Legal

Privacy Policy

Last updated: 25 April 2026

Knight Shield is built to protect children online. Protecting your privacy โ€” and your family's โ€” is just as important to us. This policy explains what information we collect, why we collect it, and how we handle it.

Knight Shield is operated as a sole proprietorship trading as Knight Shield, based in Tennessee, United States of America. When this policy says "we", "us", or "our", it means Knight Shield. Questions or requests can be sent to [email protected].

1. What information we collect

Waitlist

When you join our waitlist, we collect your email address. You may also optionally tell us what concerns you most about your children online and which features matter to you. This optional information helps us build the right product โ€” we never use it to identify you individually.

Account registration

When you create a Knight Shield account, your identity is managed through Clerk, our authentication provider. We receive your name and email address from Clerk and store a reference to your Clerk account in our database. We do not store passwords.

Child profiles

You create profiles for your children. A child profile contains only a first name that you choose โ€” we do not collect any information directly from children, and children do not have their own accounts. Knight Shield is a tool for parents and guardians.

Device activity

When the Knight Shield app is installed on a child's device, it logs the websites and services that device attempts to access. This activity is tied to the child's profile in your household account and is visible only to you. We retain this activity data for 90 days on a rolling basis, after which it is automatically deleted.

Payment information

Billing is handled by Stripe. We never see or store your full card number. We store your Stripe customer ID and subscription status so we know whether your account is active.

Email communications

We send transactional emails (account confirmations, weekly activity digests, tamper alerts) through Resend. We do not send marketing emails without your explicit consent.

Push notification tokens

When you install the Knight Shield app on a child's device, the app requests permission to receive push notifications. If granted, we collect the device's push notification token โ€” a unique identifier assigned by Apple's Push Notification service (APNs). We use this token solely to send silent background pushes that verify the app is still installed and active. We do not send marketing or promotional push notifications.

Watch history exports

You may optionally upload a YouTube or TikTok data export to receive a content safety report for your child. When you do this:

  • The export file is transmitted securely over HTTPS and processed in memory. We never store the raw export file on our servers.
  • We extract only video titles, channel names, and timestamps from the export to generate the report. We do not read any other information the export file may contain (e.g. comments, search history, liked videos).
  • The derived report โ€” containing aggregate statistics and a list of flagged video titles โ€” is stored in your account for 90 days on a rolling basis, after which it is automatically deleted.
  • For YouTube exports, video IDs may be sent to the YouTube Data API (operated by Google) to retrieve content rating information. This is governed by Google's Privacy Policy.

2. How we use your information

  • Waitlist entries โ€” to notify you when Knight Shield launches and to inform our product decisions.
  • Account data โ€” to provide and operate the Knight Shield service for your household.
  • Device activity โ€” to display your child's online activity in your dashboard and to generate weekly email digests.
  • Payment data โ€” to manage your subscription and process billing.
  • Tamper alerts โ€” to detect if protection on a child's device has been disabled or the app removed. We do this by sending periodic silent push notifications to the device via Apple's Push Notification service. If the push fails, we notify you by email.
  • Watch history reports โ€” to generate a content safety summary visible only to you in your parent dashboard.

We do not use your data for advertising. We do not sell your data. Ever.

3. Legal basis for processing (GDPR / UK GDPR)

If you are located in the European Union or the United Kingdom, we process your personal data under the following legal bases:

  • Consent โ€” for joining the waitlist and for receiving marketing communications.
  • Contract performance โ€” to provide the Knight Shield service to you as a paying subscriber.
  • Legitimate interests โ€” for security monitoring, fraud prevention, and improving the service.

4. Children's privacy

Knight Shield is designed to be used by parents to protect their children โ€” not by children themselves. We do not knowingly collect personal information directly from children under the age of 13, and child profiles contain only a name entered by the parent or guardian.

Device activity logs are associated with the parent's household account, not with the child individually. If you believe we have inadvertently collected personal information from a child under 13, please contact us at [email protected] and we will delete it promptly.

5. Who we share data with

We share your data only with the third-party service providers necessary to operate Knight Shield:

  • Clerk โ€” authentication and identity management
  • Stripe โ€” payment processing and subscription management
  • Resend โ€” transactional email delivery
  • Sentry โ€” crash reporting and error monitoring. When the mobile app or backend services encounter an unexpected error, diagnostic information (stack traces, device type, OS version) is sent to Sentry. Sentry does not receive DNS query data or child activity logs.
  • Apple Push Notification service (APNs) โ€” we send a device push token and silent notification payloads through Apple's servers to verify that the Knight Shield app is still installed on your child's device. Apple does not receive DNS query data or child activity logs.
  • Infrastructure providers โ€” our database and servers are hosted with cloud providers under data processing agreements.
  • Google (YouTube Data API) โ€” when you upload a YouTube export, video IDs may be sent to the YouTube Data API to retrieve content rating information. This is governed by Google's Privacy Policy. You can opt out by not using the Watch History Analysis feature.

We do not sell, rent, or trade your personal information to any third party. We do not share your data with advertisers or data brokers.

6. Data retention

  • Waitlist entries โ€” retained until you ask to be removed or the waitlist is no longer needed.
  • Device activity logs โ€” 90-day rolling window, automatically deleted after that.
  • Account and household data โ€” retained for the lifetime of your account, then deleted within 30 days of account closure.
  • Payment records โ€” retained as required by financial regulations (typically 7 years).
  • Watch history reports โ€” 90-day rolling window, automatically deleted after that. The original export file is never stored.

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data ("right to be forgotten"), subject to our legal retention obligations.
  • Object to or restrict how we process your data.
  • Portability โ€” receive a copy of your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are in the EU or UK and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.

8. Security

We use industry-standard security practices: encrypted connections (HTTPS/TLS), hashed and externally managed credentials via Clerk, and access controls on our database. No system is perfectly secure โ€” if you discover a vulnerability, please report it to [email protected].

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, where appropriate, by emailing registered users. Continuing to use Knight Shield after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, contact us at:
[email protected]