Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using Family Flow:

• Account information: name, email address, and password
• Family profile information: family member names, roles, and preferences
• Calendar data: events, schedules, appointments, and reminders
• Chore and task information: assignments, completion status, and rewards
• Communication preferences and notification settings
• Payment information (processed securely by Stripe)

1.2 Information Collected Automatically

When you access Family Flow, we automatically collect:

• Device information: browser type, operating system, device identifiers
• Usage data: features accessed, time spent, interaction patterns
• Log data: IP address, access times, pages viewed
• Cookies and similar tracking technologies (see our Cookie Policy)

1.3 Information from Third-Party Services

When you connect external calendars, we receive:

• Google Calendar: event data, calendar names, time zones, and sharing settings
• Apple Calendar: event data and calendar information

We only access calendar data necessary to provide synchronization features. See Section 9 for detailed information about our Google Calendar integration.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve Family Flow services
• Process transactions and send related information
• Send notifications, updates, and administrative messages
• Provide smart features including intelligent scheduling and wellness insights
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

3. Smart Features

Family Flow uses intelligent technology to provide enhanced features:

• Natural language processing for event creation and scheduling
• Pattern recognition to learn your family's routines
• Wellness score calculations based on schedule analysis
• Smart suggestions for conflict prevention and optimization

AI processing is performed by OpenAI under strict data processing agreements. Your data is not used to train AI models.

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share information with:

• Service providers who assist in operating our platform (Supabase, Vercel, OpenAI, Stripe)
• Calendar services you choose to connect (Google, Apple)
• Law enforcement when required by law or to protect rights and safety
• Business successors in the event of a merger, acquisition, or sale

All service providers are bound by data processing agreements and confidentiality obligations.

5. Data Security

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Employee access restrictions and training

While we strive to protect your information, no method of transmission over the Internet is 100% secure.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services.

• Account data: Retained until account deletion
• Transaction records: Retained for 90 days after account deletion for legal and accounting purposes
• Usage logs: Retained for up to 12 months

Upon account deletion, all personal data is permanently removed from our systems immediately, except for transaction records retained for the period specified above.

7. Your Rights and Choices

You have the right to:

• Access your personal information
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Export your data in a portable format
• Opt-out of marketing communications
• Disconnect third-party calendar integrations at any time

To exercise these rights, visit your account settings or contact us at privacy@familyflowai.com.

8. Children's Privacy

Family Flow is designed for family use, including features for children. However:

• Children under 13 do not create their own accounts
• Children access Family Flow through parent-controlled family accounts
• Parents manage all data associated with their children's profiles
• We do not knowingly collect personal information directly from children under 13

Parents can review, modify, or delete their children's information through their account settings.

9. Google Calendar Integration and Google API Services

Family Flow integrates with Google Calendar to provide bi-directional calendar synchronization. This section describes how we handle data obtained through Google APIs in compliance with Google's API Services User Data Policy.

9.1 Data We Access

When you connect your Google Calendar to Family Flow, we request access to the following scopes:

• https://www.googleapis.com/auth/calendar - To read and write calendar events and access calendar metadata
• https://www.googleapis.com/auth/calendar.events - To manage calendar events for synchronization

9.2 How We Use Google Calendar Data

We use Google Calendar data solely to:

• Import your existing Google Calendar events into Family Flow
• Create events in your Google Calendar when you add events in Family Flow
• Keep your calendars synchronized when changes are made in either platform
• Display a unified view of your family's schedule

9.3 Google API Services User Data Policy Compliance (Limited Use Disclosure)

Family Flow's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google Calendar data to provide and improve the calendar synchronization features you have requested
• We do not use Google Calendar data for advertising purposes
• We do not sell Google Calendar data to third parties
• We do not use Google Calendar data to determine creditworthiness or for lending purposes
• We do not transfer Google Calendar data to third parties except: (a) as necessary to provide and improve our services (e.g., secure cloud hosting), (b) with your explicit consent, (c) as required by law, or (d) for security purposes
• Humans do not read your Google Calendar data except: (a) with your explicit consent, (b) as necessary for security purposes (investigating abuse or security incidents), or (c) to comply with applicable law

9.4 Revoking Google Calendar Access

You can disconnect Google Calendar from Family Flow at any time by:

• Going to Settings → Integrations within Family Flow and clicking "Disconnect"
• Visiting your Google Account permissions at https://myaccount.google.com/permissions and removing Family Flow's access

When you disconnect, we will immediately revoke our access to your Google Calendar by calling Google's token revocation endpoint, delete your stored Google OAuth tokens, and stop accessing your Google Calendar data. Previously synchronized events will remain in Family Flow unless you delete them.

10. Third-Party Data Processors

We share data with the following service providers under data processing agreements (DPAs) that require them to protect your data and use it only as instructed by us:

All processors are bound by contractual obligations to protect your data. For GDPR purposes, these transfers are covered under Standard Contractual Clauses (SCCs) where applicable.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the new policy on our website
• Sending an email notification
• Displaying a notice within the application

Your continued use of Family Flow after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us: