Privacy Policy

Last Updated: January 11, 2026

MiddlePoint Solutions S.L. ("MiddlePoint", "we", "us", or "our") operates the TV Control for Parents (TVCP) web portal, mobile applications, and TV applications (collectively, the "Services").

This Privacy Policy explains how we collect, use, process, disclose, and safeguard your information when you use our Services.

By accessing or using the Services, you agree to the practices described in this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

MiddlePoint Solutions S.L. Spain
Email: hello@middlepoint.io
Website: www.middlepoint.io

2. Information We Collect

We collect information necessary to provide parental control functionality, subscription services, and service improvement.

A. Information You Provide to Us

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (processed securely via authentication services)

If you use:

  • Sign in with Apple
  • Sign in with Google

We receive your name and email address from the respective provider, subject to your authorization.

Subscription and Purchase Information

When you purchase a subscription through Apple App Store or Google Play:

  • Subscription status
  • Transaction identifiers
  • Purchase receipts
  • Renewal and expiration dates

Payments are processed by Apple or Google. We do not collect or store your payment card details.

Subscription validation and management may be handled via RevenueCat.

Support Communications

If you contact us, we collect:

  • Email address
  • The content of your message

B. Information Collected Automatically

When you use the Services, certain information is collected automatically.

Device Information

  • Device model and manufacturer
  • Operating system version
  • IP address
  • Unique device identifiers
  • Firebase Cloud Messaging (FCM) push notification token

This information is necessary to pair devices, enforce controls, and deliver notifications.

Installed Applications (Parental Control Functionality)

To provide app blocking and monitoring features, the TV application collects:

  • Installed application names
  • Application package identifiers

This data:

  • Is collected solely at the direction of the parent or legal guardian
  • Is used exclusively to provide parental control functionality
  • Is not used for advertising
  • Is not sold or shared for marketing purposes

We do not analyze installed applications for profiling or advertising.

Usage Data

We collect information about how the Services are used, including:

  • Screen views
  • Feature usage
  • Session interactions
  • Performance metrics

This data is used solely for improving functionality, performance, and user experience.

Crash and Diagnostic Data

We collect crash logs and technical diagnostics, including:

  • Device state at the time of crash
  • Error logs
  • Operating system version

This information is used strictly to identify and resolve technical issues.

3. How We Use Your Information

We use collected data to:

  • Create and manage user accounts
  • Pair TV devices with parent accounts
  • Enforce screen time limits
  • Block or manage installed applications
  • Display installed applications in the Guardian Portal
  • Validate and manage subscriptions
  • Send administrative communications
  • Deliver push notifications
  • Improve stability and performance
  • Detect fraud, abuse, or misuse
  • Comply with legal obligations

We do not use personal data for advertising purposes.

We do not sell personal information.

We do not engage in cross-context behavioral advertising or cross-app tracking.

4. Third-Party Service Providers

We use trusted third-party providers to operate and improve the Services. These providers process personal data on our behalf under contractual safeguards.

Supabase

Used for backend infrastructure and secure database storage of account, device, and service-related data.

Cloudflare

Used for content delivery (CDN), web performance optimization, and security (including DDoS protection). Cloudflare may process IP addresses and request metadata.

Firebase (Google LLC)

Used for authentication infrastructure, cloud services, and push notifications.

Google Analytics for Firebase

Used for product usage analytics and performance monitoring. Advertising features are not enabled.

Sentry

Used for crash reporting and technical diagnostics.

RevenueCat

Used for subscription management and receipt validation.

Apple and Google Authentication Services

Used to provide secure login functionality.

All providers act as data processors and are contractually required to: process data only under our instructions, apply appropriate security measures, and not use your data for independent marketing purposes.

5. Data Sharing

We do not:

  • Sell personal information
  • Share personal data for advertising
  • Use data brokers
  • Engage in cross-app tracking

We only share data with service providers necessary to operate the Services.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we rely on:

Performance of a Contract

To provide parental control features, manage accounts, and process subscriptions.

Legitimate Interests

To improve service security, stability, and performance.

Consent

Where required under applicable law.

7. International Data Transfers

Personal data may be processed outside your country of residence. Where required, we implement appropriate safeguards such as Standard Contractual Clauses.

8. Data Retention

We retain personal data only as long as necessary:

  • Account Data: Until account deletion
  • Device and Installed App Data: Until device unpairing or account deletion
  • Subscription Data: As required for billing and compliance
  • Analytics and Diagnostic Data: Limited retention for service improvement

You may request deletion of your account at any time by contacting us.

9. Your Rights

GDPR (EEA Residents)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Request data portability

To exercise these rights, contact: hello@middlepoint.io

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect
  • Request deletion
  • Request correction
  • Opt out of sale or sharing (we do not sell or share data)
  • Non-discrimination for exercising privacy rights

10. Children's Privacy

The Services are intended for parents or legal guardians.

Device-related data collected from a child's device:

  • Is collected solely at the direction of a parent or legal guardian
  • Is used exclusively to provide parental control functionality

We do not knowingly collect personal information directly from children under 13 without verifiable parental consent obtained through account setup and device pairing.

If you believe information has been collected without authorization, please contact us.

11. Security

We implement appropriate technical and organizational measures, including:

  • Encrypted communications (HTTPS)
  • Secure cloud infrastructure
  • Restricted access controls
  • Authentication protections

However, no method of transmission or storage is completely secure.

12. Advertising and Tracking

We do not:

  • Use personal data for advertising
  • Sell personal data
  • Engage in cross-app behavioral advertising
  • Use third-party data brokers

Analytics are used solely for internal product improvement and service optimization.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last Updated" date.

14. Contact Us

If you have any questions regarding this Privacy Policy: