Privacy Policy

Overview

This policy explains how data is collected, used, and protected when you use the Nemyo Chrome extension, the Nemyo parent app, and the Nemyo child app (collectively, "the Service"). Nemyo is a parental content redirection tool — it helps parents protect children from harmful online content by quietly redirecting them to safe alternatives.

We've written this in plain language because we believe parents should understand exactly what happens with their family's data.

1. What Data We Collect

Parent account information

When you create a Nemyo parent account, we collect:

• Your email address (used for authentication via Firebase)
• Your display name (if provided)
• Payment information is processed by Stripe — we do not see or store your full card details

Device information

When a child device is paired with a parent account, we store:

• A unique device identifier generated by the app
• Device name and platform (e.g. "Chrome extension" or "Android")
• The kid mode state (active or inactive) and age band setting
• Pairing codes used to link devices to parent accounts

Redirect event metadata

When Nemyo detects and redirects harmful content, we log minimal metadata:

• App name: Which platform the event occurred on (e.g. YouTube, TikTok, Roblox)
• Event type: The action taken (e.g. "redirected")
• URL of the flagged page: The web address that was redirected away from
• Reason: The category of detected harm (e.g. "violent content", "trauma cartoon")
• Timestamp: When the event occurred

This metadata is visible only to the parent in their dashboard. It exists so parents can understand what their child encountered and how Nemyo responded.

Content the extension inspects (locally)

The Chrome extension runs content scripts on YouTube, TikTok, Roblox, Google, and Bing. It inspects:

• Page URLs and titles
• Video thumbnail metadata and channel names
• Search queries on supported platforms

This inspection happens locally in the browser. Only the flagged URL and redirect reason are sent to the backend — the raw content itself is never transmitted.

2. What We Do NOT Collect

Nemyo is designed to protect children, not surveil them. We do not collect:

• Private messages or chat content
• Screenshots or screen recordings
• Keystroke logs or typing data
• GPS or precise location data
• Camera or microphone access
• Contacts, call logs, or SMS
• Browsing history beyond flagged redirects
• Any personal information directly from the child

3. How Data Is Stored

All backend data is stored in Google Cloud Firestore (via Firebase) with the following structure:

• Parents collection: Account details, subscription status
• Kids collection: Child profiles (name, age band, preferences — set by the parent)
• Devices collection: Paired device information and state
• Kid events collection: Redirect event metadata (as described above)
• Pairing codes collection: Temporary codes used during device setup

All connections between the apps and backend use encrypted HTTPS connections. The Chrome extension stores local state (kid mode, age band, device ID) in chrome.storage.local, which stays on the device.

4. Third-Party Services

Nemyo uses the following third-party services:

• Firebase / Google Cloud: Authentication, Firestore database, and anonymous auth for child devices. See Firebase Privacy Policy.
• Stripe: Payment processing for subscriptions. We receive your email and purchase confirmation — Stripe handles card details securely. See Stripe Privacy Policy.
• Vercel: Website hosting. Standard server logs (IP addresses, browser types) are managed by Vercel. See Vercel Privacy Policy.

We do not sell, rent, or share your data with advertisers or data brokers. We do not use any advertising SDKs or tracking pixels.

5. Children's Data

Nemyo takes children's privacy seriously. Here is how we handle data for child accounts:

• The child app uses Firebase anonymous authentication — no email, password, or personal information is collected from the child
• Child profiles (name, age band, preferences) are created and managed by the parent, not the child
• The only data associated with a child device is redirect event metadata (app, URL, reason, timestamp)
• No data is collected that could independently identify a child
• The child app uses VPN-based DNS filtering and a curated Explorer for safe content — no tracking is involved

Parents can view and delete their child's event data at any time from the parent dashboard.

6. Data Retention and Deletion

We retain your data only for as long as your account is active and as needed to provide the Service:

• Account data: Retained while your subscription is active. Deleted upon account deletion request.
• Redirect events: Retained for the parent to review. Can be deleted by the parent at any time.
• Payment records: Retained by Stripe as required for financial and legal compliance.
• Pairing codes: Automatically expire and are deleted after use.

To request full deletion of your account and associated data, contact us at the email below. We will process deletion requests within 30 days.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request your data in a portable format
• Restriction: Request that we limit processing of your data
• Objection: Object to processing of your data

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

8. Changes to This Policy

If we make significant changes to this policy, we will update the "Last updated" date at the top. For major changes affecting how we handle data, we will provide notice on our website and, where possible, via email to registered parents.

Contact

For privacy questions, data requests, or concerns:

privacy@nemyo.uk

Publisher: PLASTYPESA S.R.L.