Privacy Policy

We collect the following categories of personal information when you use Family Day2Day: Account & Profile Data: Your name, email address, phone number, relation type (e.g. Parent, Child, Grandparent), and optional profile photo. Family Activity Data: Lists, tasks, shopping items, calendar events, chat messages, point transactions, and reward redemptions you create or trigger within the app. Authentication Data: Passwords stored as one-way cryptographic hashes (bcrypt) — never in plaintext. If you sign in with Google, we receive your name and email from Google only. Device & Technical Data: Expo push notification tokens (device identifiers used to deliver push notifications on iOS and Android), your browser's localStorage data (for web offline access), and your approximate country derived from your IP address when your family account is first created. Communications: Your email address is used to send the notifications you configure in Settings.

We use the information we collect to: • Authenticate you and maintain your session across devices • Sync your family's lists, tasks, calendar, and chat across all devices • Send email notifications and reminders you configure in Settings • Send push notifications for task assignments, approvals, and digests • Power the Dewey AI assistant and receipt scanner (see Section 3) • Determine your approximate country for regional compliance and internal analytics • Provide technical support and diagnose issues • Comply with applicable laws and respond to lawful requests We do not sell, rent, or share your personal data with any third party for advertising or marketing purposes.

Family Day2Day includes an AI assistant named Dewey and a receipt scanning feature, both powered by Claude — an AI model developed by Anthropic, PBC ("Anthropic"). What data is sent to Anthropic: When you use Dewey or the receipt scanner, we transmit to Anthropic's API your message or voice input, your family's list names, task text, due dates, member names (for context), and receipt images (for the scanner). How Anthropic uses it: Anthropic processes this data solely to generate a response. Per Anthropic's API usage policy, data submitted via their API is not used to train Anthropic's AI models. Anthropic's privacy policy is available at anthropic.com/privacy. Important limitation: AI-generated responses may be inaccurate or incomplete. Do not rely on Dewey for medical, legal, financial, safety-critical, or any other high-stakes decisions.

We use the following third-party services to operate Family Day2Day. Each processes your data only as necessary to provide its function: • Neon (neon.tech) — Cloud PostgreSQL database where all family data is stored • Vercel (vercel.com) — Application hosting and serverless API • Anthropic (anthropic.com) — AI model API (Claude) for Dewey and receipt scanning • Resend (resend.com) — Transactional email delivery • Google (google.com) — Sign-in with Google (name and email only; no Drive, contacts, or other Google services are accessed) • Expo / Expo Push (expo.dev) — Push notification delivery for iOS and Android • ip-api.com — IP geolocation used to determine your approximate country at account creation only; no personal data is retained by this service beyond the query response We will enter into Data Processing Agreements with these processors as required by applicable law, including GDPR.

If you enable push notifications, we store an Expo Push Token — a device identifier generated by Expo — on our server, associated with your family and member record. This token is used solely to deliver the push notifications you have enabled (task assignments, approvals, reward redemptions, and daily digests). You can disable push notifications at any time in your device's system settings or in the app's Notification Settings.

The web version of Family Day2Day uses your browser's localStorage to cache your family data for offline access. No third-party tracking cookies, advertising pixels, or analytics SDKs that set cookies are used. If you clear your browser's localStorage, you will need to sign in again.

Minimum age: Family Day2Day is intended for users 13 and older. The App is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13. Teens (13–17): Users between 13 and 17 represent that a parent or legal guardian has reviewed our Terms of Use and this Privacy Policy and consents to their use of the App. Discovery and removal: If you are a parent or guardian and you believe that a user under 13 has created an account or been added as a family member, please contact us at the address in Section 13. We will verify, remove the account, and delete the associated personal information from our primary database within 30 days and from any backups within 90 days. We will also delete any data collected from the user in question. What "personal information" means in this section: name, email address, phone number, photo, device push token, IP address, and any chat or task content the user has created.

Family Day2Day is operated from the United States. All family data is stored on servers located in the United States (Neon and Vercel). AI queries are processed in the United States (Anthropic). Email delivery is processed in the United States (Resend). If you access the app from the European Economic Area (EEA), United Kingdom, or another jurisdiction that restricts cross-border data transfers, your data will be transferred to and processed in the United States. For EEA and UK users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. We will ensure our sub-processors have appropriate safeguards in place.

Depending on where you live, you may have the following rights regarding your personal data: For all users: • Access — Request a copy of personal data we hold about you • Correction — Request correction of inaccurate data • Deletion — Request deletion of your account and associated data • Portability — Request an export of your data in a machine-readable format Additional rights for EU/EEA/UK residents (GDPR/UK GDPR): • Restriction — Request that we restrict processing in certain circumstances • Objection — Object to processing based on legitimate interests • Withdraw consent — Where processing is consent-based, withdraw it at any time • Lodge a complaint with your local data protection supervisory authority Additional rights for California residents (CCPA/CPRA): See the California Privacy Rights section in our Terms of Use. To exercise any right, email contact@ksspsolutions.com with the subject "Privacy Request." We will respond within 30 days (or within the timeframe required by law in your jurisdiction).

We retain your family's data for as long as your family group is active on the platform. When you use "Leave Family" in the app, your local device session is cleared but the family's server-side data is retained (other family members may still be active). To request complete deletion of all data associated with your family from our servers, email us at the address in Section 13. Upon a verified deletion request we will permanently delete all family data — members, lists, tasks, calendar events, chat messages, notifications, points, and rewards — from our primary database within 30 days, and from any backups within 90 days. Data transmitted to Anthropic for AI processing is subject to Anthropic's own data retention policy.

We implement technical and organizational measures to protect your data, including: • TLS (HTTPS) encryption for all data in transit • Bcrypt hashing for all passwords — plaintext passwords are never stored • Rate limiting on authentication endpoints to prevent brute-force attacks • Server-side input validation and HTML escaping to prevent injection attacks • Access controls limiting which API routes can read or modify family data No method of electronic storage or transmission is completely secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR).

We may update this Privacy Policy periodically. For material changes — particularly those affecting how we process your personal data — we will provide notice within the app and update the effective date at the top of this page. Where required by law (including GDPR), material changes that affect data processing will require your affirmative acknowledgment before taking effect.

Family Day2Day is operated by KSSP Solutions Inc., based in California, USA. For privacy questions, data subject requests, or to report a concern: Email: contact@ksspsolutions.com Subject line: "Privacy Request" We will acknowledge your request within 72 hours and respond in full within 30 days (or within the timeframe required by applicable law in your jurisdiction).