Information Security Program
Draft — pending legal review. Bracketed [placeholders] have not been filled in and this document is not yet in force.
Purpose & scope
The U.S. Children's Online Privacy Protection Act (COPPA), as amended in 2025, requires us to maintain a written program of safeguards for children's personal information that is appropriate to the sensitivity of that information and to our size, complexity, and activities. This is that program. It covers every place a child's information is collected, stored, or transmitted by Tidiest: the parent and child devices, our grading service, and the third parties we rely on.
Who is responsible
[Operator legal name] designates [role / named coordinator] as the person responsible for this security program. That coordinator maintains this document, oversees the safeguards below, reviews them on the schedule stated here, and is the point of contact for any security concern at [security@your-domain].
Minimizing what could be exposed
The strongest safeguard is collecting little. We do not collect a child's real name, email, phone number, precise location, or any advertising/tracking identifier. A child is represented by a nickname, an age group, and a personality. Your family's data lives in your own iCloud account (Apple CloudKit), not in a database we hold, so there is no central store of children's data for an attacker to reach.
Safeguards we apply
• Per-child isolation: each child's chores, submissions, and photos live in a separate CloudKit zone shared only to that child's device; one child's device cannot read another's data. • Tamper-proof gems: every gem entry and balance is cryptographically signed (Ed25519) by our grading service, the only party that can issue gems. Both devices trust only signed balances, so neither a child's device nor a forged record can mint or alter gems. • Authorized callers only: a gem-affecting action can be triggered only by a household device holding a secret that lives solely in the family's own iCloud, checked in constant time; the secret is never placed anywhere our service or a third party could read it. • On-device photo hardening: location metadata (EXIF/GPS) is stripped from a photo on the device before it is uploaded. • Stateless grading: our grading service receives a photo only in transient request memory to compute one grade, then discards it — it stores and logs no image bytes and keeps no copy of family data at rest. • Enterprise AI under contract: photos are graded only by Google's Vertex AI under a data-processing agreement configured for no logging, no model training, and zero data retention — never the consumer AI API. • No third-party tracking: we embed no third-party analytics, advertising, or crash-reporting SDKs that would move a child's identifiers off the device. • Transport security: all network traffic is encrypted in transit.
Identifying and assessing risk
The coordinator periodically reviews the risks to children's information across collection, storage, and transmission — including new features, new data fields, and changes to our service providers — and confirms the safeguards above still address them. Any change that touches storage, the camera path, identity, or child data triggers a fresh review before it ships.
Service providers we rely on
We use providers that contractually commit to protect children's data. Apple (iCloud / CloudKit) is the custodian of your family's data and processes consent and payment. Google (Vertex AI) grades photos under a data-processing agreement with no logging, training, or retention. We do not engage a service provider with children's data unless it is capable of maintaining comparable protections.
Responding to a security incident
If we learn of a suspected breach of children's personal information, the coordinator investigates and contains it, remediates the cause, and notifies affected parents and any authorities as required by applicable law and our agreements with Apple and Google.
Review
The coordinator reviews and updates this program at least annually and whenever there is a material change to our systems, data, or service providers.
Contact
Security questions or reports: [Operator legal name], [security@your-domain].