DRAFT, pending counsel review. This document is an internal draft prepared on 2026-04-26 by the engineering team. It has NOT been reviewed by external legal counsel. Do not rely on it for legal advice. Effective date is a placeholder pending sign-off. Apostle Pty Ltd makes no representation that this draft satisfies any specific jurisdictional requirement until counsel-reviewed.

PYLON Children's Privacy Notice

This notice explains how Apostle Pty Ltd (PYLON, we) handles the personal information of children and minors who attempt to use, or do use, the PYLON streaming service (the Service). It supplements, and forms part of, the Privacy Policy. For minors aged 13–17, it should be read together with the Terms of Service §2 (Eligibility, age and account creation).

This notice is shaped by:

• the United States Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§6501–6506, and the FTC's COPPA Rule (16 CFR Part 312);
• the California Privacy Rights Act's sensitive-information rules (Cal. Civ. Code §1798.121) and the California "Eraser Law" (Cal. Bus. & Prof. Code §22581);
• the EU GDPR Article 8 (conditions applicable to a child's consent in relation to information-society services) and recital 38;
• the UK Age Appropriate Design Code (the Children's Code) issued by the Information Commissioner's Office;
• the Australian Online Safety Act 2021 (Cth) Basic Online Safety Expectations and the eSafety Commissioner's guidance; and
• the Australian Privacy Act 1988's Australian Privacy Principles, particularly APP 5 (notification of collection).

Table of contents

1. The short version
2. Children under 13 are not permitted
3. Minors aged 13–17, what's restricted
4. How we determine and verify age
5. What we collect from minors aged 13–17
6. Targeted advertising and behavioural profiling, never
7. Parents and guardians, how to act
8. Schools and education partners
9. Reporting child-safety concerns
10. Contact

1. The short version

• Under 13: not allowed. If we discover an account belongs to a child under thirteen, we block it and delete the personal information.
• 13–17: limited. No R18+ titles, no public profile, no unrestricted community features, no targeted advertising, no behavioural profiling.
• Always: no sale of personal information; no sharing for cross-context behavioural advertising; no AI-training use; we honour parent and guardian requests.

2. Children under 13 are not permitted

PYLON is not directed to children under thirteen (13) and we do not knowingly collect, use, store or disclose personal information from a child under thirteen.

2.1 At sign-up

We require a date of birth at sign-up. If the date of birth indicates the user is under thirteen:

• account creation is blocked;
• any personal information collected during the partial sign-up flow is purged immediately from our application database;
• the user sees a clear message explaining that they cannot use the Service.

2.2 If we later discover an under-13 account

If we receive credible evidence that an existing account belongs to a child under thirteen, whether from a parent, an internal review, an audit signal, or another user's report, we will:

• restrict the account immediately to prevent further data collection;
• attempt to verify with a parent or guardian where their contact details are available;
• delete the personal information per our cron-driven deletion cascade documented at apps/api/src/cron/gdpr.ts;
• retain only the minimum information necessary to honour the blocking obligation (a hashed identifier on a do-not-onboard list) consistent with COPPA's data-minimisation requirement and our own retention schedule; and
• notify the parent or guardian when we have done so.

If you are a parent or guardian who believes your under-13 child has used the Service, please contact [email protected] with the account email and we will action immediately.

3. Minors aged 13–17, what's restricted

If we determine an account belongs to a minor aged thirteen (13) to seventeen (17), the following restrictions apply:

3.1 Content classification

• titles classified R18+ (or international equivalent, NC-17, 18 BBFC, X CNC, etc.) are not visible and not playable;
• titles classified MA15+ (or equivalents, TV-MA, 15 BBFC) are visible only when the user is at least fifteen (15);
• the Editorial Policy explains how classifications are assigned.

3.2 Community features

• comments are not available;
• public profiles are not available (the user cannot be followed or referenced by other users);
• Q&A questions are submitted with limited public attribution (display name redacted to a generic "Subscriber" if the user is under sixteen); and
• watch parties are joinable but not host-able by under-16 users; the host must be an adult.

3.3 Subscription and billing

• a 13–17 minor must not be the sole account-holder of a paid Subscription; the parent or guardian who has accepted the Terms of Service is the contracting party.

3.4 Privacy choices

• "Do Not Sell or Share" is on by default for accounts identified as belonging to a minor;
• analytics is off by default;
• marketing communications are off by default, with no opt-in banner shown.

4. How we determine and verify age

4.1 Self-declaration at sign-up

At sign-up we ask for date of birth. We verify this attestation in the following ways:

• logical checks (impossible dates rejected);
• payment-method consistency (where a Subscription is paid for, the payment-method holder is presumed adult unless contradicted);
• identity-document verification through a third-party identity- verification provider, requested where access to age-gated content is sought; and
• periodic re-attestation for users approaching a tier threshold (e.g., 13 → 15 → 18).

4.2 Country signals

We use Cloudflare's IP-geolocation header to determine the country of access at sign-up. The country code is used to apply country-specific rules, for example, the UK Children's Code design defaults, EU GDPR Art. 8 thresholds (which vary by member state from 13 to 16), and Australian Online Safety Act gating.

4.3 Re-verification

If a user attempts to access a higher-tier age-gate after sign-up, we may require fresh age verification. We retain only:

• the method of verification ("self", "card", "id", "none");
• the timestamp of verification; and
• in the case of identity-document verification, only the boolean outcome and a reference number, not the document itself, not a photograph, not a copy. The third-party provider holds the document under their own privacy notice.

5. What we collect from minors aged 13–17

We collect from 13–17 minors only what we collect from any subscriber, less any field that is not necessary for the service to function. In practice:

• collected: email, hashed OAuth identifier, date of birth, country code, locale, role (always viewer), session signals, hashed IP, view progress, view events, daily aggregates, Subscription status (held in the parent's name);
• not collected: marketing-segment information, advertising- attribution information, social-graph information, in-app payment information beyond the parent's Subscription, precise location, biometric data, sensitive personal information beyond the date of birth itself.

We do not combine 13–17 minor data with adult data for any analytical or marketing purpose.

6. Targeted advertising and behavioural profiling, never

We do not engage in targeted advertising or behavioural profiling of any user, regardless of age. We have no ad-tech vendor pixels. Our analytics integrations (PostHog, Sentry) are first-party-proxied, off by default, and aggregate-only.

For 13–17 minors, in addition to the general posture, we will not:

• create, infer, derive, persist or share any profile used to predict future behaviour;
• use machine learning to optimise content for individual under-18 users (we do still apply per-tier classification gating, which is rule-based and not ML-driven);
• include 13–17 minor data in any cohort, lookalike, or audience segment used for any marketing, growth, or experimentation purpose; and
• pass 13–17 minor data to any third party other than the service-provider categories listed in the Privacy Policy §5.1, all of whom act as processors under our written contracts.

This commitment is consistent with COPPA's prohibition on the collection of personal information from children for behavioural- advertising purposes (16 CFR §312.2 definition of "personal information"; FTC consent decrees on YouTube Kids and others), with the UK Children's Code Standard 7 (default privacy settings) and Standard 9 (data sharing), and with CPRA §1798.121's restriction on the use of sensitive personal information.

7. Parents and guardians, how to act

If you are a parent or legal guardian of a child under thirteen, or of a minor aged 13–17 with a PYLON account:

7.1 Contact channel

Email [email protected] from an email address that we can reasonably associate with the parent or guardian (for example, the billing email on the Account, an email matching the school district if a school referral applies, or an email you can verify by reply).

7.2 What you can ask for

• block / delete an under-13 account, we will action immediately on credible evidence;
• review what we hold on a 13–17 minor, we provide a copy using our GDPR-Art-15-style export tool;
• correct inaccurate information, we will correct;
• delete the account, we will action subject to our 30-day grace window and our retention obligations;
• change consent settings, we will change defaults for that account;
• set parental controls on a 13–17 minor account where we offer them.

7.3 Verification

We will verify your relationship to the child to a degree appropriate to the request, typically by confirming with the child's email address, by examining the billing relationship, or by receiving a signed statement from the parent. We do this to prevent unauthorised access to a minor's account by someone who is not in fact the parent.

7.4 No charge

We do not charge for parent or guardian requests.

8. Schools and education partners

We do not currently offer the Service through schools or as part of any educational integration.

If we offer such an integration in future, we will commit, contractually and in this notice, to:

• COPPA's school exception requirements (16 CFR §312.5 and the FTC's 2014 Schools Using COPPA policy guidance);
• US FERPA (20 U.S.C. §1232g) restrictions on educational records, where a school is a covered entity;
• the UK Children's Code design defaults;
• equivalent Australian privacy standards under the Privacy Act 1988 and the eSafety Commissioner's expectations.

If your school is interested, contact [email protected].

9. Reporting child-safety concerns

PYLON has zero tolerance for child sexual abuse material (CSAM) and content that endangers a minor. See the Acceptable Use Policy §2.4 for the full statement.

To report:

• in-product, use the Report control on any title, comment, Q&A question or watch-party message;
• by email, [email protected] for general child-safety concerns and [email protected] for material that infringes a copyright in addition to a child-safety concern;
• to authorities directly:
  • Australia, eSafety Commissioner, https://www.esafety.gov.au;
  • United States, National Centre for Missing & Exploited Children CyberTipline, https://report.cybertip.org;
  • United Kingdom, Internet Watch Foundation, https://report.iwf.org.uk;
  • your local law-enforcement agency.

We act on confirmed reports immediately and we report to the relevant authorities under applicable mandatory-reporting laws.

10. Worked examples and design defaults

To make this notice operationally meaningful, the following short examples explain how the rules actually express themselves in the product.

10.1 Sign-up where DOB indicates under-13

A user enters a date of birth that resolves to an age under thirteen at the date of attempted sign-up. The flow:

1. The Better Auth registration step is rejected with a friendly non-discriminatory message ("PYLON is for users 13 and older").
2. No users row is committed; any preliminary OAuth handshake record is discarded within thirty (30) minutes by our cleanup cron.
3. We log a hashed pseudonym in a do-not-onboard register so the same OAuth identity cannot loop back through with a different DOB; this register stores no PII beyond the hash.

10.2 Sign-up where DOB indicates 13–17

The user is permitted to create an account, with these defaults applied at first sign-in:

• the Do Not Sell or Share preference is on;
• the Functional and Analytics cookie categories are off;
• the Marketing communications preference is off and not shown as an opt-in opportunity;
• the Public Profile feature is hidden;
• the Comments feature is hidden;
• R18+ titles are not surfaced in any browse, search or recommendation, and direct-link access returns a friendly "Not available" page;
• MA15+ titles are surfaced only when the user is at least fifteen.

These defaults match the UK Children's Code Standard 7 ("Default settings should be 'high privacy' by default") and are applied regardless of the user's country of access.

10.3 A 13–17 user becomes 18

When a user transitions to age 18, we do not automatically flip the high-privacy defaults. We notify them in-product that adult features are available, and we let them opt in. This preserves the design principle that defaults set when the user was a minor should not be silently relaxed when they age out.

10.4 Parent reports an under-13 account

A parent emails [email protected] stating the email [email protected] belongs to their nine-year-old daughter. Our action:

1. We pause the account immediately, blocking sign-in and suspending any active Subscription.
2. We acknowledge to the parent within one (1) business day.
3. We verify by:
   • confirming the parent's email is on the billing record, or
   • asking the parent to provide one of: a credit-card statement showing the Subscription charge; the child's school ID with a date of birth; or a sworn statement (a US COPPA-acceptable "verifiable parental consent" alternative).
4. On verification, we delete the account per the deletion cascade documented at apps/api/src/cron/gdpr.ts and refund any remaining Subscription period under the Refund Policy.
5. We notify the parent when complete.

10.5 An adult lies about age to view R18+ content

We treat this as a fraud against our own gating, not a privacy matter. Our response is escalated under the Acceptable Use Policy §2.5 ("Misrepresent your age, identity, country of residence or eligibility"). It does not give us a basis to share the user's information with anyone outside the AUP enforcement flow.

10.6 A minor uses an adult's account

If we identify, by any means, that a minor under 13 is using an adult account that the adult has handed them, we treat this as a COPPA-relevant matter and reach out to the account-holder. We do not retroactively reclassify the account as a child's account; we do require the account-holder to take steps to prevent further under-13 use. Persistent re-occurrence is a basis for suspension of the adult account.

10.7 In-product surface for parental controls

We are building, but have not yet shipped at the date of this notice, a Parental Controls surface for adult-account-holders to apply additional restrictions to a household where a minor is present. When this ships, this notice will be updated and the controls will be opt-in only.

11. Contact

Privacy and rights requests on behalf of a minor: [email protected]

Child-safety reporting: [email protected]

Apostle Pty Ltd [REGISTERED ADDRESS: TBD] [ABN: TBD] · [ACN: TBD] [Authorised signatory: TBD]

Sibling documents

• Privacy Policy
• Terms of Service
• Acceptable Use Policy
• Community Guidelines
• Trust and Safety Policy
• Editorial Policy

Version history