F FamOwl

Privacy Policy

Privacy Policy

Version 2026-04-20. Effective 20 April 2026.

The short version. FamOwl is a family chores and rewards app. Only a parent has an account. Kids are "profiles" inside that parent's session — they never sign in themselves. We collect what's needed to run your household (mission titles, reward lists, activity log, optional proof photos, your email). We use Firebase (Google) to store it, RevenueCat to manage subscriptions, and OpenRouter to route requests to the AI assistant. We never sell your data, never show ads, never share anything with a third party for tracking. You can export, correct, or delete everything at any time, right inside the app.

Contents

  1. Who we are
  2. Scope of this policy
  3. What we collect
  4. How we use it
  5. Legal basis (GDPR)
  6. Who we share it with
  7. Children's data (COPPA, GDPR-K)
  8. The AI assistant
  9. Proof photos
  10. International transfers
  11. How long we keep data
  12. Security
  13. Your rights
  14. How to exercise your rights
  15. Changes to this policy
  16. Contact
  17. Regulators

1. Who we are

FamOwl (the "app," "we," "us") is operated by Simon Singh, a sole operator based in New Zealand. Simon Singh is the data controller for the purposes of the NZ Privacy Act 2020 and the UK/EU GDPR.

General contact: hello@famowl.app. Privacy, data-rights and legal contact: compliance@famowl.app.

2. Scope of this policy

This policy covers the FamOwl mobile application on iOS and Android, the account and subscription services that back it, and famowl.app and its subdomains. It does not cover any third-party site or service we link to — those operate under their own policies.

3. What we collect

3.1. From a parent, at sign-up

ItemWhere storedPurpose
Email addressFirebase AuthenticationLog in, reset password, send transactional email.
PasswordFirebase Authentication (salted + hashed, never in plaintext)Log in.
Display name you chooseCloud FirestoreShown in the app so the family knows who did what.
Accepted Terms and Privacy Policy versions, plus timestampsCloud FirestoreAudit record of consent.

3.2. About each kid profile you create

Kids never sign in to FamOwl themselves. When you add a kid profile, you — as the parent or legal guardian — provide the following on the child's behalf:

ItemWhere storedPurpose
Display name (first name, nickname, or whatever you pick)Cloud FirestoreLabel the profile in the app.
Optional avatar photoFirebase StorageDisplay in the app.
Optional avatar colourCloud FirestoreVisual theming.
Your guardian-consent record (your parent uid, the timestamp, the policy version you accepted)Cloud FirestoreOur audit that you authorised us to process this child's data.

We do not ask for or store dates of birth, legal names, school, home address, phone number, or any contact detail for a kid. Kid profiles cannot message or be messaged by anyone outside your household.

3.3. Usage data (created by using the app)

3.4. Diagnostic and analytics data (optional, opt-in)

If you flip Settings → Legal & privacy → "Share anonymous usage data" on, FamOwl sends Firebase Analytics a stream of product-interaction events (for example: paywall shown, mission created, reward redeemed). This is off by default. It never includes your kids' names, mission titles, reward titles, photo content, or AI prompts — we enforce this with a hard-coded allow-list in the app and a block-list on keys that look like names or URLs. Analytics is also force-disabled whenever a kid profile is active on-device.

Firebase Crashlytics collects anonymised crash reports (stack trace, device model, OS version). This is gated on the same analytics opt-in.

3.5. Purchase data

If you buy a FamOwl Premium subscription, Apple (or Google Play) processes the payment. We never see your payment card, bank details, or billing address. RevenueCat, our subscription-management provider, receives your anonymised app user id (your Firebase uid), the subscription SKU, and entitlement status. We use that data to unlock premium features.

3.6. What we don't collect

4. How we use it

We don't use your data to train AI models, build advertising profiles, or sell to data brokers.

If you're in the European Economic Area, the United Kingdom, or Switzerland, our legal bases under Article 6 GDPR are:

ProcessingBasis
Running the app for you, handling subscriptions, processing account dataPerformance of a contract (Art. 6(1)(b))
Processing your kids' data (names, optional photos, mission activity)Your consent as the parent / legal guardian, given at kid-profile creation (Art. 6(1)(a); Art. 8 for children's data)
The AI assistant (sending household context to OpenRouter)Your explicit opt-in consent in the AI consent sheet (Art. 6(1)(a))
Proof photos (upload + 30-day retention)Your explicit opt-in consent on first photo upload (Art. 6(1)(a))
Analytics and crash diagnosticsYour explicit opt-in in Settings (Art. 6(1)(a))
Security, abuse prevention, keeping legally-required recordsLegitimate interests (Art. 6(1)(f)) / legal obligation (Art. 6(1)(c))

You can withdraw any consent-based processing at any time in the app (Settings → Legal & privacy → Manage consents, or Delete my account). Withdrawing consent doesn't affect processing we did before you withdrew it.

6. Who we share it with

We work with a small set of service providers ("sub-processors") that process data on our instructions. We do not share your data with anyone else for any other purpose.

ProviderWhat they do for usWhere they store your data
Google (Firebase: Auth, Firestore, Storage, Cloud Functions, Analytics, Crashlytics, Remote Config)Hosts FamOwl's accounts, data, files, backend logic, and (if you opt in) analytics and crash reports.United States (with some Google-managed backups in other regions; see Firebase's privacy page).
OpenRouter, Inc. (only if you use the AI assistant)Routes your assistant prompts to the model that's cheapest and healthiest at the time. See section 8.United States.
Anthropic, Google AI, or OpenAI (downstream model providers, selected by OpenRouter)Generate the actual assistant response.United States.
RevenueCat, Inc.Manages auto-renewing subscriptions across Apple and Google billing.United States.
Apple / Google PlayProcesses your subscription payment. We receive only the purchase receipt, never your payment details.Varies by platform.
Expo (push notification service)Delivers push notifications when a kid finishes a mission, when a wish is proposed, etc.United States.
CloudflareHosts famowl.app (this site) and handles DNS/TLS.Global edge network; no user data routed through it.

Each of these providers is contractually obliged (either directly via a data-processing agreement we've signed, or through their standard DPA we've accepted) to only process your data on our instructions and to keep it secure.

We may disclose information if we're legally compelled to — for example, a court order. We will push back on overbroad requests and notify you unless a gag order forbids it.

We don't sell, rent, or trade your data. We never will.

7. Children's data (COPPA and GDPR-K)

FamOwl is intended for use by parents and legal guardians aged 18 or older. Kids do not have their own accounts and cannot sign up independently.

Parent verifiable consent

When you create a kid profile, you are telling us that you are the parent or legal guardian of that child and that you consent to us processing their name, optional avatar, and activity history for the purposes described in this policy. We record this consent (your parent uid + timestamp + the policy version) and store it alongside the kid's profile.

Under the US Children's Online Privacy Protection Act (COPPA), we treat the parent's signup (with a financial instrument tied to the App Store account and a captcha/email-verified login) plus explicit in-app guardian consent as verifiable parental consent for children under 13.

Under the EU/UK GDPR (GDPR-K), you are the lawful basis for our processing of your child's data until they reach the age where they can provide their own consent (13 to 16 depending on country).

Data minimisation for kids

We deliberately collect as little as possible about kids:

Your rights as a parent

You can, at any time, inside the app: (a) review every field stored about your kid, (b) edit or delete a kid profile, (c) download a machine-readable copy of your family's data, (d) delete your whole account. See section 13.

We will not knowingly accept kid sign-ups outside of the parent-mediated flow. If you believe a child has somehow created an account without their parent's consent, email compliance@famowl.app and we'll delete it promptly.

8. The AI assistant

FamOwl includes an AI assistant that helps the parent manage the household (for example: "Create a daily brushing mission for my 8-year-old"). It is a premium feature, disabled by default, and requires explicit opt-in on first use.

What we send to the AI

When you message the assistant, we send a condensed snapshot of your household to OpenRouter (which may route to Anthropic, Google, or OpenAI): your message, recent missions, rewards, wishes, activity, and — only if you've explicitly opted in — your kids' first names. By default kids appear as first initials only (for example, "A.").

We never send proof photos, avatars, email addresses, push tokens, subscription data, or data from outside your household.

Model training

OpenRouter is configured to route only to providers that do not train on your data by default. Anthropic, Google AI, and OpenAI all offer this no-training guarantee for API traffic on their enterprise/paid tiers. That said, we can't provide the same absolute guarantee we can for Firebase, because these are third-party processors with their own privacy policies. If training practices change, we will update this policy and re-prompt you for consent.

Limits and kill-switches

Free-tier households can send up to 3 AI messages per month; premium households up to 500 per month, with a hard 50-per-day cap as a safety rail. We can disable the assistant remotely without an app release (a global kill-switch) if OpenRouter, a downstream provider, or our infrastructure needs emergency maintenance.

Accuracy disclaimer

AI-generated responses can be wrong. You should review anything the assistant suggests (especially mission creation, point awards, or advice) before acting on it. The assistant is not a replacement for parenting judgement.

Turning it off

You can turn the assistant off at any time in Settings → Legal & privacy → Manage consents. Turning it off stops all future AI processing; past conversations remain in your account until you delete them.

9. Proof photos

You or your kid can optionally attach a photo to a completed mission ("look, I did it!"). These photos are:

We ask for explicit consent the first time you or a kid tries to attach a photo. You can also wipe every proof photo at once from Settings → Legal & privacy → Manage consents → Delete all proof photos.

We strongly recommend you don't use proof photos for anything you wouldn't be comfortable being in Google Cloud for up to 30 days — even though they're access-scoped to your household, nothing is invulnerable.

10. International transfers

FamOwl is operated from New Zealand. Your data is transferred to, stored in, and processed in the United States (Firebase, OpenRouter, RevenueCat, Expo). New Zealand's Privacy Act 2020 Information Privacy Principle 12 requires us to tell you this explicitly, and to take reasonable steps to ensure your data is still protected. We rely on:

If you are in the EEA or UK, we rely on the EU Commission's Standard Contractual Clauses (SCCs) or the UK Addendum as the lawful transfer mechanism for exports to providers outside the EEA.

11. How long we keep data

DataRetention
Your parent account (email + profile)Until you delete your account. Then: immediate hard delete.
Kid profiles + their mission activity + their balancesUntil you delete the kid profile or your whole account. Then: immediate hard delete.
Proof photos30 days after the mission is verified. Or immediately if you use "Delete all proof photos."
AI conversationsUntil you delete the conversation or your account.
Subscription + billing recordsRetained by Apple / Google / RevenueCat per their policies; we keep only the derived entitlement state.
Analytics events (Firebase)14 months, Firebase default.
Crashlytics reports90 days, Firebase default.
Firestore backupsRolling 30-day window.
Your correspondence with usUp to 2 years for support continuity; purged after that unless you opened a legal dispute.

12. Security

Security is a moving target. What we do today:

If we ever experience a breach that affects your data, we will notify you without undue delay and in any case within the legal timelines (72 hours for GDPR; "as soon as practicable" for the NZ Privacy Act). Notification will go to the email address on your account.

13. Your rights

Regardless of where you are, you can:

California and CCPA / CPRA

California residents have additional rights under the California Consumer Privacy Act as amended by the CPRA: the right to know what personal information we have collected about you, the right to request deletion, the right to correct inaccuracies, the right to opt out of "sale" or "sharing" of personal information (we don't sell or share for cross-context behavioural advertising), the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights. Submit any request to compliance@famowl.app; we verify your identity via the email on your account and respond within 45 days.

14. How to exercise your rights

The fastest route is inside the app. Every right above is a one-tap action in Settings → Legal & privacy.

If you prefer email: compliance@famowl.app. Include the email address on your FamOwl account so we can verify you. We respond within:

We don't charge for these requests. If a request is clearly excessive or repetitive, we may push back and ask you to narrow it.

15. Changes to this policy

We update this policy as the app changes or as laws change. Each new version has a bumped version string (see the top of this page). When we make a material change — for example, a new third-party processor, or a broader data-collection purpose — the FamOwl app will show you a re-consent modal on next launch so you can review and re-accept before continuing. Minor typographical changes happen silently.

Past versions are available on request.

16. Contact

17. Regulators

If you're unhappy with how we've handled your data and you don't feel we've resolved it, you can complain to your local data-protection authority. In particular:

We'd rather you talk to us first so we can fix things quickly.