Child Safety Standards Policy

Home   /   Child Safety Standards Policy

Introduction and Commitment

  • KPOST Software Private Limited ("KPOST", "we", "us", "our") is fundamentally committed to creating a secure digital environment for all users, with paramount focus on safeguarding children and young people. We recognize the inherent vulnerabilities of users under 18 in digital spaces and our responsibility to protect them from online risks, including inappropriate content, grooming, cyberbullying, and privacy infringements.
  • This policy outlines our comprehensive global framework for child protection across all KPOST communication services (email, messaging, audio/video calling, video conferencing, file sharing). Our approach is "safety by design," embedding child protection into every aspect of our platform from conception.
  • Our Core Child Safety Principles
    • Safety by Design: Child protection is integrated into every feature from its inception.
    • Transparency: Clear, accessible policies and practices regarding child safety.
    • Accountability: Regular auditing, continuous improvement, and prompt response to concerns.
    • Empowerment: Providing tools and information for children and families to ensure their safety.

Definitions and Scope of Application

  • Key Definitions:
    • Child/Minor: Any individual under 18 years of age.
    • Digital Consent Age: The minimum age for valid data processing consent, as per local law.
    • Verifiable Parental Consent: Assured parental/guardian identity and approval for consent.
    • Harmful Content: Material posing risk to a child's well-being (e.g., violence, self-harm, hate speech, CSAM).
    • CSAM: Child Sexual Abuse Material (zero-tolerance policy).
  • Scope of Application - This policy applies comprehensively to:
    • All users under 18 years of age.
    • All personal data collected/processed involving minors.
    • All KPOST personnel, including employees, contractors, and third-party service providers.
    • All automated systems, AI tools, and algorithms.
    • All communication channels within KPOST services.

Age Verification and Digital Consent Framework

  • KPOST implements a multi-layered age verification process to ensure age-appropriate access and compliance with consent requirements.
  • Digital Consent Age by Jurisdiction:
    • Region Digital Consent Age Parental Consent Required
    European Union (GDPR) 16 (or lower per state) Yes, if under local consent age
    India (DPDP Act, 2023) 18 Mandatory verifiable parental consent
    United States (COPPA) 13 Yes, for users under 13
    United Kingdom (AADC) 13 Yes, with enhanced protections
    Other Jurisdictions Generally 16 Yes, unless local law differs

  • Multi-Layered Age Verification Process:
    • Primary Verification: Self-declaration of birth date, behavioral analysis for inconsistencies, and cross-referencing with parent/guardian information.
    • Secondary Verification: Triggered by suspicious activity, may involve document verification (where permissible) or educational institution verification.
    • Verifiable Parental Consent Workflow: If a user is underage, a secure parental consent workflow is activated, involving email verification, identity confirmation (where necessary), and digital signing of a consent form. Parents maintain ongoing consent management through a dedicated dashboard.

Legal Bases for Processing Children's Data

  • Our data processing for children is strictly based on legal frameworks:
    • Under GDPR: Processing is based on explicit parental consent (Article 8) and adherence to data protection principles (Article 5) like data minimization and purpose limitation.
    • Under Indian Law (DPDP Act, 2023): Children are "vulnerable data principals" (Section 9). Processing must be in the child's "best interest," with strict verifiable parental consent. Tracking, profiling, or behavioral advertising for children's data is strictly prohibited.

Core Safety Measures and Child Protection Architecture

  • KPOST integrates robust features and protocols for a safe environment.
  • All minor accounts automatically operate in "Safe Mode," which includes:
    • Communication Restrictions: Contacts limited to pre-approved individuals, group participation requires parental approval, public profile discovery is restricted, and file sharing is limited with mandatory malware scanning.
    • Content Protection: Proactive AI filtering for harmful content, real-time analysis, and oversight by a 24/7 human moderation team.
    • Technical Safeguards: End-to-end encryption for all minor communications, data minimization, and automated deletion of non-essential data.
  • Enhanced Safety Features:
    • Real-Time Protection: AI-driven grooming detection, sentiment analysis for distress, automatic location metadata removal, and measures to prevent unauthorized screen recording.
    • Parental Dashboard: Secure access for parents/guardians to view activity summaries (no content access), manage contacts, receive safety alerts, and adjust child account settings.

Content Moderation and Safety Standards

  • KPOST enforces a zero-tolerance policy for harmful content, particularly concerning minors.
  • KPOST enforces a zero-tolerance policy for harmful content, particularly concerning minors.
  • Prohibited Content for Minors:
    • Zero Tolerance Categories (Immediate Action): CSAM (immediate removal and law enforcement reporting), grooming content, content promoting violence or self-harm, hate speech, and illegal substances.
    • Human Moderation Team Excellence - Restricted Content Categories (Context-based Action): Age-inappropriate media, targeted commercial content, and unauthorized solicitation/sharing of personal information.
  • Our dedicated human moderation team undergoes:
    • Rigorous Qualifications & Training: Enhanced background checks, specialized training in child psychology, online safety, legal compliance, and trauma-informed practices.
    • Mental Health Support: Counseling and support services due to the sensitive nature of their work.
    • Quality Assurance & Oversight: Dual review for high-risk decisions, regular audits, and a clear appeal process for users.

Data Protection and Privacy Rights

  • Data Collection Principles:
    • Strict Data Minimization: Collecting only essential data for platform functionality and security.
    • Purpose Limitation: Data used strictly for specified, legitimate purposes.
    • Necessity Test: Regular assessment of data collection necessity.
    • Automated Data Deletion: Non-essential data purged according to retention schedules.
    • Enhanced Privacy Protections: No behavioral profiling, no targeted advertising, no third-party sharing for commercial purposes, and robust encryption (AES-256 at rest, TLS 1.3 in transit).
  • Data Subject Rights for Minors - Children (through guardians) can exercise rights including:
    • Right to Access: Request access to stored data (15-day response).
    • Right to Rectification: Immediate correction of inaccurate data.
    • Right to Erasure: Complete account and data deletion (within 30 days).
    • Right to Data Portability: Request data export in machine-readable format.
    • These rights are facilitated with age-appropriate forms and priority handling for minors.
  • Data Retention and Secure Deletion

  • KPOST retains personal data of children only as long as necessary for its collected purpose, service provision, safety, and legal compliance. Account information is kept until deletion plus 30 days. Communication metadata is stored for 90 days for safety investigations, and user content is retained based on user control with a 30-day backup. Moderation logs are kept for up to 2 years, and safety investigation data for up to 7 years, as legally required. Automated systems securely purge data using cryptographic wiping, with regular audits verifying compliance.

Reporting, Investigation, and Response

  • KPOST provides clear channels for reporting and maintains a rapid, structured process for investigation and response.
  • Multi-Channel Reporting System:
    • In-Platform Reporting: One-click reporting for blocking contacts or reporting abuse, with category selection and anonymous reporting options. Secure upload for evidence.
    • External Reporting Channels: 24/7 hotline, dedicated email support (childsafety@kpost.com), web portal, and direct emergency contacts for critical situations.
  • Structured Investigation Procedures - Reports are classified and handled by an expert team (Child Safety Specialists, Technical Analysts, Legal Advisors, Mental Health Professionals):
    • Level 1 - Critical (e.g., CSAM, Imminent Danger): Immediate response (within 1 hour), automatic law enforcement notification, immediate account suspension, and evidence preservation.
    • Level 2 - High Priority (e.g., Grooming, Serious Harassment): Response within 4 hours, specialist investigation, enhanced monitoring.
    • Level 3 - Standard (General Concerns): Response within 24 hours, standard investigation.
  • Law Enforcement Cooperation - KPOST fully cooperates with law enforcement globally:
    • Mandatory Reporting Obligations: Immediate reporting of CSAM and credible threats to relevant national and international authorities (e.g., Cybercrime Cells, NCMEC, IWF).
    • Evidence Preservation: Automatic preservation of evidence with proper chain of custody.
    • International Cooperation: Full cooperation with valid court orders and investigations.

Grievance Redressal and Appeals

  • KPOST ensures transparent and efficient grievance redressal.
  • India-Specific Grievance Mechanism (IT Rules 2021 Compliance) - A dedicated Grievance Officer for India:
    • Name: [Insert Name]
    • Designation: Chief Child Safety Officer & Grievance Officer
    • Email: grievance@kpost.in
    • Phone: [Insert Contact Number]
    • Address: [Registered India Office Address]
    • Office Hours: Monday–Friday, 9 AM – 6 PM IST (Emergency contact 24/7 for critical issues).
    • Resolution Process: Acknowledgment within 24 hours, investigation within 15 days, resolution communicated within 15 days. Users can escalate to the Data Protection Board of India.
  • Global Appeals Process - A three-tier appeal system for moderation decisions:
    • Tier 1 - Automated Review: Immediate reassessment (within 4 hours).
    • Tier 2 - Human Review: Comprehensive review by senior staff (within 72 hours).
    • Tier 3 - External Review: Independent oversight committee review (within 14 days).

Staff Training and Awareness

  • All KPOST personnel receive comprehensive and ongoing training:
    • Mandatory Modules: Child development, online safety, legal compliance (GDPR, DPDP, POCSO, COPPA), trauma-informed communication, technical safety tools, and crisis response.
    • Ongoing Professional Development: Monthly updates, quarterly workshops, annual certification.
    • Performance Monitoring & Support: Regular assessments, feedback, improvement plans, and mental health support for staff.

Technical Security and Infrastructure

  • KPOST’s platform is built with robust security measures to protect user data, especially for minors.
    • Security Architecture: Encryption (TLS 1.3 in transit, AES-256 at rest), secure key management (HSM), and strict Role-Based Access Controls (RBAC).
    • Infrastructure Security: Network segmentation, DDoS protection, intrusion detection, and regular penetration testing.
    • AI and Machine Learning Safeguards: Bias testing, transparency reporting, mandatory human oversight for critical decisions, and continuous model updates.
    • Data Localization and Transfer: Critical personal data localized in India per DPDP Act. Cross-border transfers adhere to strict protocols (SCCs, adequacy decisions) with regular compliance reviews.

Transparency and Accountability

  • KPOST is committed to transparency and accountability in its child safety efforts.
    • Public Reporting: Annual Transparency Report detailing safety metrics, content actions, legal requests, and research insights.
    • Regular Stakeholder Engagement: Collaboration with an external advisory board, parent feedback sessions, youth advisory panels, and academic partnerships.
    • Independent Auditing: Annual safety audits by third parties to verify compliance and effectiveness.

Crisis Response and Emergency Procedures

  • KPOST maintains a robust crisis response plan for urgent safety incidents.
    • Emergency Response Team (ERT): 24/7 on-call specialists, clear escalation protocols, direct law enforcement liaison, and mental health support resources.
    • Emergency Contact Information: Dedicated crisis hotline, emergency email, and internal law enforcement liaison contacts.
    • Business Continuity: Redundant systems, data backup/recovery, and clear communication plans during disruptions.

Future-Proofing and Innovation

  • KPOST is committed to continuous innovation and adaptation to meet evolving online safety challenges.
    • Emerging Technology Assessment: Mandatory Child Safety Impact Assessments (CSIA) for all new features, integrated with Privacy by Design principles.
    • Research and Development: Investment in advanced safety technology, academic collaborations, and industry cooperation.

Contact Information and Key Personnel

  • For all child safety inquiries, concerns, or reports:
    • Global Data Protection Officer (DPO):Name: [Insert Name] Email: dpo@kpost.com Phone: [Insert International Number]
    • Chief Child Safety Officer:Name: [Insert Name] Email: childsafety@kpost.com Phone: [Insert Contact Number]
    • India Grievance Officer (IT Rules 2021):Name: [Insert Name] Email: grievance@kpost.in Phone: [Insert India Contact Number] Address: [Registered India Office Address]
    • Emergency Contacts:Crisis Hotline (24/7): [Insert 24/7 Emergency Number], Emergency Email: emergency@kpost.com

Policy Governance and Updates

  • This policy is a dynamic document, reviewed and updated regularly to ensure relevance and compliance.
    • Review and Update Schedule:Annually, or sooner if regulations change, incidents occur, or feedback necessitates.
    • Change Management Process:Impact assessment, stakeholder consultation, legal review, implementation planning, communication, and training updates.
    • Version Control: Clear versioning, change logs, and formal approval for all modifications.

Acceptance and Compliance

  • By using KPOST services, users and their parents/guardians acknowledge and agree to comply with this Child Safety Standards Policy. Violations may result in content removal, account warnings, suspension, termination, law enforcement reporting, or legal action.
  • This policy reflects our unwavering commitment to protecting children online and will continuously adapt to evolving threats and best practices.

REGISTER & MOVE ON

Enjoy the new exclusive experience of a complete suite of integrated communications, payments and other 10+ ’Must Have’ services.



Pioneer
play store
app store