See the Plain English Version
See the US English Version

Geranium Project – EU/UK Privacy Policy 

Version 1.0  
Last Updated: 2026-02-18  
Issued By: SafeToNet Limited 

This Privacy Policy explains how SafeToNet Limited (“SafeToNet”, “we”, “us”, “our”) processes personal data when you use the Geranium Project Parent App and Child App (together, the “App”). 

This Policy should be read together with the Geranium Project Terms of Service. 

 

1. Who We Are 

Data Controller 
SafeToNet Limited 
Registered Office: Quadrant House, Broad Street Mall, Reading, RG1 7QE, United Kingdom 
Email: support@safetonet.com 

SafeToNet is the data controller for personal data processed under this Policy. 

 

2. Scope 

This Policy applies to: 

  • parents or legal guardians using the Parent App;
  • children using the Child App on a device linked to a parent account. 

 

3. Key Privacy Facts About Geranium 

  • Visual content detection is performed on the child’s device using on-device AI software.
  • Images, videos, screenshots, and detection results are not sent to SafeToNet, except where a parent or legal guardian voluntarily submits specific items as described in Section 10.
  • If content is detected as potentially harmful, the Child App may move it into a restricted on-device quarantine area.
  • Quarantined items remain on the child’s device and do not leave the device.
  • SafeToNet does not receive or have access to quarantined items, except where a parent or legal guardian voluntarily submits specific items as described in Section 10. 

 

4. Personal Data We Collect 

4.1 Data you provide 

  • Parent or guardian name (if provided)
  • Parent or guardian email address
  • Account credentials
  • Child nickname or identifier (as entered by the parent)
  • Support communications you send to us
  • Child age band, where a parent or legal guardian chooses to create an account via the SafeToNet website rather than within the App. Age band information is provided directly by the parent or guardian, is limited to a broad age range, and does not include a date of birth. Child age band information is not collected when an account is created within the App. 

4.2 Data collected automatically 

  • Device identifiers (for linking and service operation)
  • App version and operating system version
  • Diagnostic and crash data (where enabled or provided by platform services)
  • Access status and entitlement information 

4.3 Content data 

The App does not upload, transmit, or store children’s images, videos, screenshots, quarantined items, or detection results on SafeToNet systems, except where a parent or legal guardian voluntarily submits specific items for review and improvement as described in Section 10. 

 

5. How We Use Personal Data 

We use personal data to: 

  • create and manage parent accounts;
  • link Parent App and Child App installations;
  • provide service functionality such as device management and configuration;
  • provide customer support;
  • prevent fraud, misuse, and security incidents;
  • comply with legal obligations. 

Where content is voluntarily submitted by a parent or legal guardian, it may be used to review, test, evaluate, and improve SafeToNet’s harmful-content detection systems. This may include the training, refinement, and validation of machine-learning models used for on-device content detection. Models trained or improved using voluntarily submitted content may be deployed across other SafeToNet products for the same child-safety and harmful-content detection purposes. Voluntarily submitted content is not used for advertising, profiling, or unrelated purposes.  

 

6. Lawful Bases for Processing 

We process personal data on the following legal bases under the UK GDPR and EU GDPR: 

  • Explicit consent (Article 6(1)(a) GDPR) – where a parent or legal guardian provides explicit consent for the creation and management of an account, the association of child devices, and the processing of related account and device information.
  • Contractual necessity (Article 6(1)(b) GDPR) – to provide the App’s core functions and operate the service in accordance with the Terms of Service.
  • Legitimate interests (Article 6(1)(f) GDPR) – to maintain security, prevent misuse or fraud, and improve App stability and reliability.
  • Compliance with legal obligations (Article 6(1)(c) GDPR) – where processing is required by applicable law or regulation. 

 

7. On-Device Quarantine and Review Workflow 

The Child App may quarantine content locally on the child’s device. 

  • Quarantine, review requests, and review outcomes occur on the child’s device.
  • Authentication events may be logged for security and account management.
  • This includes Child 4-digit PIN to access “Gallery Review” and Parent password to access “Flagged for Review”
  • No quarantined images, videos, or visual content are transmitted to SafeToNet as part of the standard quarantine and review process, except where a parent or legal guardian voluntarily submits specific items as described in Section 10.
  • SafeToNet does not receive or store copies of quarantined content. 

 

8. Handling of Secure and Restricted Applications 

Some applications and system screens use security features that prevent screen capture or analysis. 

When detected, the Child App may close the affected application and display a message asking the child to notify their parent. 

No visual content is captured or uploaded in these situations. 

 

9. Use of Firebase Analytics and Crashlytics 

We use Firebase Analytics and Crashlytics to diagnose and improve the App, including monitoring stability, performance, and reliability. 

These services may collect technical identifiers, usage data, and crash reports. We do not enable advertising features or use advertising identifiers. 

Certain analytics and diagnostic data are collected automatically when the App is used in order to support stability and reliability. These data collection mechanisms are required for the App to function as intended and cannot currently be disabled. 

Crash reports are typically retained for approximately 90 days. Analytics data retention is kept for up to 14 months. 

 

10. Voluntary Submission of Content for Review and Improvement 

A parent or legal guardian may choose to voluntarily submit certain non-explicit  items to SafeToNet for false-positive review and model improvement. Submissions are optional and are not required to use the App. 

10.1 What may be submitted 

A parent or legal guardian may submit: 

  • a screenshot captured by the Child App at the point an application was closed due to detected Harmful Sexual Content; and/or
  • a non-explicit  image or video that was quarantined on the child’s device and marked by the child for parental review. 

10.2 How submission works 

  • Submission can only be initiated by a parent or legal guardian after authenticating.
  • Before submission, the App presents warnings and requires the parent or guardian to actively confirm, via multiple checkboxes, that the item does not contain:
  • nudity or sexual activity,
  • nudity or sexual content involving a child
  • other people or personally identifiable information.
  • If the parent or guardian does not provide these confirmations, the App does not permit submission. 

10.3 What happens after submission 

Submitted items are uploaded to SafeToNet’s cloud environment and are processed using automated filtering to identify and separate potentially illegal or inappropriate content before any human review. 

  • Items assessed by automated systems as potentially sexual or otherwise inappropriate for general review are segregated and restricted.
  • Items assessed as neutral may be made available to authorised SafeToNet personnel for review and used solely to improve and test SafeToNet’s harmful-content detection systems, including the training, refinement, and validation of machine-learning models. Models improved using such submissions may be deployed across other SafeToNet products for the same safety purposes. 

Where potentially illegal material is identified, SafeToNet may engage appropriately authorised external partners to assist with processing and reporting obligations. In the United Kingdom, this may include specialist organisations licensed to handle child sexual abuse material and other illegal content. 

10.4 What SafeToNet does not receive 

SafeToNet does not receive any other images, videos, or detection results from the child’s device. Quarantined items remain on the device unless a parent or legal guardian chooses to submit specific items as described above. 

 

11. International Transfers 

Where personal data is transferred outside the UK or EEA, appropriate safeguards are applied. 

 

12. Data Retention 

Personal data is retained only as long as necessary for service operation and legal compliance. 

Inactive accounts may be deleted after twelve (12) months. 

Voluntarily submitted images sent by a parent or legal guardian are retained only for as long as necessary for automated filtering, any required review or reporting steps, and AI improvement. Retention periods for submitted items may vary depending on operational and legal requirements and will be kept as short as reasonably possible. Submitted items are securely deleted when no longer required. 

 

13. Your Rights 

You have rights under data protection law, including access, erasure, rectification, restriction, portability, and objection. 

 

14. Contact Us 

SafeToNet Limited 
Quadrant House, Broad Street Mall 
Reading, RG1 7QE 
United Kingdom 
Email: support@safetonet.com 

 

15. Changes to This Policy 

We may update this Privacy Policy from time to time. Where required by law, we will provide notice of material changes.