Safety & Compliance
We treat your data
like our own
Gestalts was built by parents for our own daughter, Olivia. When we designed the app's security and privacy features, we asked ourselves: "Would we trust this with Olivia's information?" The answer had to be an unequivocal yes.
We implement privacy-by-design principles from the ground up. That means collecting only the minimum data necessary, encrypting everything, giving you complete control over your information, and never selling your data.
PROTECTION
Enterprise Security
Industry-standard protection for every piece of data you record.
AES-256 Encryption
All data is encrypted at rest using industry-standard AES-256 encryption. Your family's information is protected with the same security used by banks and governments.
TLS 1.2+ in Transit
All data transmission between your device and our servers uses TLS 1.2 or higher encryption, preventing interception during transfer.
Sovereign Storage
For Australian users, we prioritize storing data in local data centers where technically feasible to ensure data sovereignty.
Cloud Infrastructure
We leverage enterprise-grade security infrastructure, including advanced threat protection and strict access controls.
Minimal Retention
Original photos uploaded for avatar creation are processed and immediately deleted. Only stylized AI illustrations are saved.
Active Moderation
AI interactions are monitored for concerning content. Flagged content triggers crisis resources and safety reviews.
PRIVACY FIRST
Our Privacy Commitments
We believe privacy is a human right, especially when it comes to the developmental journey of children.
We never sell your data
Your family's information will never be sold, rented, or traded to third parties for marketing purposes. Period.
You control your data
Access, modify, export, or delete your data anytime. You can delete individual entries or your entire account with one click.
Minimal data collection
We collect only what's necessary to provide value. No surnames, addresses, or unnecessary identifiers for your children.
Transparent practices
Our Privacy Policy and Terms are written in plain language. No hidden clauses or confusing legal jargon.
GLOBAL STANDARDS
Legal Compliance
How we meet global standards for data protection and user rights.
Australian Privacy Act
We comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles.
GDPR Compliance
For European users, we meet data minimization and erasure requirements.
COPPA Standards
For US users, we comply with the Children's Online Privacy Protection Act.
Consumer Law
Our Terms comply with Australian Consumer Law and transparency standards.
TRUST
Transparency Matters
In the unlikely event of a security concern, we believe in radical transparency.
72-Hour Notification
Users notified within 72 hours of discovery
Full Disclosure
Clear explanation of impact and steps taken
Regulatory Reporting
Mandatory reporting to OAIC & relevant bodies
Incident Mitigation
Active response and insurance safeguards
Questions about safety?
We're parents first. If you have any concerns or questions about our security practices, we're here to listen.