Privacy Policy
Effective Date: March 11, 2026 · Last Updated: March 18, 2026
This Privacy Policy describes how HelmaShield ("we", "us", or "our") collects, uses, and protects information when you use our services, including the HelmaShield Website, HelmaShield Watch (Android TV), and HelmaShield Go (Android mobile).
By using any of our services, you agree to the practices described in this policy.
1. Who We Are
HelmaShield is an independent software project operated by a private individual located in Sweden.
HelmaShield is a parental control platform that allows parents and guardians to curate safe YouTube content for their children.
For the purposes of applicable data protection laws (including GDPR), the operator of HelmaShield acts as the data controller for personal data processed through the service.
2. Information We Collect
2.1 Account Information
When you register, we collect:
- Email address — used for authentication, account management, and service communications.
- Display name — a name you choose to identify your account.
Your password is never stored in plain text. It is processed as a salted cryptographic hash for authentication purposes only.
2.2 Profile Information
When you create a child profile, we store the profile name and any display preferences you set (such as avatar color). No other personal information about the child is collected.
2.3 Device Tokens
When a device is paired with your account, we generate and store a HelmaShield device token used to authenticate that device. This token is generated by HelmaShield and does not include any hardware identifiers or device metadata (such as model, OS version, or advertising identifiers). The token is also stored locally on the paired device so it can authenticate with the HelmaShield service on subsequent launches.
2.4 Subscription and Payment Information
Subscriptions are processed by Paddle, our payment provider. We do not collect or store credit card numbers or payment details. We receive limited information from Paddle to operate the service, including subscription status, plan details, and billing event notifications.
Please review Paddle's Privacy Policy.
2.5 YouTube Content Preferences
We store the list of YouTube channels and videos you have included in or excluded from each profile. We do not collect viewing history, watch time, or behavioural data.
HelmaShield's backend server uses the YouTube Data API v3 to retrieve publicly available metadata about channels and videos on your behalf. The TV and mobile apps do not call the YouTube API directly — all YouTube content is accessed through the HelmaShield website.
2.6 Email Verification and Password Reset Tokens
Temporary tokens are generated for email verification and password reset flows. These tokens expire after a short period and are used only for account security purposes.
3. What We Do Not Collect
- We do not collect or store precise geolocation data.
- We do not collect personal information directly from child profiles.
- We do not track viewing behaviour, session duration, or engagement metrics.
- We do not use advertising networks.
- We do not sell or rent user data.
An approximate country may be inferred from your IP address solely to display correct regional pricing. This information is not stored.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, we process personal data under the following legal bases:
- Contractual necessity
- Data processing required to provide the HelmaShield service (account authentication, device pairing, subscriptions).
- Legitimate interest
- Maintaining platform security, preventing abuse, and operating the service reliably.
- Legal obligations
- Retention of certain billing records required by financial regulations.
- Consent
- Where applicable (for example, if optional communications are enabled).
5. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Account authentication and security | Email, hashed password |
| Providing the parental control service | Profile names, device tokens, content preferences |
| Processing subscription billing | Subscription status via Paddle |
| Sending transactional emails | Email address |
| Displaying regional pricing | Approximate country from IP (not stored) |
We do not sell, rent, or trade personal information.
6. Profile Privacy
HelmaShield is designed for use by parents and guardians. Account registration requires an adult to create and manage the account. Profiles contain only a name and display preferences chosen by the parent or guardian.
We do not knowingly collect personal information directly from child profiles. If you believe a profile has provided personal information without parental consent, please contact us so we can delete it.
7. Data Storage and Security
- All data is stored on secured servers.
- Passwords are stored only as salted cryptographic hashes.
- Device tokens are generated internally and used only for device authentication.
- All communication with the service uses encrypted HTTPS connections.
While we apply reasonable safeguards, no system can guarantee absolute security.
8. Data Retention
- Account data
- Retained while your account remains active.
- Child profiles
- Retained until deleted by the account owner.
- Device tokens
- Retained until the device is removed.
- Billing records
- Retained as required by financial regulations.
Upon account deletion, personal data will generally be deleted within 30 days, except where retention is required by law.
9. Third-Party Services
| Service | Purpose |
|---|---|
| Paddle | Subscription billing |
| YouTube Data API v3 | Retrieving video and channel metadata |
| SMTP provider | Sending transactional emails |
These services operate under their own privacy policies. We do not share personal data with third parties beyond what is strictly necessary to operate the service. Each provider receives only the minimum data required for its function.
HelmaShield is not affiliated with or endorsed by YouTube or Google.
10. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account
- Restrict or object to certain processing
- Request a copy of your data (data portability)
Residents of the EEA also have the right to lodge a complaint with their local data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).
11. Cookies and Tracking
The HelmaShield website uses a single authentication cookie to keep you signed in. This cookie is strictly necessary for the service to function and is not used for tracking or advertising. The TV and mobile apps do not use cookies.
12. Changes to This Policy
We may update this Privacy Policy periodically. When changes occur, the "Last Updated" date will be revised. Continued use of the service after changes are posted constitutes acceptance of the updated policy.
13. Contact
For questions regarding this Privacy Policy:
HelmaShield Support — support@helmashield.com