Privacy Policy for Telezhka

1. Core Privacy Promises for Children

To comply with Apple’s "Made for Kids" and Google Play’s "Families Policy", we make the following strict guarantees regarding the Telezhka Kid App:

• No Advertising: We do NOT use any advertising SDKs, and we do NOT serve behavioral, interest-based, or contextual ads.
• No Unapproved Contacts: Children cannot interact with or receive messages from anyone who has not been explicitly whitelisted by their parent.
• No Web Browsing: The Kid App does not contain in-app web browsers or links to external websites that a child can access without a parental gate.
• No Message Storage: We do not store your child's messages, photos, or call history on our servers. All communication is routed securely through the Telegram API.

2. Information We Collect

We collect different information depending on whether you are using the Parent App or the Kid App.

A. Information collected from Parents (Telezhka Parent App)

• Account Data: Name, email address, and account password.
• Subscription Data: Handled via RevenueCat. We do not process or store your credit card information.
• Settings & Whitelists: The list of contacts you approve for your child, and your parental control settings.

B. Information collected from Children (Telezhka Kid App)

• Authentication Data: The child's phone number, used strictly to authenticate with the Telegram API.
• Device Identifiers: Anonymous push notification tokens (FCM/APNs) to deliver new message alerts and parental session-termination commands.
• Crash & Diagnostics Data (No Analytics): The Telezhka Kid App does not use any analytics SDKs and does not track feature usage, engagement, or behavior for advertising or profiling purposes.
  
  

  Instead, we use Crashlytics solely to receive anonymized crash reports so we can fix bugs and keep the app stable for children. Crash reports typically include:

  • Anonymous Crashlytics installation identifier.
  • App version and build number.
  • Device model and operating system version.
  • Timestamp of the crash and technical stack trace.

  We configure Crashlytics so that:

  • We do not send any personally identifiable information (PII) about the child.
  • We do not send any user behavior data, feature usage, or engagement metrics.
  • We do not send any data that could be used for profiling or advertising purposes.
  • We do not send the child's name, phone number, Telegram username, or contacts.
  • We do not send message contents, photos, or media.

  Our own application code is written to avoid putting any personal data into Crashlytics logs or custom keys (see Section 4 for more technical detail).

3. How We Use Information

We use the collected information solely to:

• Provide the messaging service via the Telegram API infrastructure.
• Enforce parental controls, such as blocking unapproved contacts and sending alerts to the Parent App.
• Terminate sessions instantly when requested by the parent.
• Fix bugs and improve app performance using anonymized crash diagnostics only (via Firebase Crashlytics). We do not use analytics SDKs in the Telezhka Kid App.

4. Third-Party Services

To operate Telezhka, we utilize specific, vetted third-party services. We do not share data with any third party for marketing or advertising.

• Telegram API: Powers the underlying messaging and calling. By using Telezhka, the child's messages and media are processed by Telegram according to Telegram’s Terms of Service. Telezhka itself does not intercept or store this content.
• RevenueCat: Used in the Parent App only to manage subscriptions.
• Upstash (Redis) & Azure: Used to securely host our parental control whitelists and backend infrastructure.
• Firebase (Google): Used for push notifications in both apps and for anonymous crash reporting in the Telezhka Kid App via Firebase Crashlytics. The Telezhka Kid App does not use Firebase Analytics or any other usage analytics SDK.
  
  

  Firebase Crashlytics is configured and used in a child-safe way:

  • We do not set any user identifiers in Crashlytics (no names, emails, phone numbers, Telegram usernames, or other identifiers that could be used to recognize a specific child or parent).
  • We do not log message contents, photos, phone numbers, or any free-form user input into Crashlytics logs or custom keys. All Crashlytics metadata is limited to technical context such as screen/flow identifiers (e.g., kid_onboarding_step3) and error codes.
  • Crash reports therefore contain only technical information needed to debug crashes (anonymous installation ID, device model, OS version, app version, stack trace) and are processed by Google in accordance with Firebase's privacy commitments.

  In practice, this means Crashlytics helps us find and fix crashes, but does not give us or Google a way to see who a child is, what they wrote, or who they talked to.

5. COPPA Compliance (For US Users)

We comply with the Children's Online Privacy Protection Act (COPPA).

• Verifiable Parental Consent: We do not collect personal information from a child until the parent has created an account in the Parent App, verified their identity, and explicitly linked their child's device.
• Parental Rights: Parents have the right to review the child's personal information, direct us to delete it, and refuse to allow any further collection or use of the child's information. Parents can execute these rights directly within the Telezhka Parent App or by contacting us.

6. GDPR and UK GDPR Compliance (For EU/UK Users)

If you are located in the European Economic Area (EEA) or the UK, we process your data under the following rights and legal bases:

• Article 8 (Child Consent): We process children’s data based exclusively on the explicit consent and authorization provided by the holder of parental responsibility during the pairing process.
• Article 15 (Right of Access) & Article 20 (Data Portability): Parents can download a full export of their account data directly from the "Privacy & Data" section of the Parent App.
• Article 17 (Right to Erasure): Parents can instantly delete their child's profile, or their own parent account, via the Parent App. Upon deletion, all associated whitelists, alerts, and connection data are permanently wiped from our servers within 30 days.

7. Data Retention and Deletion

• Message Data: Not stored by Telezhka.
• Audit Logs & Alerts: Activity logs (e.g., "Unknown sender attempted to contact") are kept for 30 days and then automatically deleted.
• Account Deletion: If a parent deletes their account or their child's profile, all associated personal data on our servers is deleted immediately.
• Crash Reports (Firebase Crashlytics): Crash reports for the Telezhka Kid App are stored by Firebase Crashlytics for a limited period defined by Google's standard retention policies and then automatically deleted. These reports do not contain children's names, contact details, message contents, or other personal information. When a parent deletes their account and/or their child's profile in the Parent App, we stop sending any further crash data associated with that profile from the Kid App.

8. Changes to this Privacy Policy

If we make material changes to this Privacy Policy, particularly regarding how we collect or use children's data, we will prominently notify parents via an in-app alert in the Parent App and an email prior to the changes taking effect.

9. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights as a parent under COPPA or GDPR, please contact our Data Protection Officer at:

Email: info@telezhka.com