Privacy Policy
Last updated: 15 June 2026 · GDPR compliantKidBox is an application designed for the shared management of family information — chat, documents, notes, activities and children's health. This policy explains transparently what data we process, why and with whom we share it.
Data Controller: KidBox — Vittorio Scocca · ing.vittorioscocca@gmail.com
Data we collect
- Personal information: email, name/alias, profile photo, access credentials, date of birth
- Contacts: names and phone numbers of family and emergency contacts entered by the user
- Family data and content: chat, notes, documents, media, calendar events, to-dos, expenses, children's health data
- Technical data: notification tokens and security logs without identifiable information
- Location data: only when location sharing is explicitly enabled
Legal basis for processing (GDPR Art. 6)
The processing of your personal data is based on the following legal grounds:
- Performance of a contract (Art. 6.1.b): data necessary to provide app features (account, family content, location, notifications)
- Consent (Art. 6.1.a): health data processed via Health Connect and AI features — explicit consent required and revocable at any time
- Legitimate interest (Art. 6.1.f): service security, fraud prevention, technical logs
Why we use your data
- Access and authentication
- Delivery of core features
- Notifications and service updates
- Security and continuous improvement
Location data
KidBox may collect the precise location of the device (GPS) when the family location sharing feature is explicitly enabled by the user. Location may also be collected in the background for family geofence operation, subject to explicit authorization. Location data is transmitted to Google Firebase and is not shared with third parties for advertising purposes.
Device identifiers
KidBox collects the device identifier (Firebase Instance ID / FCM token) to send push notifications. The Facebook Login SDK may collect the device advertising ID for install attribution and advertising campaign purposes. See Meta's Privacy Policy for details.
Sensitive data
KidBox processes health data (vital parameters, medications, medical visits, fitness data from Health Connect) classified as sensitive data under GDPR Art. 9. This data is collected exclusively on the user's explicit consent, stored in encrypted form on Google Firebase, and is not shared with third parties unless the user activates the AI feature (see AI Assistant section). Health data is never used for advertising purposes.
Sharing data with third parties
We do not sell your data. Data is shared exclusively with the following technical providers for service delivery:
- Google Firebase (Firestore, Storage, Auth, Functions, Messaging) — storage, authentication, push notifications. Privacy Policy
- Anthropic — AI processing on explicit consent (questions + family/health context selected by the user). Privacy Policy
- Meta (Facebook) — Facebook Login SDK for authentication and advertising campaign attribution (advertising ID). Privacy Policy
- Google Maps Platform — map display and address geocoding. Privacy Policy
- Google Play Billing — subscription and in-app purchase management. Privacy Policy
AI Assistant & Anthropic
Data sent to Anthropic includes your questions and the family context needed to respond (names, events, health data). Explicit consent is required before first use — revocable at any time from the app settings.
Data retention
Data is retained only for as long as strictly necessary to provide the service. Upon account deletion, all associated data is permanently erased.
Account deletion
You can delete your account at any time from the app settings: Profile → Delete account. See our data deletion page for details.
Data Protection Officer (DPO)
The data controller also serves as the data protection point of contact. For any enquiry regarding your personal data please contact: ing.vittorioscocca@gmail.com
Your rights (GDPR Art. 15–22)
You have the right to request erasure of your personal data at any time (right to erasure, GDPR Art. 17). You may exercise the following rights by contacting us or directly within the app:
- Access to your data (Art. 15)
- Rectification of inaccurate information (Art. 16)
- Erasure of data — right to be forgotten (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Objection to processing (Art. 21)
- Withdrawal of specific consents at any time
- Right to lodge a complaint with the supervisory authority — Garante per la protezione dei dati personali (garanteprivacy.it)
Security
KidBox implements end-to-end encryption and advanced authentication measures to protect your family's data.
Contact
For any privacy question write to ing.vittorioscocca@gmail.com