Company · why Phosra exists

We build the rail. We don't own it.

Every parental control was a closed product — set in one app, gone in the next. So we built an open rail, then made sure we could never capture it.

Phosra is the reference implementer of OCSS — and one accredited network on it, never its owner. Like Yubico for FIDO2: we build the thing, not the standard.

Read the OCSS spec →See the governance posture →

11567 anchored / 48 provisionalrule categories

91across 7 jurisdictionschild-safety statutes mapped

1of the ≥3 a federation needsaccredited network we run

0steward held · Phosra, Inc.control we keep of the standard

OCSS = Open Child Safety Specification · Draft 4 — a pre-release individual IETF Internet-Draft, not a ratified standards-body output.Transfer to an independent foundation is proposed, not executed. Interim-steward designation due 2026-07-09.Succession publishes as an Ed25519-signed record (alg: ed25519), verifiable against the steward key.Building toward OCSS Certified — earned from the conformance suite, never a self-issued badge; conformance is evidence, not a compliance determination or safe harbor.Canonical spec, registry, and conformance suite live at openchildsafety.com — not here.

Built by Jake & Susannah Klinvex — five years on platform APIs at Mastercard, three companies founded and acquired, parents of five.

The problem we exist for

Every platform gap is a protection gap.

Children use an average of seven different apps and platforms a day. Each ships its own parental controls — different settings, different terminology, different enforcement. Most parents give up after configuring two or three.

The fragmentation

Seven systems, no shared meaning

A child with strict YouTube filters can still reach unfiltered content on the next app over. A bedtime enforced on one device doesn't apply to another. Without a shared wire format, “set it once” is impossible — every surface relitigates age logic from scratch.

The cost

Kids find the gaps first

Every gap between platforms is a gap a child finds faster than a parent can close it. Regulators see the same fragmentation from the other side: no consistent, verifiable record of what was enforced, where, or under which rule.

The approach

Define once. Enforce everywhere.

OCSS is an open specification and wire format for child safety. A parent-facing app integrates once with the conformant router; the router translates and enforces that policy across every connected surface — streaming locks, DNS-level filters, mobile device restrictions. One set of rules. Every platform. Always in sync.

The infrastructure playbook behind it — neutral wire formats, regulator-grade audit trails, multi-party signing — is borrowed straight from fintech, where the same pattern moved value between institutions that didn't trust each other and didn't need to.

Drafter, implementer, steward

We drafted it. That confers no ownership.

The honest version of our origin story, in three parts. Authoring a standard is history, not control — and we've built the governance so the distinction is checkable rather than rhetorical.

Now · implementer

We build the reference network

Today Phosra is the reference implementer of OCSS and runs one accredited network on it — the conformant router that carries one parental or statutory choice across DNS, MDM, routers, and app controls. Like Yubico for FIDO2: we build the thing, we don't control the standard.

Then · drafter

We wrote the first draft

Phosra authored the initial OCSS draft and filed it as an individual IETF Internet-Draft. That is a historical fact, not a title — drafting a standard confers no ownership of it, the same way the first author of an RFC doesn't own the protocol it became.

Next · steward

Transfer is proposed, not done

OCSS is governed toward an independent foundation. The steward of record is still “Phosra, Inc.” and the transfer status is “held” — we say so plainly, in a signed record, rather than implying a handoff that hasn't happened. The interim-steward designation is due 2026-07-09.

The asset is what we gave up

We engineered our own inability to capture it.

Not a promise — three properties you can check yourself. Two, our own code enforces against us.

Federation

Our own suite rates us RED alone

network = Phosra-only→RATES RED

The OCSS conformance suite flags a single point of capture — in our own code. Healthy means several accredited networks (target ≥3) cross-check one another.

Succession

Custody you can verify

alg: ed25519

sig:3b6f…steward-2026-06…d41a

Verify the signed record

Privacy

The router can't read the payload

{ header: { route_to, rule_category },   // router reads this
  payload: sealed(to: recipient_key) }   // router cannot

Capture-resistance in the wire format, not the policy.

None of this is ratified, and we don't pretend otherwise. OCSS is Draft 4 — a pre-release, individual IETF Internet-Draft, not a standards-body output. Phosra is building toward OCSS Certified — a status earned from the standard and its conformance suite, never a badge we issue ourselves. Conformance is evidence a regulator can weigh; it is not a compliance determination or a safe harbor. See the full posture →

Leadership

Built by parents who build platforms.

Operators, not first-timers — the numbers and logos below are the credential. We built Phosra because we needed it for our own five kids.

Jake & Susannah Klinvex

CEO & Founders

Three companies founded and acquired, and five years on platform infrastructure at Mastercard — the same neutral-wire, multi-party-signing playbook Phosra now applies to child safety.

We built it because we needed it: every parental control was a closed product, and a choice made in one app never carried to the next.

Companies Founded & Acquired

5 yrs

At Mastercard (Fintech Infrastructure)

IPO

Gloo (GLOO) — 2025

Previously at

Mastercard

SessionM

Gloo

Villanova University

Board & advisors

The people cross-checking us.

Steve Haggerty

Board Member

Advises Phosra on platform architecture, IoT infrastructure, and scaling enterprise deployments — the stats and logos below are the resume.

PhD

UC Berkeley Computer Science

3.3K+

Academic Citations

600+

Siemens Offices on Comfy

Previously at

Facebook

Siemens

UC Berkeley

Normal Software

Harvard

Help build the rail

Build on a standard nobody can capture.

Parental-control vendor, platform, regulator, or developer — integrate the same conformant router, and verify the standard itself at the source rather than taking our word for it.

See who Phosra is for →Read the OCSS spec →

The canonical spec, rule registry, and conformance suite live at openchildsafety.com — not here, so the standard can outlive any single vendor, including us.