Safety & Privacy

Safety is our foundation.

We built ToyAI with children's safety as the non-negotiable priority. Here's exactly how we protect your family.

COPPA Compliant
GDPR Compliant
SOC 2 Type II
ISO 27001

End-to-End Encryption

  • All conversations encrypted with AES-256 in transit and at rest
  • Encryption keys stored locally on device, never on our servers
  • Optional cloud backup uses separate user-controlled encryption key
  • Zero-knowledge architecture: we cannot read your conversations

Data Storage

  • Conversation data stored locally on the device by default
  • No conversation data sold, shared, or used for advertising
  • Cloud backup is opt-in and encrypted separately
  • EU data residency available for European customers

Children’s Privacy

  • Full COPPA compliance for children under 13
  • Parental consent required for all features
  • No personal data collection from children
  • Age-appropriate content filtering built into AI model

Data Deletion

  • Delete individual conversations at any time
  • Full data wipe available from Parent Dashboard
  • Complete account deletion with 30-day grace period
  • Automated data purge confirmation via email

Content Safety

  • Multi-layer content filtering before AI response
  • Real-time sentiment analysis and flagging
  • Automatic redirection from inappropriate topics
  • Parent-configurable topic blocks and word filters

Transparency

  • Full conversation logs available to parents
  • Regular third-party security audits
  • Open incident reporting and disclosure policy
  • Annual transparency report published publicly

Our promise to parents

We will never sell your data. We will never use conversations for advertising. We will always give you full control. If we ever fall short, we will tell you openly and fix it immediately.