Privacy Policy

Privacy Policy

Version 2026-04-20. Effective 20 April 2026.

1. Who we are

FamOwl (the "app," "we," "us") is operated by Simon Singh, a sole operator based in New Zealand. Simon Singh is the data controller for the purposes of the NZ Privacy Act 2020 and the UK/EU GDPR.

General contact: hello@famowl.app. Privacy, data-rights and legal contact: compliance@famowl.app.

2. Scope of this policy

This policy covers the FamOwl mobile application on iOS and Android, the account and subscription services that back it, and famowl.app and its subdomains. It does not cover any third-party site or service we link to — those operate under their own policies.

3. What we collect

3.1. From a parent, at sign-up

3.2. About each kid profile you create

Kids never sign in to FamOwl themselves. When you add a kid profile, you — as the parent or legal guardian — provide the following on the child's behalf:

We do not ask for or store dates of birth, legal names, school, home address, phone number, or any contact detail for a kid. Kid profiles cannot message or be messaged by anyone outside your household.

3.3. Usage data (created by using the app)

• Missions, rewards, wishes, badges, long-term projects, family calendar events, kid-set goals — the content you and your household create.
• Activity log — an append-only ledger of events ("X completed Y," "A verified B," "reward C redeemed"). Used to power the activity feed.
• Points balance and lifetime earned per kid, plus streak counters.
• Mission completion proof photos you or your household upload. See section 9.
• AI assistant conversations if you choose to use the premium AI assistant. See section 8.
• Push notification tokens, if you opt in to notifications.

3.4. Diagnostic and analytics data (optional, opt-in)

If you flip Settings → Legal & privacy → "Share anonymous usage data" on, FamOwl sends Firebase Analytics a stream of product-interaction events (for example: paywall shown, mission created, reward redeemed). This is off by default. It never includes your kids' names, mission titles, reward titles, photo content, or AI prompts — we enforce this with a hard-coded allow-list in the app and a block-list on keys that look like names or URLs. Analytics is also force-disabled whenever a kid profile is active on-device.

Firebase Crashlytics collects anonymised crash reports (stack trace, device model, OS version). This is gated on the same analytics opt-in.

3.5. Purchase data

If you buy a FamOwl Premium subscription, Apple (or Google Play) processes the payment. We never see your payment card, bank details, or billing address. RevenueCat, our subscription-management provider, receives your anonymised app user id (your Firebase uid), the subscription SKU, and entitlement status. We use that data to unlock premium features.

3.6. What we don't collect

• No advertising identifiers (IDFA, GAID). We will never display ads.
• No microphone, speech recognition, location, contacts, health or financial data.
• No third-party tracking SDKs, no behavioural profiling, no fingerprinting.
• No data about people outside your household.

4. How we use it

• To run the app — sign you in, sync your household's content between devices, compute points balances, send mission-completion push notifications.
• To process your subscription if you buy one.
• To answer your questions when you email us.
• To improve the app — only if you've opted in to analytics. We look at aggregate flows (how many parents complete onboarding, how often users hit the paywall), never individual accounts.
• To comply with legal obligations — respond to lawful data requests, keep records the law requires us to keep.
• To protect FamOwl from abuse — detect obvious misuse of the AI assistant (hard usage caps), prevent households from exceeding subscription limits.

We don't use your data to train AI models, build advertising profiles, or sell to data brokers.

5. Legal basis (GDPR / UK GDPR only)

If you're in the European Economic Area, the United Kingdom, or Switzerland, our legal bases under Article 6 GDPR are:

You can withdraw any consent-based processing at any time in the app (Settings → Legal & privacy → Manage consents, or Delete my account). Withdrawing consent doesn't affect processing we did before you withdrew it.

6. Who we share it with

We work with a small set of service providers ("sub-processors") that process data on our instructions. We do not share your data with anyone else for any other purpose.

Each of these providers is contractually obliged (either directly via a data-processing agreement we've signed, or through their standard DPA we've accepted) to only process your data on our instructions and to keep it secure.

We may disclose information if we're legally compelled to — for example, a court order. We will push back on overbroad requests and notify you unless a gag order forbids it.

We don't sell, rent, or trade your data. We never will.

7. Children's data (COPPA and GDPR-K)

FamOwl is intended for use by parents and legal guardians aged 18 or older. Kids do not have their own accounts and cannot sign up independently.

Parent verifiable consent

When you create a kid profile, you are telling us that you are the parent or legal guardian of that child and that you consent to us processing their name, optional avatar, and activity history for the purposes described in this policy. We record this consent (your parent uid + timestamp + the policy version) and store it alongside the kid's profile.

Under the US Children's Online Privacy Protection Act (COPPA), we treat the parent's signup (with a financial instrument tied to the App Store account and a captcha/email-verified login) plus explicit in-app guardian consent as verifiable parental consent for children under 13.

Under the EU/UK GDPR (GDPR-K), you are the lawful basis for our processing of your child's data until they reach the age where they can provide their own consent (13 to 16 depending on country).

Data minimisation for kids

We deliberately collect as little as possible about kids:

• No real name required — only the display name you pick.
• No date of birth, age, school, address, phone, email.
• No kid-to-kid or kid-to-stranger communication — every kid-visible surface is scoped to the parent's household.
• Kid names are replaced with first initials (for example, "A.") before any data is sent to the AI assistant, unless you explicitly opt in to sharing full names.
• Proof photos auto-delete 30 days after a mission is verified.

Your rights as a parent

You can, at any time, inside the app: (a) review every field stored about your kid, (b) edit or delete a kid profile, (c) download a machine-readable copy of your family's data, (d) delete your whole account. See section 13.

We will not knowingly accept kid sign-ups outside of the parent-mediated flow. If you believe a child has somehow created an account without their parent's consent, email compliance@famowl.app and we'll delete it promptly.

8. The AI assistant

FamOwl includes an AI assistant that helps the parent manage the household (for example: "Create a daily brushing mission for my 8-year-old"). It is a premium feature, disabled by default, and requires explicit opt-in on first use.

What we send to the AI

When you message the assistant, we send a condensed snapshot of your household to OpenRouter (which may route to Anthropic, Google, or OpenAI): your message, recent missions, rewards, wishes, activity, and — only if you've explicitly opted in — your kids' first names. By default kids appear as first initials only (for example, "A.").

We never send proof photos, avatars, email addresses, push tokens, subscription data, or data from outside your household.

Model training

OpenRouter is configured to route only to providers that do not train on your data by default. Anthropic, Google AI, and OpenAI all offer this no-training guarantee for API traffic on their enterprise/paid tiers. That said, we can't provide the same absolute guarantee we can for Firebase, because these are third-party processors with their own privacy policies. If training practices change, we will update this policy and re-prompt you for consent.

Limits and kill-switches

Free-tier households can send up to 3 AI messages per month; premium households up to 500 per month, with a hard 50-per-day cap as a safety rail. We can disable the assistant remotely without an app release (a global kill-switch) if OpenRouter, a downstream provider, or our infrastructure needs emergency maintenance.

Accuracy disclaimer

AI-generated responses can be wrong. You should review anything the assistant suggests (especially mission creation, point awards, or advice) before acting on it. The assistant is not a replacement for parenting judgement.

Turning it off

You can turn the assistant off at any time in Settings → Legal & privacy → Manage consents. Turning it off stops all future AI processing; past conversations remain in your account until you delete them.

9. Proof photos

You or your kid can optionally attach a photo to a completed mission ("look, I did it!"). These photos are:

• Uploaded to Firebase Storage in the United States, scoped to your household only.
• Accessible only to members of your household — no one else has read access, including us except when strictly necessary for debugging, and only on your written authorisation.
• Never sent to the AI assistant.
• Automatically deleted 30 days after the mission is verified, by a scheduled job that runs nightly.

We ask for explicit consent the first time you or a kid tries to attach a photo. You can also wipe every proof photo at once from Settings → Legal & privacy → Manage consents → Delete all proof photos.

We strongly recommend you don't use proof photos for anything you wouldn't be comfortable being in Google Cloud for up to 30 days — even though they're access-scoped to your household, nothing is invulnerable.

10. International transfers

FamOwl is operated from New Zealand. Your data is transferred to, stored in, and processed in the United States (Firebase, OpenRouter, RevenueCat, Expo). New Zealand's Privacy Act 2020 Information Privacy Principle 12 requires us to tell you this explicitly, and to take reasonable steps to ensure your data is still protected. We rely on:

• Google's and RevenueCat's standard data-processing agreements and their certifications under the EU–US Data Privacy Framework.
• NZ Privacy Act 2020 adequacy assessments for the US as a destination (accepting that protections differ and you acknowledge this transfer by using FamOwl).

If you are in the EEA or UK, we rely on the EU Commission's Standard Contractual Clauses (SCCs) or the UK Addendum as the lawful transfer mechanism for exports to providers outside the EEA.

11. How long we keep data

12. Security

Security is a moving target. What we do today:

• Every Firebase read and write is gated by server-side security rules that scope data to the owning household. There is no physical path for one household to read or write another household's data.
• Parent passwords are hashed by Firebase Authentication; we never see plaintext passwords.
• All traffic between your device and our backend is encrypted in transit (TLS 1.2+).
• Firebase encrypts data at rest in Google Cloud.
• API keys for third-party providers (OpenRouter, webhook secrets) are stored in Google Secret Manager and only accessed by our backend. They are never shipped in the mobile app.
• The AI assistant has automatic usage caps (3/month free, 500/month + 50/day premium) as a guard against abuse and runaway cost.
• We log and alert on anomalous backend activity.

If we ever experience a breach that affects your data, we will notify you without undue delay and in any case within the legal timelines (72 hours for GDPR; "as soon as practicable" for the NZ Privacy Act). Notification will go to the email address on your account.

13. Your rights

Regardless of where you are, you can:

• Access and download your data — in the app: Settings → Legal & privacy → Download my data. You get a JSON file covering your profile, your household's missions, rewards, activity, and every kid in your household. Other household members' private fields (email, push tokens) are stripped.
• Correct your data — edit your profile, household name, kid profiles, missions, rewards directly in the app.
• Delete your data — in the app: Settings → Legal & privacy → Delete my account. If you're the sole parent in the household, your entire household is immediately hard-deleted (missions, rewards, photos, kids, everything). If you share the household with a co-parent, your personal data is deleted and your authored-by fields are scrubbed. Deletion is immediate — no 14-day grace window.
• Withdraw consent — turn off the AI assistant, revoke share-names-with-AI, turn off analytics, delete all proof photos — all from Settings → Legal & privacy.
• Object to processing — email us at compliance@famowl.app and we'll sort it out.
• Data portability (GDPR Art. 20 / NZ IPP 7) — the "Download my data" export is a structured, commonly-used, machine-readable format.
• Lodge a complaint — see section 17.

California and CCPA / CPRA

California residents have additional rights under the California Consumer Privacy Act as amended by the CPRA: the right to know what personal information we have collected about you, the right to request deletion, the right to correct inaccuracies, the right to opt out of "sale" or "sharing" of personal information (we don't sell or share for cross-context behavioural advertising), the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights. Submit any request to compliance@famowl.app; we verify your identity via the email on your account and respond within 45 days.

14. How to exercise your rights

The fastest route is inside the app. Every right above is a one-tap action in Settings → Legal & privacy.

If you prefer email: compliance@famowl.app. Include the email address on your FamOwl account so we can verify you. We respond within:

• 20 working days (NZ Privacy Act 2020),
• 30 days (GDPR; extendable to 60 for complex requests),
• 45 days (CCPA; extendable to 90).

We don't charge for these requests. If a request is clearly excessive or repetitive, we may push back and ask you to narrow it.

15. Changes to this policy

We update this policy as the app changes or as laws change. Each new version has a bumped version string (see the top of this page). When we make a material change — for example, a new third-party processor, or a broader data-collection purpose — the FamOwl app will show you a re-consent modal on next launch so you can review and re-accept before continuing. Minor typographical changes happen silently.

Past versions are available on request.

16. Contact

• General support: hello@famowl.app
• Privacy, data-rights, legal: compliance@famowl.app
• Postal address: available on request by emailing compliance@famowl.app.

17. Regulators

If you're unhappy with how we've handled your data and you don't feel we've resolved it, you can complain to your local data-protection authority. In particular:

• New Zealand: Office of the Privacy Commissioner.
• United Kingdom: Information Commissioner's Office (ICO).
• EEA: your member-state supervisory authority (list on the EDPB website).
• California: the California Privacy Protection Agency.

We'd rather you talk to us first so we can fix things quickly.