid plan, our payment processor Stripe collects and processes your card details. We never see or store your full card number — we only receive a token and the last four digits for your records.
  • IP address and basic technical information: Your IP address, browser type, and operating system when you use the KindEye dashboard. We use this for security (detecting suspicious logins), fraud prevention, and basic service operation.
  • Communications: If you email support, we keep a record of that conversation so we can help you.

3.b. Information We Collect From Child Devices (With Your Consent)

When you install the KindEye Windows agent on your child's computer, the agent collects the following and transmits it securely to our backend:

  • Screenshots: By default, the agent captures a screenshot of the child's screen every five minutes. You can change this interval or pause capture at any time from the parent dashboard. Screenshots are end-to-end encrypted on your child's computer before they leave the device. (See Section 5 below — this is important and we're proud of it.)
  • Running process names: A list of the applications and games currently open (for example, chrome.exe, minecraft.exe). This is how we can tell you "your child played Roblox for 40 minutes today." We do not capture the contents of those applications, only their names.
  • Browser history: The list of websites visited in Chrome, Microsoft Edge, and Firefox, including all user profiles on the device. We read this from the browser's local history database. We collect the URL, page title, and visit time.
  • Open browser tabs: Detected via window titles, so we can show you what your child is currently looking at without needing a browser extension.
  • Device information: Computer name, Windows version, agent version, and basic performance data (so we can tell when the agent is running correctly).
  • Screen time data: Calculated from the above signals — how long each app was in the foreground, when the computer was active, and so on.

We do not collect keystrokes, webcam footage, microphone audio, passwords, or the contents of files on the device. KindEye is a monitoring tool, not a spyware tool.

3.c. Information Generated By Our AI

When our AI analyzes a screenshot, it produces a short plain-English summary (for example, "Your child was watching a Minecraft tutorial on YouTube"). We store these summaries so you can review them in your dashboard. The AI-generated summaries are treated as personal data and encrypted in the database.

4. How We Use Information

We use the information we collect to:

  1. Provide the Service. Show you what's happening on your child's computer, generate summaries, produce reports, and send alerts you've asked for.
  2. Run the AI analysis. Send encrypted screenshots briefly to our AI worker, which calls Anthropic's Claude Vision API to generate a plain-English description. (See Section 5 for exactly how this works.)
  3. Send alerts and reports. If you've opted in to SMS alerts or email reports, we use your phone number and email to deliver them.
  4. Bill you. If you're on a paid plan, we use your payment information via Stripe to charge your subscription.
  5. Support you. Help you when you email support, troubleshoot bugs, and respond to your questions.
  6. Secure the Service. Detect abuse, prevent fraud, investigate suspicious logins, and keep your account safe.
  7. Improve the Service. Analyze aggregated, non-personal usage data (for example, "the average agent uploads 180 screenshots per day") to make KindEye better.
  8. Comply with the law. Respond to lawful subpoenas, court orders, and legal obligations — see Section 10.

What we will never do:

  • We will never sell your personal information or your child's data. Not to advertisers, not to data brokers, not to anyone.
  • We will never use your data or your child's data to train AI models. Our agreement with Anthropic (our AI provider) explicitly prohibits them from using your data for training.
  • We will never show you advertising inside KindEye, and we will never share your data with advertisers.
  • We will never use your child's screenshots or browsing history for any purpose other than providing the Service you asked for.

5. Encryption and Security (The Important Part)

This is the section most privacy policies hand-wave through. We're going to be specific, because our encryption architecture is the reason KindEye exists.

KindEye uses a three-tier encryption model. Tiers 2 and 3 are the ones that affect your privacy directly.

Tier 2: Database Field Encryption

Every sensitive column in our database — names, email addresses, phone numbers, browser history, AI-generated summaries, device names — is encrypted using AES-256-GCM, one of the strongest symmetric ciphers available.

Each user account has its own unique Data Encryption Key (DEK). Your DEK is never stored in plaintext. Instead, it is wrapped (encrypted) by a master Key Encryption Key (KEK) that lives outside the database entirely, in a separate, hardened key-management system.

What this means in plain English: if someone stole a copy of our database, they would get a giant pile of ciphertext and no way to decrypt it. They would also need the KEK, which is stored separately and protected by strict access controls.

Tier 3: End-to-End Encrypted Screenshots

Screenshots are different, and they get special treatment because they're the most sensitive thing we handle.

Here's exactly what happens to every screenshot:

  1. On your child's computer, the KindEye agent captures the screenshot into memory.
  2. Before anything leaves the device, the agent encrypts the screenshot using AES-256 with a device-specific encryption key that is unique to that computer. This is end-to-end encryption: the plaintext never leaves your child's PC.
  3. The encrypted blob is uploaded to our backend over HTTPS.
  4. Our storage system stores only the encrypted file (.enc). Our storage layer — the servers, the databases, the backups — has no ability to decrypt screenshots. Even we cannot read them at rest.
  5. When it's time to generate an AI summary, our AI worker process briefly decrypts the screenshot in memory only, for roughly 5 to 15 seconds, so it can send the image to Anthropic's Claude Vision API.
  6. The plaintext image is wiped from memory immediately after the API call completes.
  7. The encrypted blob is automatically deleted from our storage within one hour after AI analysis completes.

We do not store raw screenshots persistently. Ever. Not in backups, not in archives, not "just in case."

What This Means For You

  • If a hacker breached our servers, they could not decrypt your child's screenshots. We don't have them.
  • If we received a court order demanding screenshots, we genuinely could not comply. We don't have them.
  • If a rogue employee tried to browse your child's screenshots, they could not. The storage system only holds ciphertext, and the decryption keys are tightly controlled and audit-logged.

The AI-generated summaries of those screenshots (like "your child was on YouTube watching gaming videos") are stored, encrypted with your user DEK, and retained according to the schedule in Section 6.

Other Security Measures

  • TLS/HTTPS for all data in transit between the agent, the dashboard, and our backend.
  • Access controls: Only a small number of authorized engineers can access production infrastructure, and access is logged.
  • Audit logs: Key operations (decryption events, administrative access, data exports) are logged and monitored.
  • Secure infrastructure: Our servers are hosted on AWS or DigitalOcean in hardened, access-controlled data centers.
  • Regular security reviews of our code and infrastructure.

No system is perfectly secure, and we won't pretend otherwise. But we've designed KindEye so that a breach of our servers cannot expose your child's screenshots.

6. Data Retention

We keep information only for as long as we need it.

Data Type Retention Period
Account information (name, email, phone) Until account deletion, plus 30 days for backup expiration
Payment records 7 years (required for tax and accounting)
Raw (encrypted) screenshots Auto-deleted within 1 hour of AI analysis
AI-generated summaries 7, 30, or 90 days depending on your subscription tier
Browser history 30 days
Process and screen-time data 30 days
Support emails 2 years from last contact
Security and audit logs 1 year

When you delete your KindEye account, we delete all personal data within 30 days, except where we are legally required to retain certain records (for example, payment records for tax compliance).

7. Children's Privacy and COPPA

KindEye is, by design, a service that processes information about children. We take this very seriously and comply with the Children's Online Privacy Protection Act (COPPA) and its implementing regulations.

Who Our Users Are

Our users — the people who create KindEye accounts, install the agent, and view the dashboard — are parents, legal guardians, or grandparents who are adults (18 or older) with legal authority over the child whose device is being monitored. KindEye is not available to users under 18, and children are not our customers.

How We Handle Children's Data

When we talk about "children" in this section, we mean the minors whose devices are being monitored — the kids whose parents have chosen to use KindEye. KindEye can be used to monitor children of any age, including children under 13. For children under 13, COPPA applies and we comply with it as follows:

1. Parental consent. Only a parent or legal guardian can create a KindEye account and install the agent. Installation requires administrative privileges on the child's computer, which only the parent can grant. By creating an account, agreeing to our Terms of Service, and completing a paid subscription (which includes a billing verification step), the parent provides verifiable parental consent as defined by COPPA.

2. We only collect what we need. We collect only the information described in Section 3.b, and only for the purpose of providing the monitoring service the parent signed up for.

3. We do not contact children directly. KindEye does not collect a child's name, email address, phone number, or any other direct-contact information from the child. We do not ask the child to create an account. We do not send messages, emails, or notifications to the child. The only contact is between KindEye and the parent.

4. We do not disclose children's information. We do not share children's data with any third party except the service processors listed in Section 9, and only as needed to provide the Service.

5. Parents can review, delete, and revoke consent at any time. As a parent, you have the right to:

  • Review all personal information we have collected from your child's device.
  • Request deletion of your child's data.
  • Refuse further collection by uninstalling the agent or deleting your account.
  • Withdraw consent at any time by emailing privacy@kind-eye.com or using the "Delete My Data" button in your dashboard settings.

6. No behavioral advertising. Ever. COPPA prohibits behavioral advertising to children under 13, but even for older kids we don't do it. KindEye contains no advertising of any kind.

7. Data retention for children. Children's data is retained only as long as the parent maintains an active account, and is deleted on the schedule in Section 6.

If you believe we have collected information from a child in a way that does not comply with COPPA, please contact us at privacy@kind-eye.com and we will investigate immediately.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act.

Your Rights

  • Right to know. You can request a copy of the personal information we have collected about you and your child, the categories of sources, the purposes for which we use it, and the categories of third parties with whom we share it.
  • Right to delete. You can request that we delete personal information we've collected from you, subject to certain legal exceptions (for example, tax records).
  • Right to correct. You can request that we correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell personal information, and we do not share it for cross-context behavioral advertising. There is nothing to opt out of, but you have the right anyway.
  • Right to limit use of sensitive personal information. We use sensitive personal information only to provide the Service you requested.
  • Right to non-discrimination. We will never charge you more, give you worse service, or deny you access for exercising any of these rights.

How to Exercise Your Rights

Email privacy@kind-eye.com with the subject line "California Privacy Request." We will verify your identity (typically by confirming control of the email address on the account) and respond within 45 days.

Authorized Agents

You can designate an authorized agent to make a request on your behalf. The agent must provide written permission signed by you, and we may ask you to verify your identity directly.

Categories of Personal Information We Collect

In the past 12 months, we have collected the categories of information described in Section 3 above. We disclose personal information only to the service providers listed in Section 9, solely for the purpose of providing the Service.

9. Third-Party Services

We use a small number of carefully selected vendors to operate KindEye. Each one receives only the data it needs to do its job.

Provider What They Do What They Receive
Anthropic (Claude AI) Generates plain-English summaries of screenshots and browsing activity. Briefly receives decrypted screenshots in memory to produce a summary. Covered by a signed Data Processing Agreement that prohibits use of your data for AI training.
Stripe Processes subscription payments. Your name, email, billing address, and card details. We receive only a token and the last four digits.
SendGrid Sends transactional emails (reports, alerts, password resets). Your email address and the content of the email we send you.
Twilio Sends SMS alerts (optional). Your phone number and the content of the SMS message. Only used if you opt in to SMS alerts.
CleanBrowsing Free-tier DNS-based website filtering. The DNS queries from the child's device (if you enable DNS filtering). CleanBrowsing does not receive your name or account info.
NextDNS Paid-tier DNS-based website filtering. The DNS queries from the child's device (if you enable premium DNS filtering). NextDNS does not receive your name or account info.
AWS or DigitalOcean Hosts our backend servers and encrypted storage. Encrypted data at rest. Cannot decrypt your content.

We have contracts in place with each of these providers requiring them to protect your data, use it only for the services they provide to us, and comply with applicable privacy laws.

10. Data Sharing and Disclosure

We do not sell your personal information or your child's data. Full stop.

We share personal information only in these limited circumstances:

  1. With the service providers listed in Section 9, strictly as needed to provide the Service.
  2. To comply with the law. If we receive a valid subpoena, court order, or other legal process, we will comply to the extent legally required. We will, where legally permitted, notify you before disclosing your data so you have the opportunity to object.
  3. To protect safety. If we genuinely believe disclosure is necessary to prevent imminent physical harm to a child or another person, we may share limited information with law enforcement.
  4. In a business transfer. If KindEye is acquired, merged, or sells substantially all of its assets, your information may transfer to the successor entity. We will notify you of any change of control, and the new entity will be bound by this policy (or a policy at least as protective).

About Law Enforcement Requests For Screenshots

We want to be specific about something: we cannot comply with a court order to produce raw screenshots, because we do not have them. Our Tier 3 encryption architecture (Section 5) ensures that raw screenshot images are deleted from our storage within one hour of AI analysis and that our storage layer cannot decrypt them while they exist. If we are served with a subpoena for screenshots, our honest answer is that we have nothing to turn over.

We can, however, be compelled to produce AI-generated summaries and browsing history within their retention windows. If this concerns you, please take it into account before using any monitoring service, including ours.

11. Your Rights and Choices

Regardless of where you live, you have the following rights and choices as a KindEye user:

  • Access your data. Use the "Download My Data" button in your dashboard settings to export a copy of your account information, AI summaries, and browsing history as JSON.
  • Delete your account. Use the "Delete Account" button in your dashboard settings or email privacy@kind-eye.com. We will delete your data within 30 days, except as required by law.
  • Pause monitoring. You can pause or stop the agent from the dashboard at any time.
  • Opt out of email reports. Use the "Email Preferences" page in your dashboard or click "unsubscribe" at the bottom of any report email.
  • Opt out of SMS alerts. Reply STOP to any SMS alert or disable SMS in your dashboard.
  • Correct your information. Update your name, email, or phone number at any time from your dashboard.

To exercise any right that isn't available via a self-service button, email privacy@kind-eye.com and we will respond within 30 days (45 days in California).

12. Cookies and Tracking

We use a small number of strictly necessary cookies to make the Service work:

  • Session cookies to keep you logged in.
  • CSRF protection cookies to protect against cross-site request forgery attacks.

That is it. We do not use:

  • Google Analytics, Mixpanel, Segment, Amplitude, or any other behavioral analytics tracker.
  • Facebook Pixel, Google Ads tags, or any advertising tracker.
  • Third-party cookies of any kind.
  • Cross-site tracking technologies.
  • Fingerprinting techniques.

Our dashboard should work correctly with strict privacy settings and tracker-blocking extensions enabled.

13. Security Measures

In addition to the encryption architecture described in Section 5, we maintain:

  • Access controls. Production systems are accessible only to a small number of authorized engineers using multi-factor authentication.
  • Audit logging. Administrative access, decryption events, and data exports are logged and reviewed.
  • Principle of least privilege. Employees receive only the minimum access they need to do their jobs.
  • Secure software development. Code is reviewed before being deployed to production. Dependencies are scanned for known vulnerabilities.
  • Infrastructure hardening. Our servers are patched regularly, firewalled, and protected by intrusion detection.
  • Encrypted backups. Backups are themselves encrypted and stored in access-controlled locations.
  • Incident response plan. We have a documented plan for responding to security incidents.

No security system is perfect, and we won't promise otherwise. But our architecture is designed so that even a serious breach of our servers cannot expose your child's screenshots, because we do not have them.

14. Data Breach Notification

If we confirm a data breach that has affected your personal information, we will notify you within 72 hours of confirmation. Notification will be sent to the email address on your account and will include:

  • What happened, to the extent known.
  • What information was affected.
  • What we are doing in response.
  • What you can do to protect yourself.
  • How to contact us with questions.

We will also notify applicable regulators as required by law in your jurisdiction.

15. International Data Transfers

KindEye's servers are located in the United States. If you are located in Canada, Australia, the United Kingdom, or another country where we offer the Service, your personal information will be transferred to, stored in, and processed in the United States.

We do not transfer personal data of EU or EEA residents, because we do not accept users from those regions (see Section 2). We therefore do not rely on Standard Contractual Clauses, adequacy decisions, or other EU transfer mechanisms.

For users in the UK, Canada, and Australia, we rely on your consent (given when you create an account) as the basis for transferring your information to the United States for processing. Our contracts with our service providers require them to protect your data to a standard consistent with your home country's laws.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Service, or the law. When we make a change:

  • For minor changes (for example, clarifying wording or fixing typos), we will update the "Last Updated" date at the top of this policy.
  • For material changes (for example, adding a new category of data we collect or a new third-party processor), we will notify you by email at least 30 days before the change takes effect, and we will post a prominent notice in your dashboard.

Your continued use of KindEye after a change takes effect means you accept the updated policy. If you don't agree with a change, you can delete your account at any time (Section 11).

We will maintain prior versions of this policy in our archive so you can see what has changed over time.

17. Contact Information

If you have questions, concerns, or requests related to your privacy, please contact us:

KindEye Privacy Team Virtual Dedication Ltd. Primorski Blvd 55 9000 Varna, Bulgaria

Email: privacy@kind-eye.com Support: support@kind-eye.com

For COPPA-related inquiries, please use the subject line "COPPA Request." For California privacy requests, please use the subject line "California Privacy Request." For account deletion requests, please use the subject line "Delete My Account."

We aim to respond to all privacy inquiries within 7 business days and to formal requests within the legally required timeframes.

18. Effective Date

This Privacy Policy is effective as of April 22, 2026.

Last Updated: April 22, 2026.

Thank you for trusting KindEye to help you care for your kids online. We built this service because we believe families deserve real tools for a real problem, and we believe those tools should respect privacy by design — not as an afterthought. If there is anything in this policy you'd like us to explain further, please reach out. A real person will write back.