Trust
Security
This page is maintained by PocketGrow to explain the security controls currently in place. It is not an independent certification or audit report. Customise with your security lead before publishing.
Accounts & access
- Parent and carer accounts use email + password authentication.
- Child and teen profiles are created and managed by the parent account.
- Administrative tools live behind a separate, parent-only login.
Data in transit & at rest
All connections to PocketGrow use HTTPS. Data is stored with our managed backend provider using their platform-level encryption at rest.
Children's data
We minimise what we collect from child profiles and never share them with advertising networks. Parents can delete a child profile at any time from the parent dashboard.
Subprocessors
A current list of subprocessors is available on request from /contact.
Report a vulnerability
If you believe you've found a security issue in PocketGrow, please email us with details and steps to reproduce. We aim to acknowledge reports within two business days. Please don't access data that isn't yours, and give us a reasonable window to fix issues before public disclosure.