Privacy Policy — Apex Browser

The short version: Apex Browser is a parental-controlled safe browsing tool. Parents create all accounts. Children never submit personal information to us — ever. We collect only what's needed to run the service: browsing activity so parents can monitor usage, chat messages between parent and child, and documents created in the Writer tool. We do not sell data. We do not advertise. We do not share data with anyone except Google Firebase, which hosts the service. Parents control all data and can delete everything at any time.

Contents

1.Who We Are 2.Who Uses This Service 3.Information We Collect 4.How We Use Information 5.Third-Party Services (Firebase / Google) 6.Children's Privacy and COPPA 7.Parental Rights and Data Controls 8.Data Retention 9.Security 10.Your Privacy Rights (State Laws) 11.Changes to This Policy 12.Contact Us

1. Who We Are

Apex Browser is operated by True Anchor LLC, a limited liability company registered in the State of Michigan.

References to "Apex Browser," "we," "us," or "our" in this policy refer to True Anchor LLC.

This Privacy Policy applies to the Apex Browser web application accessible at apexbrowser.app and all related sub-pages and tools, including Apex Writer, Apex Calculator, Apex Chat, and Apex Design.

2. Who Uses This Service

Apex Browser is designed for use by parents and guardians who create accounts to manage the browsing environment for their children. The service involves two types of users:

Administrator Accounts: Adults (18 or older) who register with an email address and password. Administrators create and manage all aspects of the service, including child profiles, approved site lists, and activity monitoring.
User Profiles: Profiles created by Administrators for their children. Children do not register directly — they access the service using a display name and a PIN chosen by the Administrator. Children do not submit personal information to us at any point.

Apex Browser is a parent-controlled service by design. No child can access the service without an Administrator first creating and configuring their profile. The entire service relationship — including any data collection — is between True Anchor LLC and the Administrator.

3. Information We Collect

3.1 — From Administrators (Account Holders)

Email address — used to create and authenticate your Administrator account via Google Firebase Authentication.
Password — stored as a hashed value by Firebase; we never see your plain-text password.

3.2 — Data Associated With Child Profiles (configured and controlled by Administrators)

The following data is created and managed entirely by the Administrator. Children do not submit this information directly.

Profile display name and avatar: The name and icon an Administrator assigns to each child profile. No legal name is required — Administrators may use a first name, nickname, or any identifier they choose.
Browsing session activity: When a child uses the browser, we log the URLs visited, the domain name, and the timestamp of each page visit. This is stored per session and is accessible only to the Administrator.
Chat messages: If the Administrator enables the Chat feature, messages sent between the Administrator and child are stored in our database. Messages are visible to the Administrator at all times and are not end-to-end encrypted.
Written documents: Documents created in Apex Writer are stored in our database, attributed to the child profile, and are accessible to the Administrator at all times.
Designs: Graphics created in Apex Design are stored in our database, attributed to the child profile, and are accessible to the Administrator at all times.
Presence data: When a child uses the Chat feature, their online status is stored temporarily. This data is overwritten continuously and is not retained as a permanent record.
Site approval requests: When a child attempts to visit an unapproved site, the domain name and URL are stored as a pending request visible to the Administrator.
Approved site list: The list of websites an Administrator has approved for each child profile.

3.3 — What We Do NOT Collect

Full legal names of children
Physical addresses
Phone numbers
Photos, videos, or audio recordings
Precise geolocation data
Persistent device identifiers or advertising IDs
Payment information (handled entirely by our payment processor, if applicable)
Social media information

We do not use cookies for tracking or advertising. We use only functional session cookies required by Firebase Authentication to keep Administrators logged in.

4. How We Use Information

We use the information we collect solely for the following purposes:

To provide the service: Authenticating Administrator accounts, loading child profiles, enforcing approved site lists, and displaying browsing history to Administrators.
To enable parental oversight: Displaying session activity, chat messages, and documents to the Administrator account holder.
To enable real-time approval: Storing and routing site approval requests from child profiles to Administrator accounts.
To send push notifications: Delivering site approval request notifications and new message alerts to the Administrator's device via Google Firebase Cloud Messaging.
To improve reliability: Monitoring service uptime and identifying technical errors using anonymized system logs. These logs do not contain personal information.

We do not: sell personal information, use personal information for advertising, profile children for any purpose beyond operating the service, or share personal information with any third party other than Google Firebase (see Section 5).

5. Third-Party Services — Firebase / Google

Apex Browser uses Google Firebase to store and process all data described in this policy. Firebase is a platform operated by Google LLC, headquartered in Mountain View, California.

Data stored in Firebase is subject to Google's Privacy Policy and Google's Data Processing Terms. Data is stored in Google Cloud data centers, primarily in the United States.

What Google Firebase receives: All data described in Section 3 above — Administrator email addresses, child profile names, session activity, chat messages, documents, designs, and approved site lists — is stored in Firebase Firestore and Firebase Authentication. Push notifications are delivered via Firebase Cloud Messaging.

What Google does NOT do with this data: Google does not use data stored in Firebase for advertising purposes. Google does not sell this data. True Anchor LLC has accepted Google's Data Processing and Security Terms, which govern how Google handles data on our behalf.

You can review Google's privacy practices at policies.google.com/privacy.

No other third parties have access to personal information collected by Apex Browser.

6. Children's Privacy and COPPA

6.1 — How Apex Is Designed

Apex Browser is intentionally architected so that children never submit personal information to us directly. Children access the service through a profile created entirely by their parent or guardian. There is no registration flow, no email address, no account creation, and no direct data collection from the child at any point.

The child's profile — including their display name, PIN, approved sites, and browsing activity — is created, configured, and owned by the Administrator. All data associated with a child profile flows through the Administrator's account.

6.2 — COPPA Applicability

The Children's Online Privacy Protection Act (COPPA) applies to operators who collect personal information directly from children under 13. Because Apex Browser does not collect personal information from children — directly or indirectly outside of the Administrator's control — COPPA's operator requirements do not apply to our service in the same way they apply to platforms that children register for independently.

We have made this architectural choice deliberately. We believe the best protection for children's privacy is not to collect their information at all. The service relationship is entirely between True Anchor LLC and the adult Administrator.

This design is analogous to a parent subscribing to an educational platform on behalf of their child, where the parent holds the account and the child is a beneficiary — not a party to the data relationship.

6.3 — Good-Faith Commitment

While we believe COPPA's direct-collection requirements do not technically apply to our architecture, we voluntarily follow its spirit:

We collect the minimum data necessary to operate the service.
We do not use child-associated data for advertising, profiling, or any purpose beyond providing the service to the Administrator.
We give Administrators full visibility into and control over all data associated with their child profiles.
We delete all child profile data promptly upon Administrator request.

If you believe a child has submitted personal information to us without Administrator authorization — for example, through a bug or unintended product behavior — please contact us immediately at privacy@apexbrowser.app. We will investigate and delete the information within 7 business days of verified notice.

7. Parental Rights and Data Controls

As the Administrator account holder, you have full control over all data in your account. Your rights include:

Right to review: Log in to your Administrator dashboard at any time to review all data associated with each child profile — session activity, chat messages, documents, designs, and approved sites.
Right to delete: Delete individual sessions, chat messages, documents, or entire child profiles directly from your dashboard. Deletion triggers permanent removal from our Firebase database.
Right to revoke consent: Delete your Administrator account at any time by contacting privacy@apexbrowser.app. All associated child profiles and their data will be permanently deleted within 30 days.
Right to stop collection: Stop using the service at any time to halt all further data collection.
Right to a data export: Request a copy of all personal information associated with your account by contacting privacy@apexbrowser.app. We will respond within 30 days.

To exercise any of these rights, contact us at privacy@apexbrowser.app. We may ask you to verify your identity before processing requests.

8. Data Retention

We retain personal information only as long as necessary to provide the service or as required by law:

Session activity (browsing history): Retained for 90 days from the date of collection, then automatically deleted.
Chat messages: Retained for 60 days from the date sent, then automatically deleted.
Written documents and designs: Retained until the Administrator deletes them, or until the Administrator account is deleted.
Site approval requests: Retained for 30 days after being resolved, then automatically deleted.
Presence data: Not permanently retained. Overwritten continuously and not stored as historical records.
Administrator account information (email): Retained until account deletion is requested.
Child profile information: Retained until the Administrator deletes the profile or the Administrator account is deleted.

Backup copies of data may be retained for up to 30 additional days after deletion as part of routine backup procedures, after which they are permanently purged.

9. Security

We take the security of personal information seriously. Our security practices include:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS). The .app TLD requires HTTPS by default.
Encryption at rest: Firebase Firestore encrypts all data at rest using AES-256.
Access controls: Firestore security rules restrict data access so that only authenticated Administrator accounts can read their own children's data. Child profiles have no administrative access.
Password security: Passwords are never stored in plain text. Firebase Authentication uses industry-standard password hashing.
No employee access to messages: Chat messages and documents are stored in Firebase and are not routinely accessed by True Anchor LLC employees or contractors.

No security system is perfect. In the event of a data breach affecting personal information, we will notify affected users as required by applicable law, including Michigan's Identity Theft Protection Act.

10. Your Privacy Rights — State Laws

Michigan residents: Michigan's Identity Theft Protection Act requires us to notify you if your personal information is compromised in a security breach.

California residents: If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@apexbrowser.app.

Users in the European Union / UK: If you access Apex Browser from the EU or UK, you may have rights under the GDPR. Our lawful basis for processing is legitimate interests (operating the contracted service). You have rights to access, rectify, erase, and port your data. Contact privacy@apexbrowser.app to exercise these rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — particularly any changes to how we handle data associated with child profiles — we will:

Update the "Last Updated" date at the top of this page.
Send an email notification to all registered Administrator accounts.

Continued use of Apex Browser after the effective date of a revised policy constitutes your acceptance of the changes.

12. Contact Us

For privacy-related questions, data requests, or to report a concern about data associated with a child profile:

True Anchor LLC — Privacy Contact

Privacy: privacy@apexbrowser.app

General: hello@apexbrowser.app

Legal: legal@apexbrowser.app

Mail: True Anchor LLC, Michigan

We respond to privacy requests within 30 days. For urgent matters involving suspected unintended data collection from a child, we respond within 7 business days.