See the Plain English Version
See the UK English Version

Geranium Project - United States Privacy Policy 

Version 1.0  
Last Updated: 2026-02-06 
Issued By: SafeToNet Limited 

This Privacy Policy explains how SafeToNet Limited (“SafeToNet”, “we”, “us”, “our”) processes personal information when you use the Geranium Project Parent App and Child App (together, the “App”) in the United States of America. 

This Policy should be read together with the Geranium Project Terms of Service. 

 

1. Who We Are 

Data Controller / Business 
SafeToNet Limited 
Registered Office: Quadrant House, Broad Street Mall, Reading, RG1 7QE, United Kingdom 
Email: support@safetonet.com 

SafeToNet determines the purposes and means of processing personal information described in this Policy. 

 

2. Scope 

This Policy applies to: 

  • parents or legal guardians using the Parent App;
  • children using the Child App on a device linked to a parent account;
  • users located in the United States of America. 

The App is designed for use by parents and legal guardians on behalf of children. 

 

3. Key Privacy Facts About Geranium 

  • Visual content detection is performed on the child’s device using on-device AI software.
  • Images, videos, screenshots, and detection results are not uploaded to SafeToNet, except where a parent or legal guardian voluntarily submits specific items as described in Section 10.
  • If content is detected as potentially harmful, the Child App may move it into a restricted on-device quarantine area.
  • Quarantined items remain on the child’s device and do not leave the device.
  • SafeToNet does not receive or have access to quarantined items, except where a parent or legal guardian voluntarily submits specific items as described in Section 10. 

 

4. Personal Information We Collect 

4.1 Information you provide 

  • Parent or legal guardian name and email address
  • Account credentials
  • Child nickname or identifier (as entered by the parent)
  • Support communications you send to us
  • Child age band, where a parent or legal guardian chooses to create an account via the SafeToNet website rather than within the App. Age band information is provided directly by the parent or guardian, is limited to a broad age range, and does not include a date of birth. Child age band information is not collected when an account is created within the App. 

4.2 Information collected automatically 

  • Device identifiers (for linking and service operation)
  • App version and operating system version
  • Diagnostic and crash data via Firebase Crashlytics
  • Analytics and usage data via Firebase Analytics
  • Access status and entitlement information 

Certain analytics and diagnostic data are collected automatically when the App is used in order to support stability, performance, and reliability. These data collection mechanisms are required for the App to function as intended and cannot currently be disabled. 

4.3 Content information 

The App does not upload, transmit, or store children’s images, videos, screenshots, quarantined items, or detection results on SafeToNet systems, except where a parent or legal guardian voluntarily submits specific items for review and improvement as described in Section 10. 

 

5. How We Use Personal Information 

We use personal information to: 

  • create and manage parent accounts;
  • link Parent App and Child App installations;
  • provide service functionality such as device management and configuration;
  • provide customer support;
  • prevent fraud, misuse, and security incidents;
  • comply with legal obligations. 

Where content is voluntarily submitted by a parent or legal guardian, it may be used to review, test, evaluate, and improve SafeToNet’s harmful-content detection systems. This may include the training, refinement, and validation of machine-learning models used for on-device content detection. Models trained or improved using voluntarily submitted content may be deployed across other SafeToNet products for the same child-safety and harmful-content detection purposes. Voluntarily submitted content is not used for advertising, profiling, or unrelated purposes. 

 

6. Children’s Privacy and Parental Consent (COPPA) 

The App is designed for use by parents and legal guardians on behalf of children. 

For children under 13 in the United States of America, SafeToNet collects and processes personal information only with verifiable parental consent and in accordance with the Children’s Online Privacy Protection Act (COPPA). 

Parents or legal guardians may review, request deletion of, or withdraw consent for their child’s personal information by contacting SafeToNet using the details in Section 14. 

 

7. On-Device Quarantine and Review Workflow 

The Child App may quarantine content locally on the child’s device. 

  • Quarantine, review requests, and review outcomes occur on the child’s device.
  • Authentication events may be logged for security and account management.
  • No quarantined images, videos, or visual content are transmitted to SafeToNet as part of the standard quarantine and review process, except where a parent or guardian voluntarily submits specific items as described in Section 10.
  • SafeToNet does not receive or store copies of quarantined content outside of voluntary submissions. 

 

8. Handling of Secure and Restricted Applications 

Some applications and system screens use security features that prevent screen capture or analysis. 

When detected, the Child App may close the affected application and display a message asking the child to notify their parent or legal guardian. 

No visual content is captured or uploaded in these situations. 

 

9. Use of Firebase Analytics and Crashlytics 

We use Firebase Analytics and Crashlytics to diagnose and improve the App, including monitoring stability, performance, and reliability. 

These services may collect technical identifiers, usage data, and crash reports. We do not enable advertising features or use advertising identifiers. 

Crash reports are typically retained for approximately 90 days. Analytics data retention is configured for up to 14 months. 

 

10. Voluntary Submission of Content for Review and Improvement 

A parent or legal guardian may choose to voluntarily submit certain items to SafeToNet for false-positive review and model improvement. Submissions are optional and are not required to use the App. 

10.1 What may be submitted 

A parent or legal guardian may submit: 

  • a screenshot captured by the Child App at the point an application was closed due to detected harmful sexual content; and/or
  • an image or video that was quarantined on the child’s device and marked by the child for parental or legal guardian review. 

10.2 How submission works 

  • Submission can only be initiated by a parent or legal guardian after authentication.
  • Before submission, the App presents warnings and requires the parent or legal guardian to actively confirm, via multiple checkboxes, that the item does not contain: 
     
  • nudity or sexual activity,
  • nudity or sexual content involving a child.
  • other people or personally identifiable information. 

10.3 What happens after submission 

Submitted items are uploaded to SafeToNet’s cloud environment and are processed using automated filtering to identify and separate potentially illegal or inappropriate content before any human review. 

  • Items assessed by automated systems as potentially sexual or otherwise inappropriate for general review are segregated and restricted.
  • Items assessed as neutral may be made available to authorized SafeToNet personnel for review and used solely to improve and test SafeToNet’s harmful-content detection systems, including the training, refinement, and validation of machine-learning models. Models improved using such submissions may be deployed across other SafeToNet products for the same safety purposes. 

Where potentially illegal material is identified, SafeToNet may engage appropriately authorized external partners to assist with processing and reporting obligations. 

10.4 What SafeToNet does not receive 

SafeToNet does not receive any other images, videos, or detection results from the child’s device. Quarantined items remain on the device unless a parent or guardian chooses to submit specific items as described above. 

 

11. International Data Transfers 

Personal information may be transferred to and processed in the United Kingdom or European Union, where SafeToNet operates its primary systems. 

Appropriate safeguards are applied in accordance with applicable law. 

 

12. Data Retention 

Personal information is retained only as long as necessary for service operation and legal compliance. 

Inactive accounts may be deleted after twelve (12) months. 

Voluntarily submitted images are retained only for as long as necessary for automated filtering, any required review or reporting steps, and model improvement. Retention periods may vary depending on operational and legal requirements and are kept as short as reasonably possible. Submitted items are securely deleted when no longer required. 

 

13. Your Rights 

Parents and legal guardians in the United States of America may have rights under applicable federal and state privacy laws, including rights to access, delete, and correct personal information, and to withdraw consent where applicable. 

We do not discriminate against users for exercising privacy rights. 

 

14. Contact Us 

SafeToNet Limited 
Quadrant House, Broad Street Mall 
Reading, RG1 7QE 
United Kingdom 
Email: support@safetonet.com 

 

15. Changes to This Policy 

We may update this Privacy Policy from time to time. Where required by law, we will provide notice of material changes.