Privacy Policy

1. Introduction

Unbreakable ("we," "our," or "us") provides parental control and device management services that help parents manage their children's device usage. This Privacy Policy describes how we collect, use, store, and protect information when you use our website at unbreakableapp.com, our dashboard application, and our related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

Account and profile information

When you register or use the Service, we collect: name, email address, and password (stored in hashed form). If you sign in with Google, we receive your email and name from the provider. We store subscription and billing-related identifiers (e.g., Stripe customer and subscription IDs) and subscription status to provide paid features.

Device and management information

To provide device management using Apple's MDM protocol, we collect and store: device unique identifiers (UDID, serial number); device hardware model; iOS version; device name (as you assign it); enrollment certificates and tokens; supervision status; installed profile identifiers; and policy compliance status.

We also store policy and schedule data you create (e.g., which apps or sites to allow or block, and when). We use Mobile Device Management (MDM) technology to apply the rules you set (e.g., restricting or allowing apps).

We do NOT collect: device location data; installed app lists beyond what you explicitly configure in policies; web browsing history; the content of your or your child's communications, messages, or personal files stored on the device.

Technical and usage information

We collect session data (e.g., session tokens and expiration), audit logs of security-relevant actions (e.g., login, device enrollment, policy changes) including IP address and user agent where applicable, and usage analytics on our marketing site and dashboard (e.g., page views, button clicks) via analytics tools. We may use cookies and similar technologies for authentication, security, and analytics.

MDM technical capabilities

While we only use MDM to enforce the parental controls you configure, the MDM protocol technically allows for broader device management capabilities including remote lock, remote wipe, app installation, and certificate management. We do not use these capabilities beyond what is necessary to provide the Service features you have activated.

3. How We Use Your Information

We use the information we collect to: provide, operate, and improve the Service; authenticate you and manage your account and subscription; apply and manage the parental control and device management rules you configure; send transactional emails (e.g., account completion, password reset); process payments; detect and prevent fraud or abuse; comply with legal obligations; and, with your consent or where permitted by law, for analytics and marketing (e.g., on our landing page). We do not sell your personal information.

4. Sharing and Disclosure

We share information only as follows: (a) with authentication providers (e.g., WorkOS for email/password and Google sign-in) to enable login; (b) with Stripe for payment processing; (c) with email delivery services (e.g., Resend) to send transactional emails; (d) with analytics providers (e.g., Mixpanel) and advertising tools (e.g., Meta Pixel) on our marketing site, subject to their respective privacy policies; (e) with Apple Inc. as required by the Apple MDM protocol for device enrollment, certificate management, and push notification delivery to managed devices; (f) with hosting and infrastructure providers that process data on our behalf under contractual obligations; and (g) when required by law or to protect rights, safety, or property. We do not sell or rent your personal information to third parties.

5. Data Retention and Security

We retain your account and device management data for as long as your account is active and as needed to provide the Service and comply with legal obligations. Audit logs may be retained for a longer period for security and compliance. Sensitive technical data (e.g., encryption materials used for device supervision) is encrypted at rest. We use industry-standard measures to protect data in transit and at rest; no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

MDM profile persistence

Configuration profiles installed on devices remain active until manually removed by the device user, even after account cancellation or deletion. Profile removal requires manual action in device settings or device restoration to factory settings. We cannot remotely remove profiles after your account is deleted.

6. Your Rights and Choices

You may access, correct, or update account and profile information through your account settings. You may request deletion of your account and associated personal data by contacting us; we will process such requests in accordance with applicable law. You may opt out of marketing communications via the link in our emails. Depending on your location, you may have additional rights (e.g., under the GDPR or CCPA), including the right to access, port, correct, delete, or restrict processing of your data, or to object to certain processing. To exercise these rights, contact us at the email below. You may also have the right to lodge a complaint with a supervisory authority.

7. Children's Privacy

The Service is intended for use by parents or guardians who have authority over the devices they manage. We do not knowingly collect personal information directly from children under 13. The information we process about managed devices is configured by the account holder (parent or guardian) and is used solely to provide the parental control and device management features they have chosen. If you believe we have inadvertently collected information from a child under 13, please contact us so we can delete it.

8. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. We take steps to ensure that such transfers are subject to appropriate safeguards (e.g., standard contractual clauses or other mechanisms recognized by applicable law).

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Material changes may be communicated by email or a notice in the Service. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

10. Contact Us

For questions about this Privacy Policy or our privacy practices, or to exercise your rights, contact us at: privacy@unbreakableapp.com.