Privacy Policy

FamilyDash (“FamilyDash,” “we,” “us”) is a shared family dashboard for chores, calendars, groceries, and meals. This policy explains what we collect, why, and the choices you have. Plain English; no dark patterns.

1. What we collect

When you sign up and use FamilyDash, we collect:

• Account info — your name and email address (from Google sign-in or magic-link sign-in via email).
• Household data you create — household name, member names and roles (parent / adult / child), child PINs, chores and chore completions, allowance and rewards, grocery items, meal plans, and saved recipes.
• Calendar feed URLs — when you connect an Apple, Outlook, or other calendar by ICS link, we store the feed URL and cache events from it.
• Google Calendar (opt-in, optional) — if you choose to connect your Google Calendar via the “Connect Google Calendar” button, we request the calendar.readonlyscope and store an OAuth refresh token on our servers (encrypted at rest in Supabase). We use this to list your Google calendars (so you can pick which to display) and to read events from the calendar(s) you select, then mirror them read-only into your FamilyDash dashboard. We never create, modify, or delete events in your Google Calendar. You can disconnect at any time from FamilyDash Settings, or by revoking access in your Google Account — the refresh token is deleted on disconnect. See the “Google user data” section below for our Limited Use commitment.
• Location for weather — the latitude/longitude you set (or accept as default) to fetch local weather and UV index.
• Third-party connections you authorize — Kroger OAuth tokens (when you connect a Kroger account for grocery delivery), Stripe customer and subscription identifiers (when you subscribe to FamilyDash Pro).
• Push notification subscription — if you enable reminders, we store the browser push endpoint for that device.
• Usage events — first-party analytics like which features you used and when, used to improve the product. We do not sell this data.
• Recipe images you upload — when you scan a recipe from a photo or social media link, the image is sent to OpenAI for text extraction and is not retained beyond the request.

2. How we use it

• To provide the FamilyDash service to you and your household.
• To sync your calendar feeds, weather, and grocery integrations.
• To send push notifications and event reminders you opt into.
• To process subscription payments (via Stripe).
• To improve the product and understand which features are valuable.
• To detect abuse and protect the service.

We do not sell your personal information. We do not run third-party advertising networks inside FamilyDash.

3. Children’s data

FamilyDash is designed for parents to share with their children inside their own household. Parents create child profiles and assign PIN-based access. We collect only the data you, as the parent, choose to enter — typically a child’s first name, age (optional), and chore/allowance activity. We do not collect any data directly from children outside the household account a parent controls. Parents can delete a child profile at any time from Settings.

FamilyDash is not directed to children under 13 as standalone users. The service is intended for use under the supervision of a parent or guardian who has agreed to these terms.

4. Service providers we share data with

We use the following providers to operate FamilyDash. Each receives only the data needed for its function:

• Vercel — application hosting and analytics.
• Supabase — database and storage.
• Google — sign-in (OAuth), and (if you opt in) Google Calendar API read-only access via the calendar.readonlyscope for the Family Calendar feature. See the “Google user data” section below.
• Resend — magic-link sign-in emails.
• Stripe — subscription billing. We never see or store your full card number.
• Kroger — only when you connect your Kroger account to send a grocery list to your cart.
• OpenAI— recipe scanning from images and links. Per OpenAI’s API terms, content sent through the API is not used to train their models.
• OpenWeatherMap and Open-Meteo — weather data. We send only the lat/lon you configured.
• Google Analytics — anonymized site analytics.

5. Google user data (Limited Use)

FamilyDash’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data we obtain through the https://www.googleapis.com/auth/calendar.readonly scope (the list of your Google calendars and the events in the calendars you choose to display) is used only to render your Google Calendar events inside the FamilyDash family dashboard. We do not transfer this data to anyone else except as needed to provide that feature (e.g. to our database host, Supabase, for the cache), and we do not transfer it to any third-party advertising or analytics service. We do not use this data for advertising. We do not use it to develop, improve, or train generalized AI / ML models. We do not allow humans to read your calendar data except (a) with your explicit consent for a specific purpose (such as troubleshooting), (b) for security investigations or to comply with applicable law, or (c) where the data has been aggregated and anonymized for internal operations.

You can revoke FamilyDash’s access to your Google Calendar at any time from your Google Account’s Third-party apps with account access page, or by disconnecting the calendar from FamilyDash Settings. Either action causes us to delete the stored OAuth refresh token and stop syncing events.

6. Data retention and deletion

We retain your data for as long as your account is active. You can delete your household and account at any time from Settings, or by emailing us at the address below. When you delete your account, we remove your data from our production database within 30 days. Encrypted backups are rotated within 90 days.

7. Security

We use TLS in transit, encrypted-at-rest databases, role-scoped access keys, and per-household data isolation. No system is perfectly secure; if we ever learn of a breach affecting your data, we will notify you promptly.

8. Your rights

Depending on where you live, you may have rights to access, correct, or delete your personal information, or to opt out of certain processing. You can exercise most of these rights from Settings, or by contacting us.

9. International users

FamilyDash is operated from the United States. If you use FamilyDash from outside the US, you understand your data will be processed in the US.

10. Changes to this policy

If we make material changes, we will update the effective date above and notify you in-app or by email. Continued use of FamilyDash after the changes means you accept the updated policy.

11. Contact

Questions, requests, or deletion: familydashapp@gmail.com.