Yoto Guardian is in beta — features may change and you may encounter bugs. Send feedback or report a bug

Privacy Policy

Last updated: March 9, 2026

Who We Are

Yoto Guardian is operated by Coe Code LLC (“CoeCode,” “we,” “us”). Yoto Guardian is an independent product and is not made by, endorsed by, or affiliated with Yoto Ltd. We provide parental controls and a library manager for Yoto audio players.

Information We Collect

Account Information

When you create a Yoto Guardian account, we collect your email address and a hashed password. We use this information solely to authenticate you and provide the service.

Yoto Account Credentials

When you link your Yoto account, we use OAuth (the same authentication method used by the official Yoto app) to obtain access tokens. These tokens are encrypted using AES-256-GCM before storage and are used exclusively to communicate with Yoto's API on your behalf. We never store your Yoto username or password.

Device and Playback Data

To provide parental controls and the live dashboard, we store:

  • Device names and identifiers from your Yoto account
  • Playback events (what card is playing, track changes, play/pause events)
  • Daily listening time totals
  • Device configuration (quiet time schedules, daily limits, playback rules)

This data is necessary to enforce quiet time, daily limits, and playback rules, and to display listening history on your dashboard.

AI API Keys (Optional)

If you use the library manager's AI features (automatic title and description generation), you may provide your own Anthropic or OpenAI API key. When available, Yoto Guardian may also provide shared AI access so a personal key is not required. Stored user keys are encrypted using AES-256-GCM and stored in our database so they persist across sessions. You can delete your stored API keys at any time from Settings. Keys are used exclusively to make API calls to AI providers on your behalf.

How We Use Your Information

  • To provide and operate Yoto Guardian's features (quiet time, daily limits, playback rules, live dashboard, library management)
  • To authenticate you and protect your account
  • To communicate with Yoto's cloud API on your behalf using your encrypted OAuth tokens
  • To send you service-related emails if necessary

Children's Privacy

Yoto Guardian is designed for parents and caregivers to manage children's Yoto players. The service does not collect personal information directly from children. All data collection and account management is performed by the parent or caregiver who creates the Yoto Guardian account. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • With Yoto's API: To operate the service, we send commands to and receive data from Yoto's cloud infrastructure using your OAuth tokens.
  • With AI providers (optional): If you use AI-powered library features, audiobook metadata may be sent to Anthropic or OpenAI using your configured API key, or via Yoto Guardian-provided access when available.
  • Legal requirements: When required by law, legal process, or to protect our rights.

Data Security

  • Yoto OAuth tokens are encrypted with AES-256-GCM before database storage
  • Passwords are hashed using industry-standard algorithms
  • All communication uses HTTPS/TLS encryption
  • JWT access tokens expire after 15 minutes; refresh tokens after 7 days with rotation
  • CSRF protection is enforced on all state-changing requests

Data Retention

We retain your data for as long as your account is active. Playback history is retained to provide listening statistics and weekly charts. To request account closure and permanent deletion of associated data, contact [email protected]. We process deletion requests manually.

Your Rights

  • Access: You can view all data we store about you through the dashboard and settings.
  • Deletion: You can request account and data deletion by contacting [email protected].
  • Yoto connection: You can re-link your Yoto account from Settings at any time. For account disconnection or data-removal requests, contact [email protected].
  • Export: Contact us to request a copy of your data.

Cookies

We use essential cookies only: an authentication token (httpOnly, secure) and a CSRF token. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by posting a notice on the site. Your continued use of Yoto Guardian after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, contact us at [email protected] or [email protected].

Coe Code LLC, Missoula, Montana, USA