Temporary logs (e.g. OTPs) are automatically deleted within 30 days, ensuring minimal data retention.
Consent tokens are cryptographically signed/stored client-side, enabling real-time validation without exposing parental or child identity to third-party services.
Tokens are valid only for a limited duration, after which access is automatically denied unless refreshed – re-enforcing time-bound revocable consent.
Summary of Results
The systems balances auditability (via immutable logging) with user rights (via revocable mechanisms) offering a compelling model for future adoption.
In addition to the structured Practice Statements, the Trial also reviewed publicly available Privacy Policies for all participating providers. This formed a key part of the Trial’s ethical due diligence and helped assess how well declared practices aligned with actual documentation and observed system behaviour.
Practice Statements are formal documents submitted by participating providers, outlining how their systems function and how they claim to meet specific expectations under international and domestic standards. They offer providers an opportunity to articulate their system’s design in their own words — similar to a ‘statement of practice’ or ‘system disclosure’ used in certification and compliance contexts.
As part of the Trial’s commitment to transparency and accuracy, the team prepared a written summary of each vendor interview, capturing key points regarding system design, functionality and implementation claims. These summaries were shared with participants for review, allowing them to check, verify and suggest corrections where necessary.
Individual Vendor Test Reports were developed for each participating provider. These reports formally document the results of the functional, usability and security evaluations carried out during the Trial and are intended to support public understanding, regulatory scrutiny and future conformity assessment or certification processes.
