The short version: Shield is a family safety tool. We collect only what we need to make parental controls work. We never sell your data or use it for advertising. Parents are always in control of their family's information.
Contents
1Data We Collect
We collect different types of data depending on how you and your family use Shield. Here is a clear breakdown:
Account information
When you create a Shield account we collect:
- Your name, email address, and password (stored as a one-way hash — we never see your plain-text password)
- Account role (parent, co-parent, or family admin)
- Subscription plan and billing details (processed by Stripe — we do not store card numbers)
Child profile information
For each child profile you create, we store:
- Display name and age group (used to apply age-appropriate defaults)
- A unique DNS client identifier that links the child's device to their filter rules
- Filter level, schedule rules, time budgets, and custom allow/block lists that you configure
We do not collect the child's real name unless you choose to enter it as the display name.
DNS query logs
Every time a device protected by Shield tries to visit a website or use an app, that DNS lookup is logged. Each log entry records:
- The domain name requested (e.g.,
example.com) - Whether the request was allowed or blocked, and the reason
- The content category matched (e.g., Social Media, Gaming)
- A timestamp
- The child profile the request belongs to
DNS logs do not include the full URL, page content, search terms, or any payload data — only the domain name.
Device information
When a device is registered with Shield, we collect:
- Device name and operating system type (Android)
- A device identifier used to apply per-device rules
- Last-seen timestamp (to show whether a device is active)
We do not collect hardware serial numbers, IMEI numbers, or any other persistent hardware identifiers.
Location data
Location tracking is an opt-in feature. It is only active if you explicitly enable it for a child profile. When enabled, we collect:
- GPS coordinates (latitude, longitude, accuracy) from the Shield app on the child's device
- Timestamps for each location update
- Geofence entry/exit events (when a child arrives at or leaves a saved place)
Location data is never collected passively and is never used for any purpose other than the family safety features you activate.
Usage and analytics data
We collect aggregated, anonymised data about how families use Shield — for example, the most common filter categories, average screen time trends, and platform performance metrics. This data cannot be linked back to any individual family.
2How We Use Your Data
| Purpose | Data used |
|---|---|
| DNS filtering — blocking or allowing domains based on your rules | DNS queries, child profile settings, schedule rules |
| Parental controls — enforcing screen time limits and schedules | Time budget settings, device activity timestamps |
| Activity reports — showing you what your children browsed | DNS query logs, category data |
| Safety alerts — notifying you when blocked content is accessed or a geofence is crossed | DNS logs, location events, notification preferences |
| AI insights — surfacing usage patterns and anomalies | Aggregated DNS logs (anonymised per family) |
| Account management — login, billing, support | Account information, subscription data |
| Platform improvement — fixing bugs, improving performance | Anonymised analytics, error logs |
We do not use your data for targeted advertising, and we do not build advertising profiles of your family members.
3Data Retention
We keep data only as long as necessary to provide the service:
| Data type | Retention period |
|---|---|
| DNS query logs | 90 days, then automatically deleted |
| Location history | 30 days, then automatically deleted |
| Geofence event logs | 30 days, then automatically deleted |
| Account and profile data | Retained while your account is active |
| Billing records | 7 years (required by Indian accounting regulations) |
| Anonymised platform analytics | Up to 2 years |
When you delete your account, all personal data — including child profiles, DNS logs, and location history — is permanently deleted within 30 days. Billing records are retained for the legally required period only.
4Children's Privacy
Key principle: We process children's data solely at the direction of their parent or guardian. Children do not create Shield accounts — parents do.
COPPA (Children's Online Privacy Protection Act)
Shield is designed for parents to manage their children's internet safety. We do not knowingly collect personal information directly from children under 13. All child profiles are created and managed by a verified adult account holder. If you believe a child has submitted personal information to us without parental consent, please contact us immediately at privacy@rstglobal.in and we will delete it promptly.
India's Digital Personal Data Protection (DPDP) Act, 2023
Under India's DPDP Act, processing the personal data of children (under 18) requires verifiable parental consent. Shield's architecture ensures this by design:
- Only adults can register for a Shield account
- All child profiles are sub-accounts created under an adult account
- The parent's act of creating a child profile constitutes the verifiable parental consent required by the DPDP Act
- Children do not interact with Shield's servers directly — DNS filtering operates at the network level
We do not process children's data for behavioural advertising, profiling, or any purpose beyond the family safety features the parent has enabled.
Minimum age for parent accounts
You must be 18 years or older to create a Shield parent account.
5Data Sharing
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
Service providers
We work with a small number of trusted companies who help us deliver the service. Each is bound by a data processing agreement and may only use data to provide services to us:
- Stripe — payment processing (they handle card data; we receive only transaction confirmation)
- Email delivery provider — sending alerts, weekly reports, and billing notifications
- Cloud infrastructure provider — hosting Shield's servers in India
Legal requirements
We may disclose data if required by Indian law, court order, or valid legal process. We will notify you before disclosing your data wherever legally permitted to do so.
Business transfers
If RST Global is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you beforehand and the new entity will be required to honour this Privacy Policy.
What we never do
- We never share your data with advertising networks
- We never sell your data to data brokers
- We never share your children's data with third parties for their own purposes
- We never use DNS query data to build advertising profiles
6Security
Protecting family data is central to everything we build. Our security measures include:
- Encryption in transit: All communication between your devices and Shield's servers uses TLS 1.2 or higher. DNS queries use DNS-over-HTTPS (DoH) to prevent interception.
- Encryption at rest: Sensitive fields in the database are encrypted. Passwords are hashed using bcrypt and are never stored in plain text.
- Access controls: Shield's systems follow the principle of least privilege. Staff access to production data is strictly limited and logged.
- Multi-factor authentication: MFA (TOTP) is available for all parent accounts and strongly recommended.
- JWT session tokens: Authentication tokens are short-lived and cryptographically signed. Refresh tokens are rotated on use.
- Regular backups: Database backups run daily and are tested regularly. Data is retained in geographically separate storage.
- Vulnerability management: We perform regular security reviews and apply patches promptly.
No system is perfectly secure. If you discover a security vulnerability in Shield, please report it responsibly to privacy@rstglobal.in.
7Your Rights as a Parent
As the account holder, you have full control over your family's data. You can exercise any of the following rights at any time:
Access
You can view all data Shield holds about your family through the Shield dashboard. DNS logs, location history, device records, and child profiles are all visible to you in real time.
Correction
You can update your account information, child profile names, and device names directly in the app or dashboard at any time.
Deletion
You can delete individual child profiles, clear DNS logs, or delete your entire account from the Shield dashboard. Account deletion permanently removes all personal data within 30 days.
Data export
You can request a copy of your family's data in a machine-readable format by emailing privacy@rstglobal.in. We will fulfil the request within 30 days.
Restriction
You can disable optional features (such as location tracking) at any time from the parent dashboard without closing your account.
Complaints
If you believe we have not handled your data correctly, you have the right to lodge a complaint with India's Data Protection Board once it is established under the DPDP Act. We would always prefer the opportunity to resolve your concern directly first — please contact us at privacy@rstglobal.in.
8Changes to This Policy
We may update this Privacy Policy from time to time as the platform evolves or as legal requirements change. When we make significant changes, we will:
- Post the updated policy on this page with a new effective date
- Send an email notification to all account holders
- Show an in-app notice on your next login
Continuing to use Shield after the effective date of a revised policy constitutes your acceptance of the changes. If you disagree with a change, you may delete your account at any time.
9Contact Us
If you have any questions about this Privacy Policy or about how we handle your family's data, please get in touch:
RST Global — Privacy Team
Email: privacy@rstglobal.in
Address: RST Global Private Limited, India
We aim to respond to all privacy enquiries within 5 business days.
This Privacy Policy was last updated on 1 March 2026.