Terms of Service

1. Acceptance of Terms

By accessing, browsing, or using any part of the Phosra platform, including phosra.com, the Phosra API, the Phosra dashboard, developer documentation, and any related services (collectively, the "Service"), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you and Phosra, Inc., a Delaware corporation ("Phosra," "we," "us," or "our").

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms, and "you" shall refer to both you individually and the organization. If you do not agree to any part of these Terms, you must immediately discontinue all use of the Service.

These Terms are effective as of the date you first access or use the Service and remain in effect until terminated in accordance with the Termination section below. We reserve the right to update these Terms as described in the General Provisions section, and your continued use following any such update constitutes acceptance of the revised Terms.

2. Definitions

The following definitions apply throughout these Terms and are provided to ensure clarity regarding the specific concepts and components of the Phosra platform.

"API" means the Phosra REST API, including all endpoints, request and response formats, authentication mechanisms, and associated technical interfaces through which you interact with the Service programmatically. "PCSS" means the Phosra Child Safety Spec, our proprietary specification that defines the universal rule categories, age-to-rating mappings, and enforcement protocols used across the platform. "Platform" means any third-party digital service, application, or device where Phosra enforces policy rules on behalf of users, including but not limited to Netflix, YouTube, TikTok, Instagram, Roblox, and device management systems.

"Policy" means a collection of rules and configurations that define how a child's online experience should be governed across one or more platforms, including content rating filters, screen time limits, notification curfews, web filtering preferences, and algorithmic feed controls. "Child Profile" means the data record created by a parent or guardian within the Service for a specific child, containing the child's first name, date of birth, age group, and associated policy assignments.

"User" or "Account" means the parent, guardian, developer, or enterprise customer who registers for and maintains an account on the Phosra platform. "Enforcement" means the technical process of transmitting policy rules to connected platform adapters and verifying that those rules have been applied successfully. "MCP" means Model Context Protocol, an open standard for tool-use integrations that Phosra supports to enable AI-assisted parental controls management.

3. Account Registration & Security

To access the full functionality of the Service, you must register for a Phosra account. By registering, you represent and warrant that you are at least 18 years of age and have the legal capacity to enter into a binding agreement. Each individual may maintain only one Phosra account, and sharing of account credentials is prohibited.

You must provide accurate, current, and complete information during the registration process and maintain the accuracy of such information throughout the duration of your account. Accounts are managed through Clerk, our authentication provider, which handles password hashing, session management, and multi-factor authentication capabilities.

You are solely responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify Phosra immediately at security@phosra.com if you become aware of or suspect any unauthorized access to your account, unauthorized use of your API keys, or any other breach of security.

Phosra reserves the right to suspend or terminate accounts that violate these Terms, engage in fraudulent activity, exhibit patterns of abuse, or pose a risk to the security or integrity of the Service or other users' data. We will provide reasonable notice before suspension except where immediate action is required to prevent harm.

4. API License & Usage

Subject to your compliance with these Terms and all applicable laws, Phosra grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Phosra API for the purpose of managing child safety policies and enforcing parental controls through the Service.

You may integrate the Phosra API into your own applications, platforms, or services to manage child profiles, configure policies, connect platforms, trigger enforcement actions, and retrieve enforcement status information. All API usage must comply with these Terms, the Phosra API documentation, the Phosra Child Safety Spec (PCSS), and all applicable local, state, federal, and international laws, including child data protection regulations.

This license does not grant you any rights to Phosra's source code, proprietary algorithms, internal infrastructure, or any intellectual property beyond the API interface as documented. The license is automatically revoked upon termination of your account or violation of these Terms. You may not transfer, assign, or sublicense your API access to any third party without Phosra's prior written consent.

5. Rate Limits & Usage Quotas

API access is subject to rate limits and usage quotas that vary by subscription tier. These limits are designed to ensure fair access, maintain Service performance, and protect infrastructure stability for all users.

Family Tier: Accounts on the Family tier are limited to 100 API calls per hour. This tier is designed for individual parents and guardians managing their own family's devices and platforms. Developer Tier: Accounts on the Developer tier are limited to 5,000 API calls per hour. This tier is designed for application developers integrating Phosra into their products. Enterprise Tier: Accounts on the Enterprise tier receive custom rate limits negotiated as part of their service agreement, along with dedicated support and enhanced SLA commitments.

When you exceed your tier's rate limit, the API will return HTTP 429 (Too Many Requests) responses until the rate limit window resets. Persistent or intentional circumvention of rate limits, including through the use of multiple accounts, IP rotation, or distributed request patterns designed to evade detection, constitutes a violation of these Terms and may result in temporary or permanent account suspension.

Phosra reserves the right to adjust rate limits with at least 30 days' advance notice. Changes to rate limits will be communicated via email and through the Phosra dashboard. If a rate limit change materially affects your use of the Service, you may terminate your account without penalty during the notice period.

6. Data Handling & Processing

You acknowledge and agree that when you submit data to the Service, including child profile information and policy configurations, Phosra acts as a data processor on your behalf. You are the data controller for all child data and personal data you submit through the Service, and you retain full responsibility for the lawfulness of its collection, accuracy, and the purposes for which it is processed.

As a data controller, you are responsible for ensuring that you have a lawful basis for submitting child data to the Service, including verifiable parental consent where required by applicable law. You represent and warrant that you have the legal authority, whether as a parent, legal guardian, or authorized agent, to submit child data and to authorize Phosra to process it on your behalf for the purposes described in these Terms and our Privacy Policy.

Phosra processes child data solely for the purpose of providing the Service, including policy configuration, enforcement across connected platforms, compliance verification, and audit logging. We do not use child data for any purpose other than service delivery, and we do not sell, license, or otherwise commercialize child data under any circumstances.

A Data Processing Agreement (DPA) that meets the requirements of Article 28 of the GDPR is available for enterprise customers upon request. The DPA sets forth the specific terms governing Phosra's processing of personal data on your behalf, including sub-processor disclosures, data security obligations, breach notification procedures, and data subject rights assistance.

7. Children's Data Obligations

The submission and management of children's data through the Phosra platform carries significant legal and ethical responsibilities. By creating child profiles and submitting child data, you represent, warrant, and covenant the following.

You represent that you are the parent or legal guardian of each child whose data you submit to the Service, or that you have obtained explicit, verifiable authorization from the child's parent or legal guardian to submit such data. You are responsible for obtaining any and all consents required under applicable law, including verifiable parental consent as mandated by the Children's Online Privacy Protection Act (COPPA) and any applicable state, national, or international child data protection regulations.

You must comply with all applicable child data protection laws in your jurisdiction, including but not limited to COPPA, the Kids Online Safety Act (KOSA), the EU General Data Protection Regulation (GDPR) as it applies to children's data, the UK Age Appropriate Design Code, and any state-level child privacy legislation. You will not submit data for any child over whom you do not have legal authority, and you will not use the Service to monitor, track, or restrict the activities of individuals who are not your legal dependents.

Phosra reserves the right to delete child data and suspend associated accounts if we have reasonable grounds to believe that child data was submitted without proper authorization, that the submitting user is not the child's parent or legal guardian, or that the data is being used for purposes other than lawful parental monitoring and child safety enforcement. We may report suspected violations to the relevant regulatory authorities, including the Federal Trade Commission.

8. Acceptable Use Policy

Your use of the Service must at all times comply with these Terms, applicable law, and the following acceptable use standards. You agree that you will not engage in any of the following prohibited activities.

You must not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or internal structure of the Phosra API, platform adapters, or any other component of the Service. You must not use the Service for surveillance, tracking, or monitoring beyond the scope of lawful parental controls for your own minor children or legal dependents. You must not attempt to circumvent, bypass, or disable any security measures, authentication mechanisms, rate limits, or access controls implemented by the Service.

You must not share, transfer, publish, or expose your API keys, authentication tokens, account credentials, or any other access credentials with or to any unauthorized third party. You must not use the Service in any manner that could harm, exploit, endanger, or violate the rights of children, including using the platform to facilitate unauthorized access to a child's accounts, harvest a child's personal data, or enable any form of child exploitation.

You must not scrape, harvest, crawl, or collect data from the Service beyond the scope of your authorized API access. You must not impersonate other users, misrepresent your identity or affiliation, or create accounts under false pretenses. You must not use the Service to transmit malware, viruses, or any code designed to disrupt, damage, or interfere with the operation of the Service or any connected platform. Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account.

9. Intellectual Property

Phosra, Inc. owns and retains all right, title, and interest in and to the Service, including the Phosra API, the Phosra Child Safety Spec (PCSS) specification, all platform adapter implementations, the Phosra dashboard, developer documentation, the phosra.com website, all associated trademarks, service marks, logos, trade dress, and the underlying technology, architecture, and infrastructure. These rights are protected by United States and international intellectual property laws.

You retain all ownership rights to the data you submit to the Service, including account information, child profile data, policy configurations, and platform credentials. Nothing in these Terms transfers ownership of your data to Phosra. You grant Phosra a limited, non-exclusive, worldwide, royalty-free license to process, store, transmit, and use your data solely for the purpose of providing and improving the Service as described in these Terms and our Privacy Policy. This license terminates upon deletion of your data or termination of your account.

If you provide Phosra with feedback, suggestions, enhancement requests, recommendations, or other input regarding the Service ("Feedback"), you grant Phosra an unrestricted, irrevocable, perpetual, royalty-free license to use, modify, and incorporate such Feedback into the Service without any obligation to you. You acknowledge that Feedback is provided voluntarily and that Phosra is under no obligation to implement, acknowledge, or compensate you for any Feedback.

10. Third-Party Platforms

A core function of the Phosra Service is the enforcement of parental control policies across third-party digital platforms. You acknowledge and agree that the availability and effectiveness of enforcement depends on factors outside of Phosra's control, including the APIs, policies, and technical capabilities of those third-party platforms.

Phosra does not guarantee that all connected platforms will support all policy rule categories at all times. Platform providers may modify, restrict, or deprecate their APIs, which may affect Phosra's ability to enforce certain rules. When a platform change affects enforcement capability, we will make reasonable efforts to notify you through the dashboard and to update our platform adapter accordingly, but we cannot guarantee uninterrupted enforcement across all platforms.

You are responsible for maintaining valid credentials for each connected platform and for ensuring that your use of those platforms complies with their respective terms of service. Phosra is not responsible for actions taken by third-party platforms, including account suspension, content removal, or policy changes enacted by those platforms independently of Phosra enforcement actions.

The storage, encryption, and usage of platform credentials is governed by our Privacy Policy. Phosra accesses your platform accounts only to the extent necessary to apply and verify the enforcement of your configured policy rules. We do not access platform accounts for any purpose other than authorized enforcement operations.

11. Warranties & Disclaimers

Phosra makes reasonable commercial efforts to ensure that the Service operates reliably, that enforcement actions are executed accurately, and that your data is handled securely. However, given the complexity of operating across 200+ third-party platforms and the inherent unpredictability of distributed systems, certain limitations apply.

THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PHOSRA, INC. DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

Phosra does not warrant that the Service will be uninterrupted, error-free, or free of harmful components. We do not warrant that all policy rules will be successfully enforced on all connected platforms at all times, as enforcement depends on third-party platform availability and API compatibility. We do not warrant that the Service will meet your specific requirements or expectations beyond the functionality described in our documentation.

Enterprise customers may negotiate separate Service Level Agreements (SLAs) that provide specific uptime commitments, response time guarantees, and remedies for service interruptions. Such SLAs, where executed, shall supersede the disclaimers in this section to the extent of any conflict. The disclaimers in this section do not affect any rights that cannot be waived or limited under applicable consumer protection law.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PHOSRA, INC., ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT PHOSRA WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PHOSRA'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNTS PAID BY YOU TO PHOSRA DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100.00).

THIS LIMITATION OF LIABILITY APPLIES TO ALL CLAIMS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTE, OR ANY OTHER LEGAL THEORY, AND REGARDLESS OF WHETHER THE REMEDY PROVIDED HEREIN FAILS OF ITS ESSENTIAL PURPOSE. Some jurisdictions do not allow the exclusion or limitation of certain damages, so the above limitations may not apply to you to the extent prohibited by applicable law. In such cases, Phosra's liability shall be limited to the fullest extent permitted by applicable law.

13. Indemnification

You agree to indemnify, defend, and hold harmless Phosra, Inc., its parent companies, subsidiaries, affiliates, officers, directors, employees, agents, licensors, and service providers from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to the following.

Your use of the Service, including any enforcement actions triggered through your account. Any violation by you of these Terms, the Acceptable Use Policy, or the Privacy Policy. Any violation by you of any applicable law, regulation, or rule, including child data protection laws such as COPPA, KOSA, GDPR, or any equivalent legislation in your jurisdiction. Any data, content, or child profile information that you submit to the Service, including claims that such data was submitted without proper authorization or consent.

Any infringement or misappropriation by you of any third-party intellectual property right, privacy right, or other proprietary right. Any dispute between you and a third-party platform arising from enforcement actions initiated through the Service. This indemnification obligation survives the termination of your account and these Terms.

Phosra will provide you with prompt written notice of any claim subject to indemnification, cooperate with you in the defense of such claim, and permit you to control the defense and settlement of the claim, provided that no settlement may be made without Phosra's prior written consent if such settlement would impose any obligation or liability on Phosra or admit fault on Phosra's behalf.

14. Termination

Either party may terminate the relationship governed by these Terms at any time, subject to the following provisions.

You may close your Phosra account at any time through the Settings page in the Phosra dashboard. Account closure is self-service and does not require contacting Phosra support. Upon initiating account closure, your API access will be revoked immediately, connected platform credentials will be deleted immediately, and enforcement of all active policies will cease.

Phosra may terminate or suspend your account if you materially breach these Terms and fail to cure the breach within 14 days of written notice, if your account is used for illegal activity, if your continued use of the Service poses a risk to the security or integrity of the platform or other users' data, or if required by law or regulation. In cases involving imminent harm to children, illegal activity, or security threats, Phosra may suspend access immediately without prior notice.

Upon termination by either party: all API access is revoked immediately; your account data (profile, settings, policy configurations) remains available for export for 30 days after termination; all child profiles and associated data are permanently deleted within 30 days; all connected platform credentials are deleted immediately; and enforcement job history is retained for the legally required audit period and then deleted. The following sections survive termination: Intellectual Property, Warranties and Disclaimers, Limitation of Liability, Indemnification, Governing Law and Disputes, and General Provisions.

15. Governing Law & Disputes

These Terms, and any dispute or claim arising out of or relating to these Terms or the Service (including non-contractual disputes), shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without giving effect to any principles of conflicts of law that would cause the application of the laws of any other jurisdiction.

Any dispute, controversy, or claim arising out of or relating to these Terms, or the breach, termination, or validity thereof, shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in Wilmington, Delaware, before a single arbitrator selected in accordance with AAA procedures. The arbitrator's decision shall be final and binding, and judgment upon the award may be entered in any court of competent jurisdiction.

CLASS ACTION WAIVER: YOU AND PHOSRA AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING. The arbitrator may not consolidate more than one person's claims and may not preside over any form of class or representative proceeding. Each party shall bear its own costs and attorneys' fees incurred in connection with any arbitration proceeding.

Small Claims Court Exception: Notwithstanding the foregoing, either party may bring qualifying claims in small claims court in Wilmington, Delaware, or the county in which you reside, provided the claim falls within the court's jurisdictional limits and remains in small claims court. If the claim is removed or transferred to a court of general jurisdiction, the arbitration provisions of this section shall apply.

16. General Provisions

Severability: If any provision of these Terms is held by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, shall be severed from these Terms. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect.

Waiver: The failure of Phosra to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. A waiver of any right or provision shall be effective only if made in writing and signed by an authorized representative of Phosra, and shall apply only to the specific instance for which it is given.

Entire Agreement: These Terms, together with the Privacy Policy and any applicable Data Processing Agreement or Enterprise Service Level Agreement, constitute the entire agreement between you and Phosra with respect to the Service and supersede all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral, regarding the Service.

Assignment: You may not assign, transfer, or delegate any of your rights or obligations under these Terms without Phosra's prior written consent. Phosra may assign these Terms, in whole or in part, without restriction, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, provided that the assignee agrees to be bound by these Terms.

Notices: All notices required or permitted under these Terms shall be sent via email to the address associated with your Phosra account. Notices to Phosra should be directed to legal@phosra.com. Notices are deemed received when sent to the email address on file. Force Majeure: Neither party shall be liable for any delay or failure to perform obligations under these Terms due to events beyond its reasonable control, including natural disasters, acts of government, pandemics, internet or telecommunications failures, power outages, cyberattacks, or labor disputes. Contact: legal@phosra.com. Phosra, Inc., Wilmington, Delaware, United States.