PauziPauzi
RO

Privacy Policy

Last updated: June 12, 2026

Pauzi is an app built with care for parents and children. We take seriously the responsibility of protecting our users’ data. This policy explains what data we collect, why, who we share it with, and your rights.

At a glance

  • We never sell data.
  • We don’t run ads. Pauzi is ad-free.
  • Children do not create accounts or type free-form text in Pauzi. We process child-device usage data only for features configured by the parent.
  • Data is stored in the EU (Frankfurt) via Supabase.
  • You can delete your account anytime: Settings → Account → Delete account.
  • For any data request, write to privacy@pauzi.app.

Who we are

Pauzi is operated by ROCKSOLID MEDIA SRL, Romanian company identification number 38420346, registered office in Bucharest, strada Tincani, no. 4, bl. F7, sc. 1, ap. 12, Romania.

For privacy questions or data requests, contact us at privacy@pauzi.app.

What data we collect

From the parent (you)

  • Email and password — for authentication. Passwords are stored by Supabase Auth as secure hashes and we never see them in plain text.
  • Account settings — your preferences (notifications, language, parental PIN stored as a hash, device timezone).
  • Subscription status — whether you have an active Premium subscription and until when (synced from Google Play via RevenueCat).

About the child (entered by you)

  • Name and age — for personalizing sessions and the way Pauzi addresses your child.
  • Avatar and preferences — visual and behavior options.
  • List of allowed apps — the apps you’ve approved your child to use during a session.
  • Custom activities (Premium) — the text you create for your child (e.g., “Davidut, let’s dance with mommy”) and the audio generated for that text.
  • Patience Chest (Premium) — star count, target set by you, reward text, generated reward audio and reward claim history.

Session activity (on the child’s device)

  • Currently foreground app — to know when to display the Pauzi screen over an app that should no longer be used. We only check the package name (e.g., com.google.android.youtube); we don’t read content.
  • Session duration — when it started and ended, whether the child respected the time.
  • Session events — messages received from the parent (nudges), suggested follow-up activity.
  • Daily quota, cooldown and live progress — remaining/consumed time per day, session state, child-device battery and whether Accessibility permission is active.

Technical data (per device)

  • Push notification token (FCM) — to send notifications between parent and child.
  • Device role (parent/child), local installation identifier and child device link — so Pauzi can distinguish the parent phone from the child phone and sync the right profile.
  • App version, device model, Android version — used for error reporting, performance diagnostics (Sentry) and debugging.
  • Pairing code — generated temporarily when linking parent-child devices, expires in 15 minutes.
  • Device timezone — for correctly scheduling quiet hours. We do NOT collect GPS coordinates or real location.
Detailed — exact database fields we store

In Supabase Auth: account identifier, email and password hash. In users: id, email, language, country, timezone, onboarding status, subscription status, analytics preference. In parent_settings: parental PIN hash, notification preferences and language. In child_profiles: name, age, avatar, tone, default duration, daily quota, cooldown and bedtime schedule. In routines and child_default_activity_prefs: routines and selected default activities. In custom_activities and tts_usage: activity text, TTS audio status/path/hash, voice, TTS errors and generated character counts. In sessions and session_events: session start/end, planned/actual duration, screen_time_seconds, per-app app_usage, end reason, suggested activity, acknowledgements and overlay events. In child_installed_apps and child_allowed_apps: installed and allowed package names/labels. In child_live_state: heartbeat, accessibility_ok, battery, current app, session progress, quota/cooldown. In child_devices and device_tokens: device role, locally generated device_instance_id, FCM token, model, app version, platform and last_seen. In pairing_codes: temporary pairing codes. In subscriptions: provider, product_id, status, expiry and RevenueCat webhook payload. In reward_programs and reward_events: stars, target, reward text, TTS audio status/path/hash and reward claim history. In analytics_events: only technical/product analytics events if the option is enabled.

Sensitive Android permissions

Pauzi uses sensitive permissions on the child’s device to do its job. Here’s exactly which and why:

Accessibility Service

Required to detect when an app comes to the foreground, so Pauzi can display the “time’s up” screen over YouTube, games, etc. We do NOT read text, NOT read chats, NOT record actions. We only check the package name of the current app (e.g., com.google.android.youtube) to trigger the Pauzi screen.

“Display over other apps” (System Alert Window)

Required to display the Pauzi interface over another app (e.g., over YouTube when time’s up).

Foreground Service

Used to keep the session active in the background, even if you temporarily close the Pauzi app. A permanent notification “Pauzi session active” is shown.

Notifications (POST_NOTIFICATIONS)

To receive messages from the parent on the child’s device, or alerts about the child on the parent’s device.

Audio (Audio Focus)

Used to play Pauzi’s voice and, when the system allows it, temporarily lower other apps’ volume while Pauzi speaks. We do NOT use the microphone and we do NOT record audio.

Detailed — all permissions requested by the app

INTERNET and ACCESS_NETWORK_STATE (account and server connectivity), POST_NOTIFICATIONS (parent-child notifications), FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE (active session foreground service), SYSTEM_ALERT_WINDOW (Pauzi overlay), BIND_ACCESSIBILITY_SERVICE (declared by the service, manually enabled by the user), RECEIVE_BOOT_COMPLETED (restart checks after reboot), SCHEDULE_EXACT_ALARM (accurate midpoint/warning/end timers), QUERY_ALL_PACKAGES (show installed apps so the parent can choose allowed apps), KILL_BACKGROUND_PROCESSES (used locally, where Android allows it, to help return the child from blocked apps). These permissions do not give us access to app content, contacts, photos, messages or microphone audio.

What we do NOT collect

  • We do NOT access contacts, photos, calendar, SMS, or emails.
  • We do NOT collect GPS or Wi-Fi location. We only use the device timezone.
  • We do NOT read app contents (we do NOT track which YouTube videos your child watches, NOT read messages, NOT record audio).
  • In the app we do NOT use tracking cookies. On the website (pauzi.app) we use Google Analytics only if you explicitly accept it from the cookie banner (details under “Who we share data with”).
  • We do NOT sell or share data with advertising networks.
  • We do NOT ask the child to enter personal data or free-form text. The child interacts with overlays, the child launcher and the Patience Chest; those interactions are saved only as session/reward events.

Why we need this data

  • Email + password: so you can sign in from multiple devices and not lose data when you switch phones.
  • Child profile: to personalize sessions — duration appropriate for the age, tone matching the child’s temperament, addressing by name.
  • Current foreground app: to display the Pauzi screen at the right moment, over the app the child is using.
  • Session history: to show you in Activity whether the child respected the time, on which days / at what hours.
  • FCM token: so the parent can send messages to the child’s device (and vice versa — “your child is offline” alerts).
  • Stars and rewards: so Pauzi can show the child’s progress, open the chest at the parent-set target and keep reward history.
  • TTS text: so ElevenLabs can generate voice for custom activities and the parent-approved reward.
  • Subscription status: to unlock the Premium features you’ve paid for.

Who we share data with

To make Pauzi work, we use the following services (sub-processors under GDPR):

Supabase (EU — Frankfurt, Germany)

Database, authentication, Edge Functions and storage provider. Stores accounts, child profiles, sessions, live state, custom activities, TTS audio, rewards and technical tokens. Data at rest is encrypted. Supabase Privacy Policy.

RevenueCat (USA)

Manages Premium subscriptions. Receives your unique Supabase identifier (UUID, not name/email) and Google Play purchase info. RevenueCat Privacy Policy.

Google Firebase Cloud Messaging (USA, under Google)

Sends push notifications (parent-child messages, offline alerts). The FCM token is generated by Google on your device and tied to the Pauzi install. Firebase Privacy Policy.

Sentry (USA)

Collects error reports and performance diagnostics so we can fix bugs quickly. Data sent may include: error type, stack trace, app version, device model, Android version, environment, execution timings and sanitized technical messages. It does NOT include email, password, the content of apps used by the child, or TTS texts. If you want us to anonymize reports tied to your account, write to privacy@pauzi.app. Sentry Privacy Policy.

ElevenLabs (USA) — only for Premium personalized voice features

When you create a custom voice activity or a spoken reward for the Patience Chest, the text you entered is sent to ElevenLabs for audio generation. The resulting audio is stored in Supabase Storage (EU), and the app plays it to the child or uses it as a parent preview. We do not send ElevenLabs session history, installed/allowed apps, email or password. ElevenLabs Privacy Policy.

Google Play (USA, under Google)

Distributes the app and processes Premium subscription payments. Google Play’s privacy policy applies to payment transactions.

Google Analytics (USA, under Google) — website only, with consent

On pauzi.app we use Google Analytics 4 to understand how the site is used (pages visited, traffic source, Google Play conversions and newsletter signups). Tracking is enabled ONLY if you explicitly accept it from the cookie banner shown on your first visit. Data includes: IP address (anonymized), country, browser, operating system, pages visited, visit duration. We use Consent Mode v2 with default “denied” for all analytics/advertising storage. We do NOT use this data for ads and we do NOT share it with advertising networks. Google Privacy Policy. You can change your decision anytime by clearing the site cookies in your browser — the banner will reappear on the next visit. Google Analytics does NOT run inside the Android app.

How long we keep data

  • Account + child profiles: until you delete the account.
  • Session history + activity: until you delete the account.
  • Custom activities, rewards + TTS audio: until you delete/disable them, delete the child profile, or delete the account.
  • Crash reports and diagnostics (Sentry): according to the retention configured in Sentry; anonymization requests can be sent to privacy@pauzi.app.
  • FCM tokens: until you uninstall the app (Google invalidates them automatically).
  • Pairing codes: 15 minutes. After that, automatically deleted by our cron job.
  • Subscription invoices: 10 years (Romanian fiscal legal obligation).

Your rights (GDPR)

As an EU user, you have the following rights:

  • Access: to know what data we hold about you. Write to privacy@pauzi.app.
  • Rectification: to correct incorrect data. Child profile is editable directly in the app.
  • Erasure: to delete all your data. Settings → Account → Delete account, or see the dedicated page.
  • Portability: to receive a copy of your data in machine-readable format (JSON). Write to privacy@pauzi.app, we respond within 30 days.
  • Objection: to object to certain processing (e.g., crash reporting). Write to privacy@pauzi.app.
  • Complaint to supervisory authority: if you believe we’re violating your rights, you can complain to ANSPDCP (Romanian DPA) or your country’s authority.

Children under 13

Pauzi is designed for parents and legal guardians of children aged 3–9, and the account belongs to the parent (or legal guardian). The child may interact with the Pauzi overlay, the child launcher and the Patience Chest, but cannot create an account and does not type free-form text. Child data is configured by the parent and can be deleted anytime. Per GDPR Art. 8, we process children’s data only based on consent from the parent/legal guardian.

Security

Connections are encrypted (HTTPS / TLS 1.3). Passwords are hashed with bcrypt. Data at rest in Supabase is encrypted. Access to our systems is protected by 2FA on all admin accounts.

In case of a security incident affecting you, we will notify you within 72 hours per GDPR Art. 33-34.

Changes to this policy

If we change this policy, we’ll notify you by email and in-app notification at least 30 days in advance. The updated version will always be available on this page, with the last modification date visible at the top.

Contact

For any privacy question or to exercise your GDPR rights, write to privacy@pauzi.app. We respond within 30 days (usually much faster).

For general tech support: support@pauzi.app.

Politica de confidențialitate · Pauzi