When a child’s inbox is involved.

01 · Scope & relation to main Terms

This document fills in the Family-specific parts.

Our Terms of Service and Privacy Policy are the primary agreement between you and InboxGuard. Both documents already cover how we scan email for phishing, what we keep, what we discard, your rights as a user, and how billing works. Everything there continues to apply.

This addendum supplements those documents for Family plan accounts only. Where a conflict exists between this addendum and the main Terms or Privacy Policy on a Family-specific matter, this addendum takes precedence. On every other matter the main documents control.

The Family plan is not yet generally available. These terms are a provisional draft, will be finalised before launch, and will be re-presented for your acceptance when Family subscriptions open.

02 · Guardian, member, child

Three roles, defined.

We use three terms consistently throughout this addendum:

• Guardian — the person who opens the Family plan account, pays for it, and administers who is added. The guardian is the contracting party with InboxGuard, is named on the billing record, and receives all alerts and reports. The guardian must be an adult (18+ at account creation) and must hold legal authority — under the law of their country of residence — for any minor whose inbox is connected.
• Member — any person whose inbox is connected to the Family plan by the guardian. A member can be another adult (a spouse, an elderly relative) or a minor (the guardian’s child or a child under their legal guardianship).
• Child member — a member who is under 18 at the time their inbox is connected. Additional protections in this addendum apply to child members.

A Family plan always has exactly one guardian. If ownership of the plan is transferred (for example, to a spouse), all members must be re-consented under the new guardian.

03 · Who can be added as a member

Eligibility rules for connecting someone else’s inbox.

Adult members

An adult member must have given their own informed consent to being added to your Family plan before you connect their inbox. We will send a confirmation email to the inbox being connected; the adult member must confirm through that email. You may not add an adult member without this confirmation, and you may not add an adult member who lacks capacity to give consent (for example an elderly relative with advanced dementia) unless you hold a Lasting Power of Attorney or equivalent legal authority covering digital communications.

Child members

A child member may be added only where all of the following are true:

• You hold parental responsibility (or equivalent legal guardianship) for the child under the law of your country of residence.
• The child is at least as old as the minimum age required by the child’s email provider to hold an account (typically 13; some providers require higher in certain jurisdictions).
• You have told the child, in language they can understand and beforeconnecting their inbox, that InboxGuard will scan their incoming email, that alerts may be sent to you, and why.
• Where the child is aged 13 or above and capable of understanding what the service does, you have taken reasonable steps to obtain their assent to the monitoring. Assent is not a legal consent (you retain that role as guardian) but the child’s awareness matters.

You must not

Connecting an inbox you do not have lawful authority to connect is a material breach of these Terms. It may also be a criminal offence in your jurisdiction (in England and Wales, for example, under the Computer Misuse Act 1990 or the Investigatory Powers Act 2016). We cooperate with law-enforcement requests where legally required.

04 · Consent & lawful basis

How we’re legally allowed to process a child’s email data.

Under UK GDPR and equivalent frameworks, processing a child’s personal data requires a lawful basis. For child members connected to a Family plan, we rely on the following bases, in this order:

• Parental consent — you, as the guardian holding parental responsibility, provide consent for the processing of your child’s email data when you connect their inbox. This is the primary basis for child members below the digital age of consent (13 in the UK; 13–16 in other jurisdictions).
• Legitimate interest (safeguarding) — for child members who are above the digital age of consent (13+) and aware of the monitoring, we also rely on the legitimate interest of the guardian in safeguarding the child from online harms, balanced against the child’s reasonable expectations of privacy. We have completed a balancing assessment; a summary is available on request.
• Performance of contract — for adult members who have personally confirmed, we process under the contract formed by that confirmation.

By connecting a member’s inbox, you warrant that you have the lawful authority to do so, and you indemnify InboxGuard against any third-party claim arising from a connection you were not authorised to make (see the indemnity clause in §14 of the main Terms).

This service is not offered directly to children. Marketing, sign-up, and account creation are aimed at adult guardians. Child members interact with the service only through their guardian.

05 · What we do with a child’s inbox

The same pipeline as every other inbox, plus two added detections.

The core processing pipeline described in the Privacy Policy applies to every connected inbox, child or adult: we fetch incoming messages via the email provider’s API, analyse them for phishing and impersonation signals, store a verdict and metadata, and discard the message body after analysis. Retention windows, security controls, sub-processors, and international transfers are all the same.

For child members, two additional detection layers run on the same message:

• Inappropriate-content detection — looks for sexual, violent, self-harm, or other age-inappropriate content arriving from any sender.
• Bullying & grooming pattern detection — looks for conversational patterns associated with peer bullying, coercion, or known grooming behaviours across threads with the same sender over time.

When either layer flags a message above our confidence threshold, the guardian is notified (see §06). The flagged excerpt is retained for the period in §09 so you can review the alert; the full message body is not retained beyond the windows stated in the main Privacy Policy.

06 · Bullying & inappropriate-content alerts

What an alert is — and what it isn’t.

An alert is an automated, probabilistic signal. It tells you our system believes a particular message or thread may warrant your attention as the child’s guardian. It is not a finding of fact, a verdict on the sender, or a determination that harm has occurred.

Alerts include the minimum content needed to explain why the system flagged the message — typically the sender, timestamp, a short excerpt, and the category of concern. We do not forward the entire message to you; you remain reliant on the child’s own access to their inbox for the full conversation.

You agree to use alerts solely for the safeguarding of the child member. You agree not to publish, share outside the household, or use alerts as the basis of any adverse action against the child or the message sender. Misuse of alerts is a material breach of these Terms.

07 · What we don’t do with a child’s data

Hard limits on processing of minor-connected data.

08 · Member & child rights

Data subject rights apply to every member.

A child member has the same data protection rights as every other individual under UK GDPR (and equivalent regimes): access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent. These rights can be exercised:

• By the guardian, on the child member’s behalf, from the guardian’s Settings page or by contacting us through our contact page.
• By the child member personally, if they contact us directly and are able to demonstrate that they understand what they are asking for. In line with ICO guidance, a child who is capable of understanding a right is generally capable of exercising it. We will verify identity proportionately.

Where a conflict arises between a child member’s direct request and the guardian’s position — for example, a 15-year-old requesting erasure that the guardian has not approved — we will act in accordance with the child’s rights under applicable law. In practice this means we will usually honour a competent child’s erasure request even if the guardian objects, after giving the guardian reasonable notice.

A child member may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or the equivalent supervisory authority in their jurisdiction, at any time, without going through us first.

09 · Retention & deletion

How long we keep a child member’s data.

You can disconnect a member’s inbox at any time from Settings; disconnection stops new processing immediately. You can also request full deletion of a member’s data (not just disconnection) from the same screen, in which case we erase within 30 days except where we are legally required to retain specific records (for example, the billing record).

10 · Safeguarding disclosures

What we do if we see a credible threat to a child.

If our detection systems identify content that suggests a credible, imminent threat to the safety of a child member — for example, evidence of grooming, sexual exploitation, or an imminent risk of serious harm — we will normally:

• Notify the guardian through the usual alert channel, with higher priority and a clear description of why the alert was raised.
• Preserve the flagged content in secure storage beyond our normal retention window, to the extent necessary for investigation or a lawful report.
• Reserve the right, but not the obligation, to make a report to an appropriate authority (in the UK, typically the National Crime Agency’s CEOP Command or local police) where we believe in good faith that a report is necessary to protect the child and is consistent with our legal obligations.

We do not promise to make such a report, and the primary safeguarding responsibility remains with the guardian. Where we make a disclosure, we will inform the guardian as soon as we lawfully can, unless doing so would prejudice an investigation.

Nothing in this addendum limits our obligation to comply with a valid legal process (court order, search warrant, statutory information request), as described in §06 of the main Privacy Policy.

11 · Coming of age

When a child member becomes an adult.

When a child member turns 18, the legal basis for processing their data changes: the guardian no longer holds parental responsibility for data protection purposes, and only the (now-adult) member themselves can consent to continued processing.

Thirty days before a child member’s 18th birthday (where we hold a date of birth for them), we will:

• Notify the guardian that processing under parental consent is ending.
• Send a message to the member’s connected inbox explaining the service, their rights, and giving them three clear options:
  • Confirm continued inclusion on the guardian’s Family plan, as an adult member.
  • Claim the account themselves — transferring the subscription slot to a separate, self-managed InboxGuard account.
  • Request disconnection and deletion of their historical data.

If the member does not respond within 30 days of their 18th birthday, we will automatically disconnect their inbox and pause processing. We will retain the minimum audit log described in §09 and will delete all other data at the guardian’s or the member’s request.

If we do not hold a date of birth for the child member, this transition is triggered by the guardian updating their status in Settings, or by the member contacting us directly.

12 · Changes to this addendum

We notify you before material changes take effect.

We may update this addendum — for example, to reflect new regulatory guidance from the ICO or equivalent authorities, to add a safeguarding partner, or to adjust how alerts work. Every version is dated and archived.

When a change is material — for instance, broadening the categories of content we analyse, extending retention, or adding a new sub-processor for minor data — we will notify the guardian by email at least 30 days before the change takes effect, with a plain-English summary of what has changed and why. You can disconnect affected members before the change takes effect if you do not agree to it.

13 · Contact & complaints

How to get in touch about this addendum.

Questions about the Family plan, a specific alert, a member’s rights, or anything else in this document should come through our contact page under the Privacy category. Family matters are routed to a dedicated reviewer and we aim to respond within three business days.

If you are unhappy with how we have handled a Family-related privacy request, you are entitled to lodge a complaint with a supervisory authority:

• United Kingdom: Information Commissioner’s Office (ico.org.uk)
• European Union: the supervisory authority in your member state
• Other jurisdictions: your national data protection authority

This addendum is a draft prepared in advance of the Family plan going on sale. It has not yet been reviewed by external legal counsel and does not constitute legal advice. Final wording, dates, and rights may change before the plan launches.