Security
KidsHalo holds some of the most sensitive data a family produces. We treat it that way.
Encryption in transit and at rest
All traffic uses TLS 1.2+. Database storage is encrypted at rest by our infrastructure provider with AES-256.
Row-level isolation
Every table is protected by row-level security. Even with a leaked key, the database only returns rows your family is allowed to see.
Hashed device tokens
Pairing a child device issues a bearer token whose hash (SHA-256) is what the server stores. The token itself never sits in our database.
Minimal data, short retention
We collect only what we need. Usage and location history default to 30-day retention; alerts persist only until you dismiss them.
Server-side AI only
AI safety classifications run server-side against Lovable AI Gateway. Your scan inputs are never used to train models.
Full audit log
Every rule change, filter, approval, and invite is recorded. View the trail from the Rules page.
Reporting a vulnerability
Found something? Email security@kidshalo.app with reproduction steps. We acknowledge within 48 hours and prioritize fixes by impact. We do not pursue legal action against good-faith research.