Privacy First

Privacy Policy

Your family's privacy is our top priority. Here's how we protect your data.

Last updated: March 4, 2026

1. Scope of this Privacy Policy

This privacy policy applies to the mobile application Parento App (hereinafter referred to as the "App") for the mobile operating systems and devices stated in the app store listing. It explains the type, purpose, and scope of personal data processing when using the App.

App stores. When you download our App from an app store (e.g., Apple App Store or Google Play), you may need to register or identify yourself with the respective app store operator (e.g., via an Apple ID or Google account). During the download and purchase process, the app store operator may process personal data such as your email address, username, store account number, unique device identifiers, the time of download, and (where applicable) payment information. The privacy policies and terms of service of the app store operators apply. We have no control over those terms and processing.

We may update this privacy policy at any time to comply with legal requirements and reflect changes in our services. The current version is available within the App and/or on our website.

2. Data Controller (Responsible Body)

Softexpoit Pvt. Limited
128 City Road, London, United Kingdom
Company No.: 13626037
Phone: +44 7978 288021
Email: info@parento.uk
Website: parento.uk

3. Contact for Data Protection Matters

You can contact us about privacy and data protection matters at:

Softexpoit Pvt. Limited
128 City Road, London, United Kingdom
Phone: +44 7978 288021
Email: info@parento.uk

4. Purposes and Legal Bases of Processing (UK GDPR / EU GDPR)

Unless otherwise stated in this privacy policy, we process personal data in connection with your use of the App to:

provide the App's functions (parental control, safety, and account features),
operate, maintain, and secure the App (including prevention of abuse and fraud),
manage subscriptions and entitlements,
provide customer support and respond to inquiries,
comply with legal obligations where applicable.

Legal bases (UK GDPR / EU GDPR):

Contract performance (UK GDPR / GDPR Art. 6(1)(b)): processing is necessary to provide the App and its selected features under the user agreement.
Legitimate interests (Art. 6(1)(f)): processing is necessary for secure, stable, and reliable operation, troubleshooting, and protection against misuse, balanced against your rights and freedoms.
Consent (Art. 6(1)(a)): where required (e.g., for certain device permissions or optional features).
Legal obligation (Art. 6(1)(c)): where we must process/retain data to meet legal requirements.

5. Special Notes on Children / Underage Users

Parento is designed to be set up and managed by an adult parent or legal guardian. The parent creates and manages a child profile and links the child device to the parent account. Features that involve children's data (e.g., location, web filtering, usage restrictions) are enabled and controlled by the parent/guardian.

Where local law requires consent or additional authorization for processing of children's data, such processing is carried out only in accordance with applicable requirements and only to provide the requested safety and parental control features.

6. Categories of Personal Data We Process

When you use the App, the following personal data may be processed depending on the features you enable:

6.1 Parent account data (stored)

First and last name
Email address
Phone number
Address
Profile photo (optional)

6.2 Child profile data (stored, set/managed by parent)

Child name
Child date of birth
Child phone number (if used/required for the feature)

6.3 Subscription and contract data

Subscription status (active/inactive)
Selected plan / product tier
Subscription duration and entitlement status
Store transaction identifiers (e.g., purchase tokens/receipts)

We do not receive your payment card or bank details. Payment processing is handled by the app stores (Apple/Google).

6.4 Linking and control data

Parent–child link status
Linking identifiers (e.g., codes/tokens) and pairing status
Device restriction configurations (time limits, schedules, block rules)

6.5 Location and safety data (if enabled by parent)

Live location of the child device
Last known location
Location history (timestamped location records)
Geofence data (zone name, coordinates, radius)
Zone entry/exit events and alerts
SOS event data (times, status)
Short-term ambient audio during SOS (if enabled and permitted by OS)

Visibility & control: Location and safety data is only visible to the connected parent account. The parent can delete location history at any time.

6.6 Usage and restriction data (if enabled by parent)

Daily screen time and app usage duration (aggregated per app)
Installed apps list (for configuring restrictions)
Timer-based phone lock settings and lock/unlock events
App/device lock settings and restriction enforcement status
PIN protection status (if used)

6.7 Web filter / VPN and browsing-related data (if enabled by parent)

If the parent enables the web protection feature (web filter/VPN), we may process:

Web filter settings per child (allowlists, blocklists, categories/rules)
VPN status (enabled/disabled)
Parent-initiated remote actions (start/stop/disable VPN, as supported)
Web visit history including full URLs (timestamped)
Web searches (where available via enabled browser/OS integration)
YouTube history including titles (where available via enabled browser/OS integration)

Visibility & control: This data is only visible to the connected parent account. The parent can delete web and YouTube history at any time.

6.8 Technical data and diagnostics

App device ID and push notification token (FCM token)
Device identifiers as provided by the operating system
Device model/type
Operating system version and App version
Date/time of App access
Crash and diagnostic information (e.g., Firebase Crashlytics logs)

7. Registration and Account Model

To use the App, the parent/legal guardian creates an account. A child does not create a separate independent user account. Instead, the parent:

creates a child profile within the parent account, and
links the child device to the parent account using a linking process (e.g., code/QR/link).

Required registration information must be provided; otherwise, registration cannot be completed. We may use the parent email address to send essential service messages (e.g., security information, technical notices, necessary changes).

8. App Permissions and Device Access

To provide the App's features, the App may request permissions such as:

Location (live location, geofencing, location history, SOS)
Microphone (SOS ambient audio if enabled)
Photos/Media/Camera (profile photo selection/capture)
Usage access / app usage statistics (screen time & restrictions)
Accessibility/overlay/background services (restriction enforcement, lock screens, alerts)
Notifications (warnings, safety alerts, system messages)
VPN permission (for web protection/web filter feature)

Permissions are used exclusively for providing enabled functionalities. You can revoke permissions at any time in device settings; if you do, certain features may not function properly.

Legal basis: Contract performance (Art. 6(1)(b)) and, where required, consent (Art. 6(1)(a)).

9. In-App Purchases and Subscriptions

The App may offer subscriptions or in-app purchases. Payments are handled exclusively by:

Google Play Billing (Google Play Store), and/or
Apple In-App Purchase / Apple Pay (Apple App Store)

We do not receive payment card/bank data. We receive only subscription information necessary to provide access to the purchased plan (e.g., plan tier, status, transaction identifiers).

10. Parento AI (Optional, Only If Enabled)

If the parent explicitly enables Parento AI, the App may use automated AI-supported methods to identify potential risk situations within the scope of the enabled protection feature.

The processing is limited to providing the activated safety/protection feature.
No advertising or marketing profiling is carried out.
No automated decision-making producing legal or similarly significant effects within the meaning of Art. 22 GDPR/UK GDPR takes place.

If Parento AI processing involves third-party processors, we ensure appropriate contractual controls and safeguards in accordance with Section 13.

11. Voice/Video (WebRTC)

If the App provides voice and/or video communication via WebRTC, these communications are end-to-end encrypted. We do not store voice or video content on our servers. Only the technical data necessary to establish and maintain the connection (e.g., session identifiers, timestamps, and network connection metadata) may be processed temporarily, depending on the implementation.

12. Diagnostics, Stability, and Security Monitoring

We do not use advertising tracking systems for marketing profiling. We use technical diagnostics tools to maintain stability, security, and reliability.

Firebase Crashlytics may be used to analyze crashes and technical errors. It processes technical diagnostic information (device type, OS/app version, time of crash, error details). We do not intentionally send sensitive content such as location history, web history, SOS audio, or message content to Crashlytics.

Firebase Cloud Messaging (FCM) is used to deliver push notifications (alerts, warnings, status updates). FCM requires processing of device/push tokens.

Legal basis: Legitimate interests (Art. 6(1)(f)) and, where required by local law, consent.

13. Recipients / Processors (Who We Share Data With)

We share personal data only as necessary with trusted service providers that act as processors under contract (data processing agreements) and security requirements.

Our primary infrastructure and data processing is located in the European Union:

Google Cloud Platform (GCP): Hosting in EU West 1 and EU West 2
Google Cloud Storage (GCS): Storage in EU
Firebase (Google): Used for essential app services such as Firebase Cloud Messaging (FCM) and Crashlytics (EU configurations where available)
Supabase: Database/storage services in EU West 1 and EU West 2
Resend: Transactional email delivery in the EU
Local VPN / Web Filter: Implemented by Softexpoit (self-made VPN), used for the web protection feature where enabled

We do not sell personal data.

14. International Data Transfers (UK, EU, USA)

We aim to store and process data primarily in the EU West 1 and EU West 2 regions.

However, some providers (including Google) operate globally, and cross-border access or processing (e.g., support operations) cannot be completely ruled out. Where personal data is transferred outside the UK/EU/EEA, we use appropriate safeguards under UK GDPR / EU GDPR, such as:

Standard Contractual Clauses (SCCs) and/or the UK IDTA/UK Addendum,
adequacy decisions where applicable,
additional technical and organizational measures where appropriate.

15. Security and Encryption

We use appropriate technical and organizational security measures to protect personal data. This includes, in particular:

WebRTC voice/video communications are end-to-end encrypted and are not stored by us.
All other personal data is encrypted in transit and at rest (e.g., TLS during transmission and encryption when stored in databases/storage).
Access controls and least-privilege permissions to restrict access to personal data.
Security features and controls provided by Google Cloud security and our infrastructure configuration (e.g., protected storage, access management, monitoring, and resilience controls).

No system is completely secure, but we take measures appropriate to the type of data processed, especially given the child-safety context.

16. Storage Duration (Retention) and Deletion

Unless otherwise stated, we retain personal data only as long as needed for the purposes described.

Retention defaults for history features:

Location history retention: 3 days
Web visits (full URLs) and YouTube history (titles, where available) retention: 3 days

Deletion by parent:

The parent can delete location history and web/YouTube history at any time from the parent account.
The parent can delete parent account data and child profile data by deleting the account within the App, which removes:
- parent name, email, phone number, address, profile photo,
- child name, date of birth, child phone number,
- and associated link/configuration data,
subject to legal obligations and limited backup retention.

Backups: After deletion, some residual copies may remain in technical backups for a limited time and will be overwritten according to our normal backup rotation, unless retention is required by law.

17. Automated Decision-Making

No automated decision-making producing legal or similarly significant effects is carried out within the meaning of Art. 22 GDPR/UK GDPR.

18. Your Rights (UK GDPR / EU GDPR)

Subject to applicable law, you have the following rights:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21) for processing based on legitimate interests
Right to withdraw consent (Art. 7(3)) where processing is based on consent
Right to lodge a complaint with a supervisory authority (Art. 77)

UK supervisory authority: Information Commissioner's Office (ICO).
EU supervisory authorities: your local EU data protection authority.

To exercise your rights, contact: info@parento.uk.

19. Contact

For all privacy and data protection requests:

Softexpoit Pvt. Limited
128 City Road, London, United Kingdom
Phone: +44 7978 288021
Email: info@parento.uk

20. Changes to this Privacy Policy

We may update this privacy policy to reflect legal or technical changes. If changes are material, we will notify users through the App and/or via email where appropriate.

Your Data Is Safe With Us

End-to-end encryption, GDPR compliance, and zero data selling — because your family deserves the highest standard of privacy.