Fifteen honest answers to the questions everyone asks.

Bark and Qustodio are mature parent-monitoring products focused on one family at a time — great dashboards, alerts, installed base of millions. Phosra is a compliance-first infrastructure layer: one policy set that maps across every platform your kid touches, plus a law registry that tracks regulatory obligations (COPPA 2.0, KOSA, EU DSA, state AADCs). Many families use both: monitoring tools for alerts, Phosra for the policy layer underneath.

Five categories of surface: streaming (Netflix, YouTube, Disney+), gaming (Roblox, Minecraft, Steam, consoles), social (TikTok, Discord, Instagram, Snap), devices (iOS Screen Time, Android MDM, Chromebook), and network (Deco, Eero, pfSense, Controld DNS). The public registry maps 229 platforms across those categories. Six are live integrations today; the rest are mapped and on the public roadmap. We use each platform's official API where available and network- or MDM-level enforcement where not.

Yes — all six are first-class integrations. Netflix (viewing windows + content ratings), Roblox (session caps + communication filters), TikTok (screen time + restricted mode), Discord (age-gated servers + DM controls), iOS (Screen Time + Family Sharing), and TP-Link Deco (profile pauses + DNS filtering). Each uses the platform's official API where one exists; where it doesn't, we fall back to network-level enforcement.

Honestly: it depends on the platform. Where a platform exposes an official parental-controls API (Roblox, Netflix, Discord, iOS Family Sharing), enforcement is hard to bypass without the platform's own recovery flow. Where no API exists, we use network-level (DNS, router) or device-level (MDM) enforcement, which a determined teen with a VPN can work around. We publish per-integration bypass-resistance scores so you know which surfaces are load-bearing and which need a second layer.

A rule category is one of 45 atomic units of enforcement — e.g. screen_time_limit, content_rating_cap, parental_consent_gate, commercial_data_ban. A policy is your specific configuration of those categories for a specific child — e.g. "Emma, age 8, bedtime 8:30pm, content rating PG, no direct messages from non-friends." Phosra translates one policy into whatever each platform's native controls actually accept.

No catch. The Family plan is free, requires no credit card, and includes parental controls across all 45 policy categories. We make money on the Developer tier ($49/mo) for platforms building against our API and on Enterprise licenses for companies that need regulatory compliance audits. Families pay nothing and keep every feature that matters for household use.

Two revenue lines, neither involves family data. Developers pay $49/month to build parental controls into their own products using our REST API and MCP tools. Enterprises — large platforms, schools, state regulators — pay custom licenses for compliance verification, audit trails, and regulatory reporting. The free family tier is the on-ramp; B2B funds the company.

No. We do not sell, license, rent, or share child data with advertisers, data brokers, or any third party for marketing. We do not run ads on any surface. Child data is encrypted, scoped to your family account, and used only to enforce the rules you set. We read COPPA-aligned consent before any data collection and we delete on request within 48 hours.

Yes. Sensitive fields (OAuth tokens, provider credentials) are encrypted at the application layer with AES-256-GCM on top of Supabase's standard at-rest disk encryption, and all traffic is TLS 1.3. Tenant data is scoped at the application layer — every query is user-keyed. Full security posture, SOC 2 status, and incident history are in the trust center.

Yes, one click. Settings → Export gives you a JSON bundle of everything we hold about your family. Settings → Delete Account removes all rows within 48 hours, including backups within 30 days. We comply with GDPR (Art. 17 erasure), CCPA (§1798.105 deletion), and every US state equivalent we're aware of. No dark-pattern retention.

COPPA 2.0 is the proposed update to the 1998 Children's Online Privacy Protection Act — it raises the covered-age threshold, expands the definition of personal data, and introduces algorithmic-harm provisions. Phosra tracks the bill text weekly, maps every provision to enforceable rule categories, and ships compliance checklists so Enterprise customers can demonstrate readiness before the law lands.

Yes. Schools use Phosra to enforce student-data-privacy law (FERPA, state AADCs) and to push a single district policy to every SaaS tool students touch — Google Workspace, Canvas, Chromebook fleet, classroom filters. Our regulators page has a deeper walk-through for district IT and state attorneys general.

Weekly. Every Monday morning an automated scanner (Claude-driven) re-reads the 91 tracked statutes and flags material changes, new introductions, and status updates. Changes are reviewed by a human before publishing. Enterprise customers get pager-grade alerts for bills that touch their specific rule categories.

Three steps: (1) Sign up at /login — no card required for the Family plan. (2) Add your child and set their age — Phosra auto-provisions an age-appropriate rule set across all 45 categories. (3) Connect the apps and devices you actually use. Most families are live in under ten minutes.

Jake and Susannah Klinvex — founders of three previously-acquired software companies and parents of five. Phosra started because we couldn't find a single product that did what we needed for our own kids across Netflix, Roblox, Discord, TikTok, and the App Store at the same time. We built it, then realized the compliance-layer piece was the harder, more durable business.