Pax Protect
Legal

Privacy Policy

Last updated 2026-05-29

1. About this policy

Pax Protect is a family web monitoring tool. Parents install our Chrome extension and macOS configuration profile on their kids' Macs to see what those kids are searching, asking AI chat tools, and trying to access — while quietly blocking inappropriate sites at the DNS layer before they ever load. This policy describes what data we collect, how we use it, who we share it with, and how long we keep it.

Pax Protect is operated by 10fold Solutions LLC (“we,” “us,” or “Pax Protect”). The product is designed for parents (the “account owner” or “parent”) to monitor their own children's online activity on devices the parent owns and has installed Pax Protect on with the parent's consent. If you are not a parent installing Pax Protect on a device you own, this product is not for you.

2. Information we collect

From the parent (account owner)

  • Account information. Email address, password (stored hashed), display name.
  • Notification preferences. The email address where digest emails and real-time alerts should be sent, the time of day digests fire, and whether real-time alerts are enabled.
  • Child profiles. First name, optional date of birth, optional gender, optional notes — all entered by the parent for their own reference inside the dashboard.
  • Device information. Hostname, OS version, and Pax Protect agent version of each enrolled Mac.
  • Third-party credentials. If the parent uses their own AdGuard DNS account (rather than the Pax Protect platform's shared one), the AdGuard API key. If the parent uses their own Apple Developer signing certificate, the certificate file and password. Both are stored encrypted at rest.

From the kid's Mac (via the Pax Protect Chrome extension)

  • Search queries. When the kid runs a search on Google, Bing, DuckDuckGo, Yahoo, or YouTube, we capture the search engine name, the query text, and the URL.
  • AI chat prompts. When the kid sends a prompt on ChatGPT, Claude, or Gemini, we capture the prompt text and which provider it was sent to. We do not capture the AI's response.
  • YouTube video views. When the kid opens a YouTube video, we capture the video ID, video title, channel name, and URL.
  • Blocked-site attempts. When a navigation fails because DNS rejected the domain (e.g., the site was on a blocklist), we capture the attempted URL.
  • Heartbeat metadata. Every five minutes the extension reports that it is still running, along with the OS family (e.g. “mac”) and extension version.

From the kid's Mac (via the configuration profile)

The Pax Protect .mobileconfig profile pins the Mac's system DNS resolver to a per-child encrypted DNS endpoint (dns.paxprotect.com). DNS resolution and category-based content filtering are provided by our DNS sub-processor, AdGuard DNS, which receives DNS queries from the kid's Mac for the sole purpose of resolving them and applying the filtering rules configured by the parent. AdGuard sees these queries as part of providing the resolution service; please refer to AdGuard DNS's privacy policy for their handling. Pax Protect itself does not receive a copy of every DNS query — we only receive the data captured by the Chrome extension above and the events the parent triggers from the dashboard.

From server logs

Like nearly every web service, our servers log incoming HTTP requests for security and debugging purposes. These logs include request IP addresses, user agent strings, request timestamps, and response codes. They are retained for 30 days and are not used for analytics or advertising.

3. How we use information

The information described above is used solely to:

  • Display captured activity in the parent's family dashboard (web app at paxprotect.com).
  • Send daily digest emails and real-time alert emails to the parent's notification email address.
  • Show the parent which devices are enrolled, healthy, stale, or tampered with.
  • Provision and manage per-child DNS profiles at AdGuard DNS, applying the parent's rules (allow lists, block lists, categories, screen-time schedules).
  • Generate signed device enrollment profiles (.mobileconfig files) when the parent has supplied a signing certificate.
  • Operate, secure, and improve the service.

We do not use captured data for advertising, machine-learning training, behavioral profiling outside the family account, or any purpose unrelated to delivering the product to the parent who installed it.

4. Data sharing & sub-processors

We do not sell or rent personal data. We share data only with the following sub-processors strictly as needed to deliver the service:

  • AdGuard DNS — provides DNS resolution and category-based content filtering. We use AdGuard's API to provision a per-child DNS profile for each enrolled child and to apply the parent's rules to it. The kid's DNS queries flow directly from the Mac to AdGuard DNS (via the dns.paxprotect.com custom-domain endpoint) as a function of the installed configuration profile. AdGuard's privacy policy applies to those queries; see the link in section 2 above.
  • Postmark — delivers daily digest emails and real-time alert emails to the parent. Postmark receives the parent's notification email address and the contents of the email being sent.
  • Our hosting provider — runs the Pax Protect backend on a VPS with industry-standard physical and network security.

We do not share captured search queries, AI prompts, video views, or blocked-site attempts with any third party other than the parent who controls the account.

5. Data retention

We keep data only as long as it is useful to the parent or required for the service to function:

  • Captured events (searches, AI prompts, YouTube views, blocked attempts): retained for up to 90 days in the live database, after which they may be archived or deleted at our discretion.
  • Account, child, and device records: retained as long as the account is active. Deleted within 30 days of account closure.
  • Server request logs: retained for 30 days.
  • Email delivery records (Postmark): retained per Postmark's policy.

6. Children's data & parental consent

Pax Protect is designed for parents to monitor their own children. The product is installed by a parent on a device the parent owns and controls; the act of installing the .mobileconfig profile and the Chrome extension on the kid's Mac constitutes the parent's explicit, verifiable consent to the collection of activity data from that device. The parent is the sole party with access to the captured data through the dashboard.

We do not directly collect personal information from children, and we do not provide kids with any user-facing interface to create accounts or interact with us. Captured activity is treated as data belonging to the parent's family account and is governed by this policy throughout its lifecycle.

Parents who wish to delete their children's captured activity can do so by removing devices, removing children, or closing the family account from the dashboard, or by emailing the address in section 9 below.

7. Security

We protect data in transit using TLS, hash account passwords with industry-standard algorithms (bcrypt via Laravel), encrypt sensitive credential columns (DNS provider API keys, Apple Developer cert and password) at the application layer before storing them in the database, and tightly scope every database query to a single account via tenant boundaries enforced at the ORM level. Per-device API access is authenticated via cryptographically random per-device bearer tokens.

No service is perfectly secure. If we discover a security incident affecting a parent's data, we will notify the affected account's notification email address without undue delay.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you and your family.
  • Correct inaccurate or incomplete data.
  • Delete your account and all associated data.
  • Export your data in a portable format.
  • Object to or restrict certain processing activities.
  • Lodge a complaint with a relevant data protection authority.

Most of these can be done directly from the family dashboard (Account → Data & privacy). For anything not available in the dashboard, email the address in section 9.

9. Contact us

Questions about this policy, requests for data access or deletion, or anything else privacy-related:

help@paxprotect.com

10. Changes to this policy

We may update this policy as the product evolves or as required by law. When we do, we will update the “Last updated” date at the top of this page. Material changes will be announced via the dashboard and to the parent's notification email.

© 2026 10fold Solutions LLC · Pax Protect