# Is Yoto Guardian Safe? Security and Privacy for Parents Last Updated: March 18, 2026 Yoto Guardian uses AES-256-GCM encryption for stored OAuth tokens, httpOnly secure cookies for session management, HMAC-signed CSRF tokens on all state-changing requests, and HTTPS/TLS for all communication. It never stores your Yoto password. *** ## How Yoto Account Access Works Yoto Guardian connects to your Yoto account using OAuth with PKCE (Proof Key for Code Exchange) — the same authentication method used by the official Yoto app. During the linking process, you log in to Yoto directly on Yoto's own website. Yoto Guardian never sees your Yoto password. After authorization, Yoto issues OAuth access tokens to Yoto Guardian. You can re-link your Yoto account from Settings, and support can assist with account disconnection requests. *** ## AES-256-GCM Encryption for Stored Tokens Yoto OAuth tokens are encrypted using AES-256-GCM before being stored in the database. AES-256-GCM is an authenticated encryption standard — it both encrypts the data and verifies its integrity. If you use the optional AI metadata features, your Anthropic or OpenAI API keys are also encrypted with AES-256-GCM before storage. You can delete stored API keys at any time from Settings. *** ## JWT Authentication Yoto Guardian uses JWT (JSON Web Token) access tokens for session management: * Access tokens expire after 15 minutes * Refresh tokens last 7 days and are rotated on each use * Refresh token reuse detection: reusing a refresh token revokes the entire token family, forcing re-authentication * Session tokens are stored in httpOnly, secure cookies — not accessible to JavaScript *** ## CSRF Protection All state-changing requests (POST, PUT, DELETE, PATCH) require a CSRF token in addition to the session cookie. The CSRF token is HMAC-SHA256 signed and validated on the server. GET, HEAD, and OPTIONS requests are exempt. *** ## HTTPS and Data in Transit All communication between your browser and Yoto Guardian servers uses HTTPS with TLS encryption. All communication between Yoto Guardian's servers and Yoto's cloud API also uses HTTPS. *** ## Password Security Yoto Guardian account passwords are hashed using industry-standard one-way hashing algorithms before storage. Plain-text passwords are never stored or logged. *** ## Children's Privacy Yoto Guardian is designed for parents and caregivers, not children. The service does not collect personal information directly from children. The only child-related data stored is: * Device names and identifiers (from the parent's Yoto account) * Playback events (what card was playing, track changes, play/pause events) * Daily listening time totals * Device configuration (quiet time schedules, daily limits, playback rules) We do not knowingly collect personal information from children under 13. *** ## Cookies Yoto Guardian itself uses essential first-party cookies only: * An authentication session token (httpOnly, secure — not accessible to JavaScript) * A CSRF token (readable by JavaScript on the same origin, required for request validation) No first-party tracking, advertising, or analytics cookies are used. Marketing pages may embed a Ko-fi donation widget, and that third-party service may set cookies under its own domain and privacy policy. *** ## Data Sharing Yoto Guardian does not sell, rent, or trade your personal information. Data is shared only: * **With Yoto's API:** To operate the service using your OAuth tokens * **With AI providers (optional):** Audiobook metadata may be sent to Anthropic or OpenAI using your configured API key, or via Yoto Guardian-provided access when available * **Legal requirements:** When required by law or legal process *** ## Your Data Controls * **Delete account:** Request account and data deletion by contacting privacy@yotoguardian.com * **Yoto account connection:** You can re-link from Settings; contact support@yotoguardian.com for account disconnection requests * **Delete AI API keys:** Available in Settings at any time * **Data export:** Contact [privacy@yotoguardian.com](mailto:privacy@yotoguardian.com) *** ## Contact Coe Code LLC, Missoula, Montana, USA [privacy@yotoguardian.com](mailto:privacy@yotoguardian.com) [support@yotoguardian.com](mailto:support@yotoguardian.com)