book 10x and get 1 hour free
Privacy Policy
Effective as of: [INSERT DATE BEFORE PUBLISHING]
GuardianPlay is a digital safety supervision service operated by Ann Margarette Gonzales, a sole proprietor registered in the Republic of the Philippines under DTI Registration No. [XXXXX] and compliant with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173).
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, GuardianPlay is the Data Controller for all personal data processed in connection with our services.
Contact: hello@guardianplayservices.com | [guardianplayservices.com]
1. Who We Are
Our commitment in plain language: We collect only what we need. We never sell your data. We never share it for advertising. You can ask us to delete it at any time. We will always tell you clearly what we do with it.
2. What Data We Collect and Why
DATA ELEMENT
Parent first name
Parent at booking
We collect only the data necessary to deliver and document our service safely. Every element we collect is listed below — we collect nothing that is not in this table.
SOURCE
PURPOSE
LEGAL BASIS
Session communication and reporting
Contract performance
Parent email address
Parent at booking
Confirmation, reports, urgent contact
Contract performance
Country and timezone
Parent at booking
Scheduling and applicable law
Legitimate interest
Urgent contact method and number
Parent at booking
Emergency contact during live sessions only
Contract / child safety
Child's nickname only
Parent at booking
In-session address by guardian
Contract performance
Child's age bracket only
Parent at booking
Supervision calibration; COPPA compliance
Legal obligation
Child's in-game username
Parent at booking
Session and server access
Contract performance
Platform selected
Parent at booking
Session preparation
Contract performance
Session preferences and notes
Parent at booking
Session tailoring and restrictions
Contract performance
Consent record (IP, timestamp)
Auto-generated at submission
Legal compliance and dispute protection
Legal obligation
Payment transactionreference
Paypal
Proof of payment; tax records
Legal obligation
Session security report
Guardian post-session
Parent transparency; incident record
Contract performance
Voice recording (Tier 3 & 4 only)
During session, with consent
Safety documentation
Explicit consent
Screen recording (Tier 4 only)
During session, with consent
Transparency and safety documentation
Explicit consent
What we never collect: Child's full legal name, date of birth, school, home address, photograph, or any special category data as defined under GDPR Article 9. We do not use advertising trackers, behavioural analytics, or data brokers.
3. Children's Data — Special Protections
We treat children's personal data with the highest level of care. The following rules apply without exception.
All child data is collected from parents only. We never solicit or collect information directly from children.
We collect only what is necessary. Nickname, age bracket, and in-game username — nothing more relating to the child.
US clients (COPPA): Data relating to children under 13 is collected exclusively from the verifiable parent or guardian. It is not shared commercially. You may request deletion at any time.
UK and EU clients (UK GDPR / GDPR Art. 8): Parental consent is recorded at booking with timestamp and IP address. Children under 16 cannot independently consent.
Australian clients (Privacy Act 1988): Child data is handled per the Australian Privacy Principles. You have the right to access, correct, and request deletion of your child's data.
Canadian clients (PIPEDA): Meaningful consent is obtained from the parent. Child data is used solely for the stated purpose of delivering the service.
Philippines (Data Privacy Act 2012): We comply with the National Privacy Commission's guidelines on the processing of personal data, including data relating to minors.
4. How We Use Your Data
We use your personal information only for the following purposes:
To confirm, schedule, and manage your booked session
To assign and brief your session guardian
To conduct the supervised session safely
To contact you urgently during a session if a safety concern arises
To produce and deliver your post-session security report
To process payment and issue receipts
To maintain legally required consent and compliance records
To respond to your questions or complaints
We do not use your data for advertising, profiling, marketing to third parties, automated decision-making with significant effects, or any purpose not listed above.
5. Who We Share Your Data With
We share data only where strictly necessary. We do not sell, rent, or trade your data for any purpose.
JotForm / TidyCal (booking platform): Receives name, email, and session details to manage scheduling. Subject to their own data processing agreements.
Stripe (payment processor): Processes card payments. GuardianPlay never stores card details. Stripe is PCI-DSS Level 1 certified.
Google Drive / cloud storage: Session reports and recordings stored in encrypted, access-controlled folders. Region: [insert server location]. Access limited to session guardian and operator only.
Session guardians (contractors): Receive session-specific information only — not full client files. Bound by confidentiality agreements equivalent to this policy.
Authorities (emergency / mandatory reporting only): In a high-risk incident or mandatory reporting situation, data may be shared with child protection authorities or law enforcement without prior parental notification. See Section 9 of the Terms and Conditions.
6. International Data Transfers
GuardianPlay operates from the Philippines. Your data is transferred to and processed there when you book a session.
EU and UK clients: We rely on Standard Contractual Clauses (SCCs) and your explicit consent (recorded at booking) as the legal transfer mechanism. The Philippines does not currently hold EU adequacy status.
Australian clients: Transfer is conducted under Australian Privacy Principle 8 (cross-border disclosure) with appropriate safeguards.
Canadian clients: Transfer is conducted under PIPEDA's accountability framework. We remain responsible for data transferred to sub-processors.
US clients: No federal adequacy framework applies to Philippine transfers. COPPA compliance is maintained through parental consent and data minimisation.
7. How Long We Keep Your Data
Data Type
RETENTION PERIOD
REASON
Intake and booking data
12 months from last session
Rebooking and service continuity
Session security reports
24 months from session date
Parent access and legal record
Voice and screen recordings
30 days — then permanently deleted
Parent review window; then minimisation
Consent records
Client relationship + 3 years
Legal compliance and dispute resolution
Payment records
7 years from transaction
Philippines BIR tax legal obligation
Correspon-dence
24 months from last contact
Service continuity and dispute resolution
Data is permanently deleted or anonymised after the applicable period. You may request early deletion at any time, subject to legal retention obligations on payment records.
8. Your Rights
Access
Request a copy of all data we hold about you and your child.
Correction
Ask us to correct inaccurate or incomplete data.
Deletion
Request erasure, subject to legal retention obligations.
Restriction
Ask us to limit processing in certain circumstances.
Portability
Receive your data in machine-readable format (EU/UK clients).
Withdraw Consent
Withdraw consent at any time without affecting prior processing.
Object
Object to processing based on legitimate interest.
Complain
Lodge a complaint with your national data authority: ICO (UK), OAIC (AU), OPC (CA), or relevant EU DPA.
To exercise any right, email hello@guardianplay.com with subject line "Data Rights Request" and your booking email address. We respond within 30 calendar days at no cost.
9. Cookies and Tracking
Our website uses only essential cookies required for basic functionality. We do not use advertising cookies, behavioural tracking, or third-party analytics that profile individual visitors.
Our booking form (JotForm) and payment processor (Stripe) may set their own cookies under their respective privacy policies. If we introduce non-essential cookies in the future, we will update this policy and display a compliant consent banner.
10. Data Security
All data transmitted via our website and forms is encrypted using TLS (HTTPS)
Client folders in cloud storage are access-controlled — no shared public access
Session guardians receive only session-specific information, not full client records
Recordings are permanently deleted within 30 days — a deletion log is maintained
Card payment data is handled entirely by Stripe and never passes through GuardianPlay systems
In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours
11. Policy Updates
We review this Privacy Policy at least annually. Material changes will be communicated by email to active clients at least 14 days before they take effect. The current version is always at [guardianplay.com/privacy-policy].
12. Contact
GuardianPlay — Legal Enquiries
Operator
BUSINESS
WEBSITE
RESPONSE
ANN MARGARETTE GONZALES
GuardianPlay, DTI Reg. [XXXXX], Republic of the Philippines
hello@guardianplayservices.com
guardianplayservices.com
Within 5 business days for general enquiries
REACH OUT TO US
Professional session guardians for your child's online safety. We support, not replace, parental supervision.
© 2026 Guardian Play. A digital safety service.
hello@guardianplayservices.com
Live chat available during sessions
FOLLOW US