Gardion Privacy Policy
Effective date: July 16, 2026
Controller: Individual Entrepreneur Aleksandr Viktorovich Popov, TIN 343700251016, PSRNIE 320344300015828, 26 Mira Street, Volgograd, Russia.
Contact: app@gardion.io
1. Scope
Gardion is a parental-control service for Windows and Android. It includes the parent dashboard and mobile app, child-device agents, and supporting server infrastructure. Processing is governed by Russian Federal Law No. 152-FZ on Personal Data.
2. Data we process
Parent data
- Email address, bcrypt password hash, session IP address, User-Agent and security events.
- Payment reference, amount and status received from YooKassa. Gardion does not store card numbers.
- Support messages and notification settings.
Windows child-device data
- Device identifier, hostname, platform and technical state.
- Application usage and screen time.
- Optional browser history, retained for up to three days.
- Screenshots only when requested by a parent.
- Security and troubleshooting events.
Android child-device data
- Android device identifier and device name.
- Installed applications and application usage from the Android UsageStats API.
- Website addresses read in supported browsers through AccessibilityService for parental web filtering and the linked parent's browsing-history view.
- Optional location, geofence events, battery state and location attached to an SOS alert.
- Optional screenshots requested by the parent and captured only after Android system consent.
- Optional step count used for family tasks and rewards when physical-activity access is granted.
The optional movement-break camera is enabled by a parent. Frames are processed locally on the device; Gardion does not record or transmit camera video or microphone audio.
3. What we do not do
Gardion does not record keystrokes, read message contents, show advertising, sell data, or use third-party advertising or analytics trackers. The child app remains visible and must not be used to monitor an adult without lawful consent.
4. Children's data and parental authority
The account holder must be an adult parent, guardian, or another person legally entitled to manage the child's device. During setup, the parent confirms this authority, accepts this Policy, and consents to processing the child's data. If the child is 10 or older, the parent also confirms that the child has been informed.
5. Storage, security and retention
Data is hosted on a Timeweb Cloud server in Russia and transmitted over HTTPS. Passwords use bcrypt; child-agent API keys are stored as SHA-256 hashes.
Active data is retained while the account exists. After confirmed account deletion, active parent and child data is erased immediately and irreversibly. Anonymised payment and accounting records may be retained only as required by law. Account deletion does not itself submit a refund request.
6. Recipients
- YooKassa receives the amount and email needed to process a payment.
- Russian authorities may receive data only in response to a valid legal request.
- Error reporting is disabled by default. If an administrator explicitly configures Sentry, technical error data without intentional PII may be transferred to Sentry GmbH in Germany.
We do not disclose data for marketing purposes.
7. Your rights
You may request access, correction, restriction or deletion by emailing app@gardion.io. You may also delete the account in Gardion settings or use https://gardion.io/winsysmon/delete-account. You may complain to Roskomnadzor.
8. Cookies
The dashboard uses one essential session cookie (HttpOnly, Secure, SameSite=Lax) for authentication. It is not used for advertising or analytics.
9. Changes and contact
Material changes will be announced by email before they take effect. Questions may be sent to app@gardion.io or to the postal address above.