Safety and Compliance.
Shared Slate Ltd | Effective Date: 5 February 2026 | Status: Beta Release
1. Privacy-by-Design and No-Monitoring
1.1 No-Monitoring Commitment: The reading app is built on the principle of Total User Privacy. Unlike traditional social platforms, we do not employ automated "behavioral signaling," keyword scanning, or activity monitoring.
1.2 No Content Access: Because our video calls are Peer-to-Peer (WebRTC), the data travels directly between your device and your trusted contact. It never touches our servers. We do not have the technical capability to watch, listen to, or record your calls.
1.3 No Behavioral Profiling: We do not track how children move through the app, how long they look at specific pages, or their "velocity" of interaction for the purpose of safety modeling.
2. The "Trusted Circle" Safety Architecture
2.1 Whitelisted Connections Only: A child profile has no "searchable" presence. They cannot receive a call or a message from anyone who has not been manually added to their "Trusted Circle" by the verified Account Owner (the parent).
2.2 Verifiable Parental Consent: We use our payment processing partner to ensure every Account Owner is a verified adult, preventing unauthorized users from creating "parent" accounts.
2.3 Parental Kill-Switch: Control is entirely decentralized. Parents have a 'Revoke Access' button that instantly and permanently severs the Peer-to-Peer link. Shared Slate Ltd does not adjudicate disputes or perform global account suspensions based on private interactions we cannot see.
3. Video Calling and Data Retention
3.1 Peer-to-Peer (P2P) Architecture: Video calls are established using WebRTC. Data flows directly between users; no video or audio data ever passes through or is stored on Shared Slate Ltd servers.
3.2 Metadata Logs: We retain call metadata (IDs of participants, start/end times, and IP addresses) for 90 days for troubleshooting and safety auditing, after which it is purged.
3.3 Account Deletion: Upon a "Right to Erasure" request, we perform a hard delete of child profiles and anonymize adult account records within 1 year.
4. Data Portability and Exit Strategy
4.1 Retrieve Your Content: We believe you should own what you buy. If you choose to close your account or leave the Service, we provide a mechanism for you to retrieve the original raw ePub files you have purchased or uploaded.
4.2 The "Clean" Export: Please note that these exports consist of the raw ePub file only. Shared Slate Ltd’s proprietary enhancements—including our custom TTS metadata, reading assessments, and interactive layers—are part of our protected Service and are stripped upon export.
5. Institutional and School Compliance
5.1 FERPA Compliance: ReadWithMe is a consumer-facing tool for households. We do not maintain "Educational Records" as defined by FERPA. We do not provide dashboards, data-sharing, or reporting integrations for schools.
5.2 Institutional Limits: We do not provide teacher dashboards, bulk data exports for school districts, or LMS integrations. Any use in a classroom setting is treated as a collection of individual family accounts.
5.3 GDPR Role: When used in a professional setting, the Institution is the "Data Controller" and Shared Slate Ltd is the "Data Processor."
6. Security and Breach Notification
6.1 Infrastructure: Our primary hosting and databases are maintained in the UK (London) region via our cloud infrastructure provider.
6.2 Encryption: We use TLS/HTTPS encryption for all data in transit and AES-256 encryption at rest.
6.3 Data Breach Procedures: Upon discovery of a security incident, we will assess the risk to user rights. If a breach is likely to result in a high risk, we will notify the Information Commissioner’s Office (ICO) and affected users within 72 hours.
7. Data Processing Addendum (DPA)
7.1 Sub-Processors: Shared Slate Ltd utilizes the providers listed in Schedule A. We maintain updated DPAs with each to ensure they provide protections equivalent to those required by the UK GDPR.
7.2 Data Transfers: Any limited transfers to US-based sub-processors (e.g., for payments or identity) are governed by Standard Contractual Clauses (SCCs).
8: Cookie & Tracking Policy
8.1 Essential Cookies Only: ReadWithMe uses "Essential" cookies and local storage tokens solely to maintain your login session (via Auth0) and facilitate secure payments (via Stripe).
8.2 No Third-Party Tracking: We do not use advertising, marketing, or behavioral analytics cookies (e.g., no Google Analytics, no Meta Pixel).
8.3 Control: You can disable cookies in your browser, but the Service will fail to function as we cannot verify your identity without these secure session tokens.
Schedule A: Infrastructure Partners
Cloud Hosting - Fly.io - UK (London)
Identity & Auth - Auth0 - UK / EU
Payment & VPC - Stripe - Global
Email Delivery - Resend - Global