How Policies Are Evaluated
Evaluation Order
When the AI produces detections for a screenshot, the system evaluates policies in this order:
- Child-specific policy — If the child has a policy assigned directly, it’s used
- Family default policy — If no child-specific policy exists, the family default is used
- No policy — If neither exists, detections are logged as activities but no alerts are created
Only one policy is evaluated per screenshot — the first match in the hierarchy above.
Rule Matching
For each detection from the AI:
- The detection’s category is matched against the policy’s rules
- If a rule exists for that category and is enabled, it triggers
- The rule’s action determines what happens:
immediate_alert→ Creates an alert and sends an email immediatelydigest→ Creates an alert included in the daily digestsilent_log→ No alert created (detection is still in the activity log)
Confidence Thresholds
The AI assigns a confidence score (0.0–1.0) to each detection. The system uses a two-tier approach:
| Confidence | Handling |
|---|---|
| Below 0.30 | Discarded — the AI is confident this is a false positive |
| 0.30 – 0.75 | Escalated to a more thorough AI model for a second opinion |
| Above 0.75 | Accepted — the AI is confident this is a genuine detection |
This two-tier system (fast triage + thorough escalation) minimises both false positives and false negatives.
Alert Deduplication
To prevent alert fatigue, the system deduplicates alerts:
- Same category + child + device within 30 minutes → only one alert
- If an existing open/acknowledged alert matches, the new detection is skipped
- A unique dedup key is generated from child ID + device ID + category
This means a child browsing the same problematic site for 20 minutes generates one alert, not 40.
Last updated on