Self-hosted, open-source, and designed from the ground up to protect children — not as an afterthought, but as the entire point.
The app
Parent dashboard, kid chat space, and secure login — all in one native app for iOS and Android.
Get started
Whether you want us to walk you through a $5/month cloud server, ship you a pre-built box, or flash your own ESP32 — you get the same private, encrypted experience.
Run in the cloud — always on, accessible from anywhere. We'll pick the fastest server near you and walk you through every step.
Turn any Windows 10/11 machine into your family's private server. Runs quietly in the background.
A dedicated always-on server the size of a deck of cards. Pre-loaded, pre-configured, plug in and go.
The off-grid radio. No WiFi, no cell signal, no problem. Drop it in your kid's bag and they can always reach you.
| Feature | ☁️ Cloud VPS | 🖥️ Windows | 🏠 Home Hub | 📡 Glustic Link |
|---|---|---|---|---|
| Runs the server | ✅ | ✅ | ✅ | — |
| Always-on 24/7 | ✅ | PC must stay on | ✅ | — |
| Works offline | — | — | — | ✅ LoRa |
| Guided setup | ✅ We help | ✅ | ✅ QR code | ✅ BLE app |
| Setup time | ~10 min | ~10 min | ~2 min | ~1 min |
| Cost | $5–8/mo | Free | $149 | $49 |
| DIY option | Any VPS | ✅ | Pi 5 + SD | Heltec V3 ~$22 |
"No two children can communicate until both of their parents have verified their identity and completed a Curve25519 key exchange. This is enforced at the database schema level — not in application logic."
There is no bypass. There is no admin override. It's a foreign key constraint.
How it works
Every family must complete all three stages before any child can send a single message.
Email + optional phone OTP verification. No anonymous adult accounts — ever. Identity is proven before any access is granted.
Curve25519 Diffie-Hellman key exchange. Both parents compare a shared hash out of band to confirm the connection is genuine — not intercepted.
Age-gated rooms, content filtered at send time, parent visibility baked in. Not added on top. The schema enforces every rule.
Age tiers
Parents cannot expand what their children are allowed to do. Changing tier behavior requires a code change, a pull request, and a review.
Built different
Every parent-to-parent connection requires a full Diffie-Hellman key exchange. The shared hash is verified out of band — QR code or voice confirmation. No MITM possible.
Messages are filtered synchronously before they're committed to the database. Grooming patterns, contact sharing, age-inappropriate content — blocked, not retroactively flagged.
PASETO v4 symmetric tokens eliminate the "algorithm confusion" attacks that plague JWT. Session keys are rotated. Tokens expire. Kids and parents have separate, scoped tokens.
Every flagged message is queued and delivered on the schedule defined by the child's tier — real-time for Cubs, hourly for Explorers, 4-hour for Pioneers. Opt-in for Pathfinders.
No telemetry. No analytics. No third-party SDKs phoning home. Glustic runs entirely on your hardware. Your family's data never leaves your server.
The mobile app encrypts all stored tokens and session data with AES-256-GCM before writing to the device keychain. The in-memory key is non-extractable and wiped on background.
Glustic Link
LoRa mesh support means your kids can still reach you when the power's out, the WiFi's down, or you're somewhere off the grid.
Cryptography
Self-host
Runs on any Linux VPS, Raspberry Pi, or home server. Requires Docker. Handles TLS, migrations, and key generation automatically.
Mobile
The apps discover your self-hosted server automatically from your email domain. AES-256-GCM vault, biometric unlock, push notifications, LoRa device provisioning via BLE.
Ready-to-run hardware
Don't want to wrestle with Docker and DNS? We ship pre-built kits with everything configured — just power them on.
Your family's private server — pre-loaded, pre-configured, and ready to run the moment you plug it in.
The off-grid radio. Drop one in your kid's bag — they can reach you even when WiFi and cellular are gone.
We'll email you when pre-orders open. No spam — one email, that's it.
FAQ
The server, database schema, and cryptography are production-grade. The content filter interface is stable — swapping in a real classifier does not require changes to the messaging service. Three things to wire in before going live:
1. Toxicity / profanity classifier
AZURE_CONTENT_SAFETY_KEY + AZURE_CONTENT_SAFETY_ENDPOINT in your .env.PERSPECTIVE_API_KEY. Hook already exists in internal/content/perspective.go.2. CSAM detection (required before any public deployment)
3. Term list review
The placeholder term lists in internal/content/filter.go are illustrative only. Have a child-safety specialist review and expand them quarterly — or replace with one of the classifiers above.