Tuck Me In

Privacy

A small policy for a small product.

Tuck Me In is a parental-control product built by SuperDarkCode Labs (Pvt) Ltd ("we", "us", "our"). This page explains what data we collect, why, who else touches it, how long we keep it, and the rights you have over it.

This is written in plain language. If anything here is unclear or you'd like a copy in another form, email tuckmein@localhost.co.zw.

The short version

We collect the smallest amount of data we can to make the product work - your phone number, payment receipts, and the device data needed to enforce the rules you set on your child's phone. We do not read messages, record audio or screens, or run "AI threat detection." We never sell data. You can ask for an export or deletion at any time.

On this page

  1. Who runs Tuck Me In
  2. Parent account data
  3. Child device data
  4. What we deliberately do not collect
  5. Why we collect it
  6. Who else touches it
  7. How long we keep it
  8. Security
  9. Children and parental authority
  10. Your rights
  11. Changes to this policy
  12. Contact

1. Who runs Tuck Me In

SuperDarkCode Labs (Pvt) Ltd, registered in Zimbabwe. We're the "data controller" for the personal data described below. Our contact details are at the end of this page.

2. Parent account data

When you sign in to the parent app, we store:

3. Child device data

The Tuck Me In agent runs on your child's phone under your authority as their parent or legal guardian. While it's installed and paired, the agent uploads the following to our server so the parent app can show you what's happening:

4. What we deliberately do not collect

These are explicit product non-goals. They're not on a roadmap; we will not add them later. Several of them are technically possible on Android with the permissions the agent has, but we don't want to build that kind of product.

5. Why we collect what we do

Under the Zimbabwe Cyber and Data Protection Act, 2021 we process this data on the following lawful bases:

6. Who else touches it

We use a small number of vendors to deliver the service:

We do not share data with any other third parties, except where legally compelled (e.g. a valid court order). If that happens we'll try to notify the affected user unless the order forbids it.

7. How long we keep it

8. Security

All traffic between your phones and our server is encrypted with TLS. Payment instrument data (card numbers, EcoCash PINs) never crosses our server - Pesepay's hosted page collects it directly. Your tamper PIN is hashed on the server using Django's password hasher before storage; we can't read it back.

The database is on a private Linux VPS in Germany with full-disk encryption and SSH-key-only access. We can't promise no security incident will ever happen - anyone who tells you that is lying - but if one does we'll notify affected users promptly and in plain language.

9. Children and parental authority

The Tuck Me In agent is designed to be installed on a minor's device by their parent or legal guardian, who configures and monitors the rules through the parent app. The parent is the primary user of the service; the child's data is processed under the parent's authority for the child's safety and welfare.

The child does not have their own account on our service. They interact with the agent only through the lock-screen on their own phone - for example, by tapping "ask for more time," which sends a request to their parent. We do not collect personal data from the child in the sense the law contemplates; we collect device-level data under parental authority.

If you are not the parent or legal guardian of the user whose device you are managing - for example, if you have installed the agent on the device of an adult who has not consented - you are misusing the service in breach of our Terms of Service. Please uninstall it.

10. Your rights

You have the right to:

To exercise any of these, email tuckmein@localhost.co.zw from the address tied to your account, or from a phone signed in to the account. We'll respond within 30 days.

11. Changes to this policy

If we change anything material about how we handle your data, we'll bump the "last updated" date at the top of this page and - for changes that expand collection or sharing - show an in-app notice the next time you open the parent app. We won't retroactively apply broader uses to data we already collected under a narrower policy.

12. Contact

SuperDarkCode Labs (Pvt) Ltd
Harare, Zimbabwe
tuckmein@localhost.co.zw