Privacy
The privacy promise, in plain words.
You're trusting us with the most intimate signal a parent can give an outside service: what's on your teen's laptop. We take that seriously. This page explains, in plain English, exactly what we collect, what we do with it, and what we promise never to do.
Last updated: 2026-05-18. Effective: immediately for new sign-ups, 30 days after first sent notice for existing users.
The one-sentence version
We watch your teen's laptop with care, translate what we see into themes, and tell you only the moments that matter — without showing you her screen, without sharing your family's data with anyone, and without using her DMs to train AI models.
What we collect
From you (the parent)
- Your email address (via Google sign-in).
- Your name and profile picture from Google (display only).
- Optionally, your WhatsApp number so we can send you alerts.
- Your messages to the agent (when you chat with us, via dashboard or WhatsApp).
- Your billing information if you subscribe — handled entirely by Stripe; we only see customer + subscription IDs, never your card number.
From your teen's laptop
- Screenshots of the primary display, captured roughly once a minute while she's actively using the laptop.
- Operating system + device name you set during install.
- Network metadata incidental to uploading (timestamps, request IDs).
Screenshots are sent to an AI (Anthropic's Claude) which analyzes them and produces a structured summary — primary app, themes, risk flags, severity. Most screenshots are deleted within seconds of being analyzed. Only screenshots that trigger medium or high severity risk alerts are retained, and only for as long as you keep the resulting alert in your account.
What we don't collect
- Keystrokes. We don't log what your teen types.
- Audio or video from the microphone or camera. Ever.
- Browser history independent of the screen.
- Location.
- Files saved to the device.
- Anything when the laptop is locked or has been idle for 5+ minutes.
What you, the parent, can see
- The themes of what's happening — never the raw content. "A romantic-toned exchange on Discord" not the exchange itself.
- Alerts when something genuinely matters, in plain English, on WhatsApp.
- The actual screenshot for an alert ONLY when the AI judges that seeing the frame is necessary to act (e.g. identifying an account contacting a minor). Even then, you have to acknowledge before viewing.
- Your chat history with the agent.
- A list of paired devices and when each last reported in.
Who sees your data
Us
The Conversation team (currently one person, the founder) can access stored data for debugging, support, and abuse prevention. We never read your messages or your teen's content casually. When we need to look at something specific — for example, to diagnose a bug you reported — we'll tell you.
Anthropic (Claude)
Screenshots are sent to Claude (Anthropic's API) for analysis. Anthropic processes the image, returns the analysis, and does not retain the image or use it to train models when called via API with our terms. Anthropic's privacy policy.
Twilio
WhatsApp messages we send to you flow through Twilio. They see the recipient phone numbers and message bodies. Twilio's privacy policy.
Stripe
If you subscribe, Stripe processes your payment. They see your card details (we don't). Stripe's privacy policy.
Cloudflare
Our infrastructure runs on Cloudflare (Workers, D1, R2, Pages, Analytics Engine). They process request metadata to operate the service. Cloudflare's privacy policy.
When you sign in with Google, Google sees that you signed in to Conversation. We use Firebase Auth (a Google service) to verify Google ID tokens. No data flows the other way. Google's privacy policy.
Nobody else
We do not sell your data. We do not share with advertisers. We do not run third-party trackers (no Google Analytics, no Facebook Pixel, no Hotjar). We collect anonymous product analytics on our own Cloudflare infrastructure. If we ever change this, you'll be notified individually and asked for explicit opt-in before any change takes effect.
How long we keep it
- Raw screenshots: deleted within seconds of analysis (kept only if a medium/high alert fires — then for as long as the alert exists in your account).
- Observation summaries (the AI's themed analysis): kept for 90 days on Free tier, indefinitely on Pro.
- Chat history: kept indefinitely while your account exists.
- Alerts: kept indefinitely.
- Account + billing: kept while your account is active + 7 years after closure for tax/legal compliance.
Your rights
Export your data
At any time, sign in and go to your dashboard → settings → Export my data. You'll get a download containing everything we have about your family, in JSON format.
Delete your data
Same place: dashboard → settings → Delete my account. Deletes your family, every observation, every alert, every chat message, every paired device, and every screenshot — irreversibly, within 30 days. Billing data we keep for 7 years per tax law, but stripped of identifying info beyond what's legally required.
For users in the EU, UK, California, and elsewhere
You have additional rights under GDPR, UK GDPR, CCPA, and similar laws — access, rectification, portability, restriction of processing, and objection. We honor all of these. Email privacy@conversation.app with any request.
Your teen's rights
Your teen is the subject of the data we collect, even though you (the parent) are our customer. We believe:
- She should know the app is installed. Our setup instructions ask you to install it openly with her in the room. Not a covert install.
- She can ask you to remove it. The product respects family agreements. We're not a way around her trust; we're a way to earn it differently.
- She can email us directly at privacy@conversation.app to ask what we have, or to request its deletion. If she's the subject and a request is genuine, we will honor it after verifying her identity — even if you, the parent, would prefer we didn't.
How we secure it
- All traffic encrypted in transit (TLS 1.3).
- Screenshots encrypted at rest in Cloudflare R2.
- Authentication via Google Sign-In with HMAC-signed session cookies (HTTPS-only, HttpOnly, SameSite).
- Webhook signatures verified for all third-party callbacks (Stripe, Twilio).
- Sensitive credentials (API keys, secrets) stored in Cloudflare's encrypted secret manager — never in source code.
- Database backups daily, retained 30 days.
If something goes wrong
If we discover a security incident affecting your data, we will notify you within 72 hours of confirming it, with what we know and what we're doing.
Changes to this policy
If we materially change what we collect or how we use it, you'll get notified via email and in your dashboard 30 days before the change takes effect. Continuing to use the service after the change indicates acceptance; if you don't agree, you can export + delete during the notice period.
Contact
Privacy questions, data requests, or anything else: privacy@conversation.app.
This page intentionally avoids legalese where possible. If we ever need to add formal contract language (typically for enterprise customers or compliance audits), that supplemental document will live alongside this one and never contradict it.