FeaturesContact
EN English DE Deutsch FR Français IT Italiano ES Español PT Português

App Privacy Policy

Website App

Last updated: March 10, 2026

We built Allowed Online with privacy at its core, so your family stays safe and your privacy is preserved. The app uses a local VPN tunnel on your device to filter DNS queries, and we specifically designed it so we never see your browsing history, read your messages, or monitor your screen.

Privacy by Design

No browsing history. The app filters DNS queries locally. We see domain names, never what you do on them.

No selling or sharing. We are founder-controlled, with no investors, no ads, and no data brokering.

Minimal data, short retention. DNS logs are kept for 30 days, IPs anonymized in 7 days, and you can delete everything anytime.

Full control over your data. Export or delete your data by emailing privacy@allowed.online. We respond within 30 days.

What we collect (and why)

DNS queries Domain names your devices request, whether they were blocked, which filter matched, and a timestamp. This is the core of how the parental control works.
Account information Email address, display name, and authentication method (Apple or Google Sign-In). Needed to identify your account.
Family profiles Names and ages of family members, device assignments, and filter settings. Needed to apply the right rules to the right person.
Device information Device name, model, and OS version. Needed to display your devices and troubleshoot issues.
IP addresses Your IP address appears in DNS query logs and session data. Anonymized after 7 days.
Subscription data Plan type and status, managed by RevenueCat through Apple or Google. We never see your payment details.
Crash and diagnostic reports Anonymous crash logs sent by the operating system. Used to fix bugs.

What we don't collect

We never see full URLs, page content, search terms, messages, photos, location data, contacts, or advertising identifiers. All modern web traffic is encrypted with HTTPS, which means the actual content of websites, messages, and searches is invisible to us, your internet provider, and anyone else in between. We only see the domain name (like "example.com"), never what happens on it.

How long we keep things

We keep data only as long as we need it, then delete it.

DNS query logs 30 days
IP addresses in logs Anonymized after 7 days
Session data (IP, user agent) 7 days
Audit logs, resolved alerts 90 days
Push notification tokens While device is registered
Crash reports 90 days
Account information While account is active
Family profiles While account is active
Subscription data While subscription is active
Device information Until device is removed

To delete your account, email privacy@allowed.online. We wait 14 days in case you change your mind, then permanently delete everything. Encrypted backups are purged within 90 days.

Third-party services

We use the following services as processors, as defined by the GDPR and similar regulations.

Google Cloud Platform: Hosting and database (Zurich, Switzerland)

Quad9: Primary DNS resolver (Swiss non-profit, global anycast). Client IPs are not forwarded.

Apple Sign-In / Google Sign-In: Authentication

RevenueCat: Subscription management

Apple Push Notifications: Push notifications

Cloudflare Family DNS: DNS fallback (when primary unavailable). Client IPs are not forwarded.

Security

All DNS traffic is encrypted with DNS-over-HTTPS. Data at rest is encrypted in Google Cloud. Access to production systems is restricted to two employees with hardware security keys. We run automated vulnerability scans and apply patches within 72 hours of disclosure.

Your rights

GDPR EU General Data Protection Regulation
Swiss FADP compliance badge Swiss Federal Act on Data Protection

Under GDPR and the Swiss Federal Act on Data Protection, you have the right to access, correct, or delete your personal data.

Export: Email privacy@allowed.online to receive a copy of your data.

Deletion: Email privacy@allowed.online. We wait 14 days, then permanently delete everything.

We respond to all requests within 30 days.

Supervisory authority: Swiss Federal Data Protection and Information Commissioner (FDPIC).

Children's Privacy

Only parents create and manage children's profiles. Children cannot create accounts on their own.

We comply with COPPA, GDPR Article 8, and the Swiss FADP. A child's DNS activity is visible only to the family admin. Activity sharing is configurable per member. Children's data gets the same retention periods and protections as adult data. When a device is removed, names like "Emma's iPad" are cleared to "Deleted Device".

Changes

If we make material changes to this policy, we will notify you by email or through the app before they take effect. The "last updated" date at the top always reflects the latest version.

Pi Squared GmbH · Zug, Switzerland

privacy@allowed.online