Privacy Policy

Last updated: April 3, 2026

Overview

Zahava Media ("the App") is a parental control application that provides a filtered YouTube viewing experience for families. The App is available as a web application, iOS application, and Android application. This privacy policy explains how we collect, use, store, and protect your information across all platforms.

Information We Collect

When you use our App, we may collect the following information:

• Account Information: When you create an account or sign in, we collect your email address and name. If you sign in with Google, we receive your name, email address, and profile picture from Google. This information is used for authentication and account management.
• YouTube Data (Read-Only): We use the YouTube Data API v3 to fetch publicly available video metadata such as titles, thumbnails, view counts, and durations from channels you have allowed. We do NOT access your personal YouTube account data, subscriptions, playlists, or viewing history on YouTube.
• App Settings: Channel allowlists, time limit preferences, profile configurations, and parental control settings you create are stored in Google Cloud Firestore.
• Watch History: Videos watched within our App are logged for the parent dashboard. This data is stored per-family and is not shared with third parties.
• Usage Data: Daily usage minutes are tracked locally on your device and in Firestore to enforce time limits set by parents.
• Device Information: We may collect basic device identifiers for the purpose of device pairing and push notifications.

Cookies, Local Storage, and Similar Technologies

The App stores, accesses, and collects information directly and indirectly on or from users' devices using cookies and similar technologies, including browser local storage, session storage, and IndexedDB. Specifically:

• Authentication Tokens: We store authentication tokens in your browser's local storage to keep you signed in between sessions.
• Session Data: We use session storage to maintain your current session state, including two-factor authentication verification status.
• App Preferences: User preferences such as selected profiles, display settings, and cached data are stored in local storage on your device to improve performance and provide a seamless experience.
• Firebase SDK: The Firebase services we use (Authentication, Firestore, Cloud Messaging) may set cookies and use local storage for session management, caching, and functionality.
• YouTube Embedded Player: When videos are played within the App, the embedded YouTube player (served from youtube-nocookie.com) may set cookies or use local storage as part of its standard operation. These are governed by the Google Privacy Policy.

We do not use cookies or similar technologies for advertising, tracking across third-party websites, or profiling. All stored data is used exclusively to provide and improve the App's functionality.

How We Use Your Information

• To authenticate your identity and provide secure access to the App
• To fetch and display videos from your allowed YouTube channels
• To enforce parental controls (channel filters, time limits, safe search, blocked search terms)
• To display watch history and usage statistics on the parent dashboard
• To send push notifications for blocked search alerts (if enabled by the parent)
• To send transactional emails (account verification, two-factor authentication codes, password resets)

YouTube API Services

This App uses the YouTube API Services. By using this App, you are also agreeing to be bound by the Google Privacy Policy.

We access YouTube data exclusively in read-only mode through server-side API calls. We do not modify, upload, delete, or interact with your YouTube account in any way. The YouTube API is used only to:

• Retrieve video metadata (title, thumbnail, duration, view count) from parent-approved channels
• Search for videos with safe search filtering enforced
• Retrieve channel information (name, thumbnail) for display in the channel management settings

YouTube API data is cached temporarily in Firestore to reduce API usage. This cache contains only publicly available video metadata and no personal user data. Cached data is refreshed periodically and is not retained beyond its operational purpose.

Data Storage and Security

• App settings and watch history are stored in Google Cloud Firestore, protected by security rules that require authentication and restrict access to authorized users only.
• Personally identifiable information (PII) is encrypted using AES-256-GCM encryption before storage.
• Passcodes are hashed using PBKDF2-SHA256 with 100,000 iterations and a per-user salt before storage. We never store plain-text passcodes.
• Two-factor authentication codes are transmitted via encrypted email and expire after 10 minutes.
• All data transmission uses HTTPS encryption.
• Authentication tokens are stored locally on your device and are not transmitted to third parties.

Data Sharing

We do NOT sell, trade, or share your personal information with third parties. Your data is used exclusively to provide the App's functionality. We use the following third-party services to operate the App:

• Google Firebase: Authentication, database (Firestore), cloud functions, and hosting (governed by Firebase Privacy Policy)
• YouTube API Services: Video metadata retrieval (governed by Google Privacy Policy)
• Sentry: Error monitoring and crash reporting — collects technical error data (stack traces, browser type) to help us diagnose issues. No personally identifiable information is transmitted (governed by Sentry Privacy Policy)
• CookieYes: Cookie consent banner management for GDPR compliance (governed by CookieYes Privacy Policy)
• iCount: Payment processing and invoicing for subscriptions — handles billing information directly (governed by iCount Privacy Policy)
• Email Service: Transactional emails for authentication and notifications

These services process data only as necessary to provide the App's functionality and are subject to their own privacy policies.

Data Retention and Deletion

We retain your data only for as long as your account is active or as needed to provide the App's services. You can request deletion of your account and all associated data at any time by:

• Contacting us at support@zahavamedia.com to request complete data deletion

Upon receiving a deletion request, we will remove all personal data from our systems within 30 days. Signing out of the App clears locally stored data on your device.

You can also revoke the App's access to your Google Account at any time via Google Account Permissions.

Children's Privacy

This App is designed to be set up and managed by parents or guardians. Children use the App under parental supervision with restricted access controlled by the parent's passcode. We do not knowingly collect personal information directly from children under 13. All account creation and management is performed by the parent or guardian.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• The right to access the personal data we hold about you
• The right to request correction of inaccurate data
• The right to request deletion of your data
• The right to withdraw consent for data processing
• The right to data portability

To exercise any of these rights, please contact us at support@zahavamedia.com.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us at:

Zahava Media
Email: support@zahavamedia.com