Kidziokidzio
Get Free

Security

Protecting children’s data is the whole point. Here’s how we do it — and how to reach us if you find a problem.

Kidzio data security and privacy

How we protect your data

  • Encrypted in transit. All traffic uses TLS 1.3.
  • Hardened sessions. Refresh tokens live in HttpOnly cookies and are never readable by JavaScript.
  • Isolation by family. Each family’s data is separated; services can’t reach across families.
  • Least data. We collect only what an enabled feature needs, and purge on your plan’s schedule.
  • Defence in depth. Independent services behind a gateway, scoped credentials, and audit logging.

Responsible disclosure

If you believe you’ve found a vulnerability, please tell us before disclosing it publicly. Email [email protected] with steps to reproduce. We’ll acknowledge your report, keep you updated, and credit you if you’d like once it’s resolved.

Our machine-readable policy lives at /.well-known/security.txt.

Please don’t

  • Access, modify, or delete data that isn’t yours.
  • Run denial-of-service tests or automated scans that degrade the service.
  • Disclose a vulnerability publicly before we’ve had a chance to fix it.