This policy explains what data Family Habits collects, how we use it, who we share it with, and the choices you have.
1. Who we are
“Family Habits” (“we”, “us”, “our”) is a family habit-tracking service. The account holder is a parent or guardian (the “Parent”); children do not interact with the Service directly.
2. Information we collect
We collect information in three buckets:
- Account information you give us. Name, nickname, email address, password (stored hashed), family name, timezone, and notification preferences.
- Family content you create.Children’s names, avatars, optional birthdates, the habits and rewards you define, and the points/transactions you record.
- Service-operation data. Authentication sessions, IP address (for security and rate limiting), browser/user-agent string, basic usage events (e.g., page loads), and any error reports your app sends us.
- Payment information. If you start a paid plan, our payment processor (Stripe) collects and stores your card details directly. We never see or store your card number — we only store the customer/subscription identifiers Stripe gives us.
3. How we use it
We use the information above to:
- Operate the Service (display your data, sync across devices).
- Authenticate you and protect your account.
- Process subscriptions, send transactional emails (sign-up confirmations, password resets, invites, the weekly digest if opted in), and respond to support requests.
- Diagnose problems, prevent abuse, and improve the Service.
- Comply with legal obligations.
What we do not do: we do not sell personal information, we do not run third-party advertising, and we do not use Family Data to train artificial-intelligence models.
4. Children’s data
Family Habits is designed for parents to record habit and reward information about their own children. Children themselves do not create accounts, do not log in, and do not interact with the Service beyond viewing the read-only kiosk display the Parent configures.
The information about children that we store (name, optional birthdate, avatar, transactions) is provided directly by the Parent. We treat this information as sensitive and:
- do not market to or about children;
- do not sell or share children’s information for advertising or any other commercial purpose;
- retain children’s information only as long as the Parent’s family account is active, plus a short backup window.
Parents can edit or delete a child’s record at any time from the admin area. If you have questions or want us to delete a child’s data on your behalf, contact us at the email below.
5. How we share information
We share information only with the third-party providers we use to operate the Service, and only to the extent needed for them to provide their service to us:
- Supabase — database hosting, authentication, and file storage.
- Stripe — payment processing and subscription management.
- Resend — transactional and weekly-digest email delivery.
- Vercel — application hosting and content delivery.
Each of these providers is bound by their own privacy commitments and contractual obligations to safeguard the data we entrust to them. We do not share information for marketing, advertising, or analytics outside what these providers need to operate.
We may also disclose information when required by law (e.g., a valid court order), to protect our rights or the safety of users, or in connection with a merger, acquisition, or sale of assets — in which case any successor will be bound by this policy or a successor with equivalent protections.
6. Cookies & similar technologies
We use cookies and equivalent local-storage mechanisms strictly to operate the Service: keeping you signed in, remembering preferences like timezone, and identifying paired kiosks. We do not use third-party advertising or cross-site tracking cookies.
7. Security
We use industry-standard practices to protect your data: TLS-encrypted connections, encrypted storage, hashed passwords, scoped database access controls (Row Level Security), least-privilege service credentials, and regular dependency hygiene. No system is perfectly secure; we encourage you to use a strong, unique password and to enable two-factor authentication once it is available.
8. Data retention
We retain Family Data for as long as your account is active. If you delete your account, we delete or anonymize associated personal information within a reasonable period (typically 30 days), except for records we are legally required to keep (e.g., billing receipts) or that exist in routine encrypted backups for a limited rolling retention window.
9. Your rights
Subject to your jurisdiction, you may have the right to access, correct, export, or delete your personal information; to object to certain processing; or to withdraw consent. You can exercise most of these directly within the Service (your account page) or by emailing us. We will respond within the time required by applicable law.
For California residents (CCPA/CPRA):you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioural advertising.
For residents of the EEA, UK, or Switzerland (GDPR): the legal bases for our processing are (a) performance of our contract with you, (b) our legitimate interests in operating and improving the Service, (c) your consent (where required, e.g., the weekly digest), and (d) compliance with legal obligations. You may lodge a complaint with your local data-protection authority.
10. International transfers
Our service providers are located in the United States and may host, store, or process your data there. By using the Service from outside the United States, you consent to the transfer of your data to and processing in the United States, where data-protection laws may differ from those in your jurisdiction.
11. Changes to this policy
We may update this policy from time to time. When we make material changes we will post the new version, update the effective date, and ask you to re-accept on your next sign-in. We will not retroactively reduce the rights you have over information we already collected without notifying you.
12. Contact
Privacy questions or requests? Email us at hello@familyhabits.newculture.co. We aim to respond within 7 business days.