Privacy Policy — Critical Friend

Privacy Policy — Critical FriendLast updated: April 2026

This Privacy Policy explains how Critical Friend ("the app", "we", "us") collects, uses, and protects your personal data. Critical Friend is developed and operated by Matthew Phillips, a sole trader based in England, United Kingdom.

We take the privacy of children and families extremely seriously. Please read this policy carefully before using the app.

1. Who We Are

Data Controller: Matthew Phillips Country: England, United Kingdom Contact: matt@criticalfriend.app

As the data controller, Matthew Phillips is responsible for how your personal data is collected, stored, and used in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

Parent account data

  • Email address (used for account creation and login)

  • Encrypted password (we never store passwords in plain text)

Child profile data

We collect only the minimum information necessary about children:

  • First name (entered by the parent)

  • Year group (entered by the parent)

We do not collect children's surnames, dates of birth, photographs of children, school names, addresses, or any other identifying information.

Conversation data

  • Text messages sent and received during Critical Friend conversations

  • Photos of completed homework uploaded by the child (image data only — we do not use facial recognition or identify people in images)

  • The pathway used (Homework, News, Experience, Activity, or Daily Challenge)

  • Date and time of each conversation

Usage data

  • Daily streak counts

  • Badges earned

  • 3. How We Use Your Data

    We use the data we collect for the following purposes:

    • To provide the Critical Friend service — including generating AI-powered critical thinking conversations

    • To allow parents to view their child's conversation history in the parent dashboard

    • To track streaks and award badges to encourage consistent engagement

    • To authenticate parent accounts securely

    • To manage subscriptions and process payments (via Apple's in-app purchase system)

    We do not use your data for advertising, profiling, or any purpose not listed above.

4. AI and Third Party Services

Anthropic (Claude AI)

Critical Friend uses Claude, an AI developed by Anthropic, to power its conversations. When a child engages in a conversation, the text of that conversation (including any context provided) is sent to Anthropic's servers to generate a response.

Conversation data sent to Anthropic is processed in accordance with Anthropic's Privacy Policy. We do not send children's names or identifying information to Anthropic — only the content of the conversation and the child's year group.

Anthropic's privacy policy can be found at: anthropic.com/privacy

Supabase

We use Supabase to store account data, child profiles, and conversation history securely. Supabase servers are located in the European Union (Ireland), in compliance with UK GDPR data transfer requirements.

Supabase's privacy policy can be found at: supabase.com/privacy

Apple

If you purchase a Critical Friend subscription, payment is processed by Apple through their in-app purchase system. We do not receive or store your payment card details. Apple's privacy policy applies to all payment transactions.

External links

The News pathway contains links to third party news websites recommended for young readers, including BBC Newsround, First News, National Geographic Kids, The Week Junior, Time for Kids, and Tween Tribune. These links open in an external browser. We are not responsible for the content or privacy practices of these third party websites. Parents and guardians are advised to supervise their child's use of external links.

5. Children's Privacy

Critical Friend is designed to be used by children under the supervision of a parent or guardian. We take children's privacy extremely seriously and have built the app with the following safeguards:

  • Children do not create their own accounts — they access the app through their parent's account

  • A parent or guardian must confirm their role at the point of account creation

  • We collect only a first name and year group from children — no other identifying information

  • The parent dashboard is protected by Face ID or Touch ID, giving parents full oversight of their child's conversations

  • The AI is instructed never to request personal information from children

  • The AI is instructed to redirect or refuse any inappropriate, harmful, or sensitive conversations

  • Parents can delete their child's conversation history and account at any time directly within the app

This app is intended for children aged 7-14. We do not knowingly collect data from children under 7 without explicit parental consent.

A note for users in the United States

Critical Friend is committed to complying with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 in the United States without verifiable parental consent. Account creation requires confirmation that the account holder is a parent or guardian. If you believe we have inadvertently collected information from a child under 13 without parental consent, please contact us immediately at matt@criticalfriend.app and we will delete it promptly.

6. Legal Basis for Processing

Under UK GDPR, we process personal data on the following legal bases:

  • Contract — to provide the Critical Friend service you have signed up for

  • Legitimate interests — to improve the app and ensure its safety

  • Legal obligation — to comply with applicable laws and regulations

7. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account data is retained until you delete your account

  • Child profiles are deleted when you remove them or delete your account

  • Conversation history is retained according to your chosen preference, which you can set and change at any time in the Parent Dashboard

Conversation history retention options:

  • 1 month — conversations older than 30 days are automatically deleted

  • 3 months — conversations older than 90 days are automatically deleted

  • 6 months — conversations older than 180 days are automatically deleted

  • Keep until I delete them — conversations are retained until you manually delete your account

Your chosen retention preference applies to all child profiles on your account. You can change your preference at any time by opening the Parent Dashboard and selecting a new option under Conversation History Settings.

You can delete your account and all associated data at any time directly within the app by going to the Parent Dashboard and selecting Delete Account. You may also request deletion by contacting us at matt@criticalfriend.app.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

•       Right of access — to request a copy of the personal data we hold about you

•       Right to rectification — to correct inaccurate or incomplete data

•       Right to erasure — to request deletion of your personal data

•       Right to restriction — to restrict how we process your data

•       Right to data portability — to receive your data in a machine-readable format

•       Right to object — to object to certain types of processing

To exercise any of these rights, please contact us at the email address provided above. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

9. Data Security

We take data security seriously and have implemented the following measures:

  • All data is transmitted over encrypted HTTPS connections

  • Passwords are encrypted and never stored in plain text

  • The parent dashboard is protected by device biometric authentication (Face ID or Touch ID)

  • API keys and server credentials are stored securely and never exposed in the app

  • Row-level security is enforced in our database so users can only access their own data

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page and notify users through the app. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Matthew Phillips

Email: matt@criticalfriend.app

Country: England, United Kingdom

We aim to respond to all enquiries within 5 working days.