Privacy Policy

Last updated: March 2026  ·  We don't sell your data. Ever.

The short version

WhiteCat is a tool for parents, built by parents. Your family's data is yours. We collect only what we need to make the router and app work. We don't read your kids' browsing history. We don't build profiles on your children. We don't sell anything to advertisers. Full stop.

Who we are

For customers in the US and rest of world: White Cat Cloud Inc., 8 The Green, Dover, DE 19901, USA.
For customers in the EU/EEA: Cluster s.r.o., Rusovská cesta 15, 851 01 Bratislava, Slovak Republic — see the GDPR section below.
Questions? Email us at [email protected]

What we collect and why

What Why
Your email address To create and manage your account
Device names, MAC addresses, IP addresses on your network So you can see and manage your home devices in the app
Which domains are blocked or allowed (counts only — not content) To show you usage insights and improve blocking accuracy
Router firmware version and health status To push security updates and keep your router running
Subscription and billing status (via Apple) To activate your plan features
We never read the content of websites your family visits. We see that a device visited "youtube.com" — we never see what video was watched, what was searched, or what was typed.

Children's privacy

WhiteCat is operated by parents — accounts are created and managed by adults only. We do not knowingly collect personal information directly from children under 13. Family member profiles in the app (e.g. "Emma, age 8") are created by the parent and contain only a name and icon — nothing else. If you believe we have inadvertently collected data from a child, contact us at [email protected] and we will delete it immediately.

What we never do

  • We never sell your data to advertisers or third parties
  • We never read the content of your family's internet traffic
  • We never build advertising profiles on your children
  • We never share data with schools, governments, or other companies without your consent (except where required by law)

Where your data is stored

Your account data is stored on secure servers in the United States. Network traffic stays on your router at home — it is not streamed to our cloud. Only metadata (domain block counts, device status) is synced to our servers.

Your rights

You can request a copy of your data, ask us to delete your account and all associated data, or opt out of any non-essential communications at any time. Email [email protected] — we'll respond within 5 business days.

Changes to this policy

If we make meaningful changes to this policy, we will notify you by email and update the date at the top of this page. We will never quietly change what we do with your data.

Questions about your privacy?

For EU customers (GDPR)

This section supplements our general privacy policy with information required by the EU General Data Protection Regulation (GDPR / DSGVO).

Data Controllers

  • For EU customers: Cluster s.r.o., Rusovská cesta 15, 851 01 Bratislava, Slovak Republic. Full details: Imprint.
  • For US/other customers: White Cat Cloud Inc.

Data categories

Account email · device identifiers (MAC addresses, stored locally on the router) · DNS query metadata used for filtering (60-day retention).

Legal basis

Contract performance (Art. 6(1)(b) GDPR) and legitimate interest in network security and parental-control functionality (Art. 6(1)(f) GDPR).

Data location and transfers

Service infrastructure currently runs in the United States (DigitalOcean, San Francisco region). EU customer data is therefore transferred to the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism. We are evaluating EU-region deployment for a future rollout.

Your rights

Under GDPR you have the right to access, rectify, erase, port, restrict the processing of, and object to the processing of your personal data. You also have the right to lodge a complaint with a supervisory authority — in Slovakia: Úrad na ochranu osobných údajov. EU customers may additionally file with their own national authority.

No selling, no profiling

We do not sell personal data and do not engage in automated profiling.

Privacy contact

For privacy requests, please email: [email protected]