Security

Built to protect the kids
you're protecting.

You control what gets collected.

221Buddy collects only the data categories you choose to enable. Nothing is collected by default — every type of monitoring is turned on explicitly by the parent account holder.

Messages

Text messages, iMessages, and chat conversations from monitored devices.

Photos

Images and media files stored on or shared from the monitored device.

Contacts

Contact names and numbers from the device address book.

Location

Device location data at intervals you configure.

Data that doesn't linger.

Message content, photos, and other monitored data are automatically and permanently deleted after 7 days. There is no archive. There is no manual step required.

Behavioral metadata — things like how many messages were received in a day — is retained longer so you can understand how your child's patterns shift over time. This metadata contains no message content.

7
days
Content is automatically deleted

Access Control

Your account. Your data.

Parent account only

Monitored data is accessible only through the authenticated parent account. No one else can view it — not family members on the same network, not other users.

Never sold or shared

Your child's data is never sold, shared with advertisers, or disclosed to third parties except as required by law. It exists only to serve your account.

No advertising use

Monitored device data is never used to build advertising profiles, train external models, or inform anything beyond the monitoring service itself.

Encrypted by design.

Security is not an afterthought. It is built into how data moves through and rests within our system.

Encrypted in transit

All communication between your device and our servers is encrypted using TLS. Data is never transmitted in plain text.

Encrypted at rest

Stored data is protected with AES-256 encryption. Even at the storage layer, your data is unreadable without proper authorization.

Access restricted by design

Access controls are enforced at the application layer. Only authenticated, authorized account holders can reach monitored data.

Security monitoring

We conduct regular security reviews and monitor for anomalous access patterns across our infrastructure.

Found a vulnerability?

We take security reports seriously. If you've discovered a potential issue, please reach out directly. We'll investigate promptly and respond in good faith.

Report a Vulnerability

Please do not publicly disclose vulnerabilities before we've had a chance to review and respond.