Privacy Policy

Last updated: February 3, 2026

Introduction

Defilan Technologies LLC ("we," "our," or "us") operates Shelta, a parental control service that helps parents protect their children's devices. This Privacy Policy explains how we collect, use, and protect information when you use our service.

We are committed to protecting your privacy and the privacy of your children. Shelta is designed with privacy in mind, using enterprise-grade MDM (Mobile Device Management) technology that focuses on device management rather than invasive monitoring.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Authentication data through our provider, Clerk (see Third-Party Services below)

Device Information

When you enroll a child's device, we collect:

  • Device name and model
  • Operating system version
  • Device identifiers (UDID) necessary for MDM management
  • Device enrollment status
  • Device location (only when requested by parent through the dashboard)

Usage Data

We may collect basic app usage statistics (which apps are installed) to help parents understand device usage. Parents have full control over the restrictions applied to their child's device through the Shelta dashboard.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Shelta service
  • Enable parents to manage and protect their children's devices
  • Communicate with you about your account and service
  • Improve and develop our service
  • Ensure the security and integrity of our platform

Children's Privacy (COPPA Compliance)

Shelta is a parental control service designed to be used by parents and guardians, not by children. We comply with the Children's Online Privacy Protection Act (COPPA).

  • Only parents/guardians (18 years or older) may create Shelta accounts
  • We verify parental status through credit card verification during account creation (a nominal authorization confirms access to a valid payment method as evidence of adult status)
  • Device information is collected from children's devices only after verifiable parental consent is obtained
  • Parents have full access to view and delete their children's device data at any time
  • We do not knowingly collect personal information directly from children
  • We collect only the minimum data necessary to provide the Service (data minimization)
  • We do not use children's data for advertising purposes
  • We do not share, sell, or disclose children's personal information to third parties for marketing or advertising

Parental Rights Under COPPA

As a parent or guardian, you have the right to:

  • Review the personal information we have collected from your child's device
  • Request deletion of your child's information at any time
  • Refuse further collection of your child's information by unenrolling their device
  • Access and export your child's data through your Shelta dashboard

How to Exercise Your Rights

  • Review or delete device data: Log into your Shelta dashboard and navigate to Device Settings
  • Unenroll a device: Use the "Remove Device" option in your dashboard, which stops data collection and deletes stored data within 30 days
  • Delete your entire account: Email privacy@shelta.app with your request
  • Questions about your child's data: Contact privacy@shelta.app

We will respond to all COPPA-related requests within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights:

  • Right to Know: You can request information about the personal information we collect, use, and disclose
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at contact@defilan.com.

Third-Party Services

Clerk (Authentication)

We use Clerk for user authentication. Clerk processes your login credentials and authentication data. See Clerk's Privacy Policy for more information.

Plausible Analytics

We use Plausible Analytics to understand how visitors use our website. Plausible is a privacy-focused analytics service that:

  • Does not use cookies
  • Does not collect personal data
  • Does not track users across websites
  • Is fully compliant with GDPR, CCPA, and PECR

See Plausible's Privacy Policy for more information.

Resend (Email)

We use Resend to send transactional emails such as account notifications, alerts, and weekly reports. Resend processes your email address to deliver these communications. See Resend's Privacy Policy for more information.

Google Cloud Platform (Infrastructure)

Our service is hosted on Google Cloud Platform (GCP). Account and device data is stored in GCP databases located in the United States. Google acts as a data processor on our behalf and is contractually bound to protect your data. See Google's Privacy Policy for more information.

Data Security

We implement industry-standard security measures to protect your information:

  • All data transmission is encrypted using TLS/HTTPS
  • Device management uses enterprise-grade MDM security protocols
  • Access to personal data is restricted to authorized personnel only
  • We regularly review and update our security practices

We maintain a written information security program specifically addressing the protection of children's personal information, as required by COPPA. This program includes safeguards appropriate to the sensitivity of the data we collect and is reviewed and updated at least annually.

Internal Administrative Access

Shelta's internal administrative dashboard provides aggregate platform statistics for operational monitoring. This includes:

  • Total counts of users, devices, and child profiles
  • Aggregated device model and iOS version distributions
  • Platform health metrics (alert counts by type)
  • Growth trends (new signups per month)

Important: Administrative access is strictly limited to platform owners and does not include access to:

  • Individual user identities, emails, or names
  • Specific device details or locations
  • Child profile information
  • Any personally identifiable information (PII)

The administrative dashboard is view-only and cannot be used to modify user data, manage devices, or take any actions on behalf of users.

Data Retention

We retain data only as long as necessary to provide the Service:

  • Account information: Retained while your account is active
  • Device identifiers: Retained while the device is enrolled; deleted within 30 days of unenrollment
  • Alert history: Retained for 90 days, then automatically deleted
  • Audit logs: Retained for 1 year for security purposes

When you delete your account, we will delete your personal information and all associated child and device data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Defilan Technologies LLC

Email: contact@defilan.com

Website: shelta.app