FamilyBoard Privacy Policy
Last updated: [EFFECTIVE_DATE]
App: FamilyBoard (bundle id io.familyboard.app)
Data controller: [COMPANY_LEGAL_NAME], [COMPANY_REGISTERED_ADDRESS]
Contact: [PRIVACY_CONTACT_EMAIL]
Data Protection Officer (if appointed): [DPO_NAME_OR_REMOVE]
This Privacy Policy explains what personal data FamilyBoard (the "App") collects from you and the members of your family, why we collect it, who we share it with, how long we keep it, and what rights you have. We have tried to write this in plain language. If anything is unclear, please email [PRIVACY_CONTACT_EMAIL] and we will do our best to explain.
FamilyBoard is a shared family calendar with AI-assisted event entry. It lets family members create and share events, hand tasks off to each other, and publish bookable-slot links. Because the product is built around a family unit, some data you enter will be visible to other members of your family group by design.
1. What personal data we collect
We try to collect only what we need to run the service. Specifically:
Account data
- Name (or the display name you choose)
- Email address
- Password (stored only as a salted hash by our auth provider; we never see your plaintext password)
- If you sign in with Apple: the opaque Apple user identifier and, optionally, the relay email address Apple provides
- Profile photo (optional)
- Family group identifiers and your role inside that group (e.g. parent, child, caregiver)
Calendar and productivity data
- Events you create or that are created for you: title, notes, location, start and end times, attendees, attachments, recurrence rules
- Tasks, handoffs, and who they are assigned to
- Bookable-slot share links you create and the responses people submit to them
AI inputs
- Voice recordings you submit for event extraction
- Photos you submit for event extraction (for example, a photo of a school flyer or invite)
- Free-text prompts you submit for event extraction
- The structured events that the AI extracts from the above
Device and technical data
- Device model, OS version, app version, language, time zone
- Crash logs and diagnostic traces
- Apple Push Notification service (APNs) device tokens for iOS; Firebase Cloud Messaging (FCM) registration tokens for Android
Purchase data
- In-app purchase receipts and subscription status (provided by Apple or Google and relayed through RevenueCat)
- We do not receive or store your credit card number. Payment is handled entirely by Apple or Google.
Support data
- Any messages, screenshots, or logs you voluntarily send us when contacting support
2. How we use your data, and our legal basis under GDPR
Under the UK GDPR and EU GDPR we must tell you the legal basis we rely on for each purpose. The primary bases we use are (a) performance of a contract with you, (b) our legitimate interests, (c) your consent where required, and (d) compliance with a legal obligation.
| Purpose | Data used | Legal basis |
|---|---|---|
| Create and maintain your account and family group | Account data | Contract |
| Sync calendar events and handoffs across family members' devices | Calendar and productivity data | Contract |
| Extract events from your voice, photos, or text using AI | AI inputs | Contract (you asked us to do it) |
| Send push notifications for reminders, handoffs, and share-link responses | Push tokens | Contract; consent for marketing push |
| Process subscriptions and entitlements | Purchase data | Contract |
| Prevent abuse, fraud, and misuse | Account and technical data | Legitimate interest |
| Diagnose crashes and improve reliability | Technical data | Legitimate interest |
| Respond to your support requests | Support data | Contract; legitimate interest |
| Comply with tax, accounting, and law-enforcement obligations | Relevant subset | Legal obligation |
| Send optional product marketing email | Email, preferences | Consent (you can withdraw any time) |
We do not sell your personal data. We do not use it for behavioural advertising.
3. AI processing
When you submit a voice recording, a photo, or a text prompt for event extraction, the content is sent to OpenAI as our data processor so it can return a structured draft event (title, date, time, location, attendees). We do not let OpenAI use your content to train their general models; we rely on the zero-retention/no-training commitments available to API customers and confirm these in our processor agreement.
AI output is a draft. It can be wrong. You always see the draft before it is saved to your calendar, and you can edit or discard it.
4. Sub-processors we rely on
We use the following third-party processors to run the service. Each is contractually bound to protect your data.
| Processor | Role | Location |
|---|---|---|
| Supabase | Database, authentication, file storage for uploaded photos, server APIs | [SUPABASE_REGION] |
| OpenAI | AI event extraction from voice, photos, and text | United States |
| RevenueCat | Subscription state and receipt validation | United States |
| Apple Inc. | iOS App Store distribution, in-app purchase billing, Sign in with Apple, APNs push delivery | United States / Ireland |
| Google LLC | Google Play distribution, Play Billing, FCM push delivery (Android release) | United States |
| [EMAIL_PROVIDER, e.g. Postmark / Resend] | Transactional email (verification, password reset, share-link notifications) | [EMAIL_PROVIDER_REGION] |
| [ANALYTICS_OR_CRASH_PROVIDER_OR_REMOVE] | Crash and diagnostic reporting | [REGION] |
A current list of sub-processors is maintained at [SUBPROCESSOR_PAGE_URL].
5. International data transfers
Our primary infrastructure is hosted in [PRIMARY_HOSTING_REGION]. Some of our processors, notably OpenAI, RevenueCat, Apple, and Google, are based in the United States or process data there. When personal data leaves the UK or the EEA, we rely on one or more of the following transfer mechanisms:
- The European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum
- The EU-US Data Privacy Framework and its UK Extension, where the receiving organisation is certified
- Your explicit consent, where no other mechanism is available and the transfer is necessary to provide a feature you requested
6. Children's data
FamilyBoard is designed to be used by families that include children. We take children's privacy seriously.
Minimum age to hold an account. A person must be at least 13 years old to create their own FamilyBoard account in the United States and most non-EEA countries, and at least 16 years old in the EEA and the United Kingdom, unless local law sets a different age of digital consent and we have verified parental consent.
Children under the minimum age. Children below the applicable minimum age must only appear in FamilyBoard as a managed family member added by a parent or legal guardian. Managed child profiles do not have their own login, do not receive marketing communications, and have reduced data collection (no voice uploads, no AI photo uploads, and no independent share-link creation unless a parent turns those features on).
COPPA (United States). For users in the United States, FamilyBoard complies with the Children's Online Privacy Protection Act. We do not knowingly collect personal information directly from a child under 13. If a parent adds a child under 13 as a managed family member, the parent provides verifiable consent on the child's behalf through the in-app parental consent flow. Parents can review, export, or delete the child's data at any time from Settings > Family > [child's name]. To contact us about a child's data, email [PRIVACY_CONTACT_EMAIL].
GDPR-K (EEA / UK). In jurisdictions where the age of digital consent is 16 (or whatever local law sets), we rely on the holder of parental responsibility to give or authorise consent for the processing of a child's data.
Discovery of an underage account. If we learn that a user below the applicable age created their own account without parental consent, we will suspend the account and delete the associated personal data.
7. Data retention
We keep personal data only as long as we need to.
- Account data is retained while your account is active. When you delete your account, we remove it from production systems within 30 days and from encrypted backups within a further 60 days.
- Calendar events, tasks, and handoffs are retained while your account is active and for a short grace period after deletion to let co-members recover shared events. Events in a shared family group are deleted only when all members have left or deleted their accounts.
- Voice recordings and uploaded photos submitted for AI extraction are kept only as long as we need to return the draft event and to let you re-run the extraction. You can delete them at any time. We purge them automatically after [AI_INPUT_RETENTION_DAYS, e.g. 30] days.
- Push tokens are deleted when you uninstall the app or disable notifications.
- Purchase receipts and subscription records are retained for as long as required by tax and accounting law, typically [FINANCIAL_RETENTION_YEARS, e.g. 7] years.
- Support messages are retained for [SUPPORT_RETENTION_MONTHS, e.g. 24] months.
- Server access logs are retained for up to 90 days for security and abuse investigation.
8. How we secure your data
We use industry-standard safeguards, including encryption in transit (TLS), encryption at rest for databases and stored files, row-level security policies so one family cannot read another family's data, hashed passwords, short-lived access tokens, audit logging for administrative actions, and least-privilege access controls for our staff.
No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant regulator as required by law.
9. Your rights
Depending on where you live, you have some or all of the following rights over your personal data:
- Access — get a copy of the personal data we hold about you
- Rectification — correct data that is wrong or incomplete
- Erasure — have your data deleted ("right to be forgotten")
- Portability — receive your data in a machine-readable format and, where technically possible, have it sent to another service
- Objection — object to processing we carry out on the basis of legitimate interests
- Restriction — ask us to pause processing while a dispute is resolved
- Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing
- Complain — lodge a complaint with your local data protection authority (for example, the UK ICO or your EEA Member State's supervisory authority)
How to exercise your rights
You can do most of this yourself inside the app:
- Access and portability — tap Settings > Privacy > Export my data to download a JSON export of your account, events, tasks, handoffs, and share links.
- Rectification — edit your profile and events directly in the app.
- Erasure — tap Settings > Account > Delete my account. This removes your account, your personal events, your voice and photo uploads, and any share links you own. Events that are shared with your family group continue to exist for other members unless they also delete them.
For anything else, email [PRIVACY_CONTACT_EMAIL] with the subject "Privacy request". We will respond within 30 days. We may ask you to verify your identity before we act.
10. Cookies and similar technologies
The FamilyBoard mobile app does not use cookies. It uses a secure, first-party authentication token stored in the device keychain to keep you signed in.
If we host a companion web page for a bookable share link at [SHARE_LINK_WEB_HOST], that page uses strictly necessary cookies and local storage to show the availability calendar and submit a booking. It does not use advertising or analytics cookies. A cookie notice is shown on first visit where required by law.
11. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make a material change we will notify you inside the app and, where we have your email address, by email, before the change takes effect. The "Last updated" date at the top always reflects the current version. Superseded versions are archived at [POLICY_ARCHIVE_URL].
13. Contact us
- Email: [PRIVACY_CONTACT_EMAIL]
- Postal address: [COMPANY_LEGAL_NAME], [COMPANY_REGISTERED_ADDRESS]
- EU representative (Art. 27 GDPR), if applicable: [EU_REPRESENTATIVE_NAME_AND_ADDRESS_OR_REMOVE]
- UK representative, if applicable: [UK_REPRESENTATIVE_NAME_AND_ADDRESS_OR_REMOVE]