ApenGames OÜ · Family Organizer
Privacy Policy
This is a family organizer: a shared calendar, tasks, shopping lists, in-app chat (with photos), announcements, house notes, contacts, a “Vault” for your secrets, and household-helper roles (nanny, driver, tutor, and so on) with granular privacy and instant revoke.
01 In short
We collect the minimum data needed to run the service. We do not sell your data, we do not show ads, and we do not profile users. The app does not collect your device location or GPS.
02 Data we process
- Account: email address, display name, and password (stored hashed by our authentication provider — we never see it in plaintext). Email confirmation is required.
- Family data you enter:
- names and profiles of family members, including child profiles and a per-child “care note”. This note may contain sensitive information — allergies, an emergency contact, instructions — that you choose to enter;
- calendar events, tasks, shopping lists, house notes, announcements, and contacts;
- Vault entries (passwords or notes you add there).
- Chat: messages and attached photos.
- Helpers: helper role, visibility settings (what is shared with them), shift notes, and the helper’s personal “busy blocks”.
- Technical data: a device token for push notifications, and app crash diagnostics. Crash reports contain no personal data — technical error information only.
03 Legal bases and purposes
We process data to:
- provide and operate the service (performance of a contract — our terms with you);
- send notifications you have enabled (your consent);
- keep the service secure and prevent abuse (legitimate interests and compliance with law).
For EU/EEA users these correspond to GDPR Article 6. Withdrawing consent (for example, for notifications) does not affect processing that is necessary to provide the service.
04 Where data is stored
We use the following processors, each receiving only what is necessary for its function:
- Supabase (EU region, Frankfurt, Germany) — database, file storage, and authentication;
- Google Firebase Cloud Messaging — push notifications;
- Firebase Crashlytics — crash diagnostics (technical information only);
- Resend — transactional email (email confirmation, password reset).
Where a processor transfers data outside the EU/EEA, such transfers rely on appropriate safeguards (for example, Standard Contractual Clauses).
05 Privacy within the family and helpers
A core feature of the service is granular privacy:
- a helper sees only what the parent or owner has explicitly shared;
- helpers are siloed from one another — they cannot see other helpers’ data;
- financial and private records (including the Vault) are never visible to helpers;
- a helper’s access can be revoked instantly.
The parent controls what each family member and each helper can see.
06 Who we share data with
- We do not sell or rent your data.
- We do not show ads and do not profile users.
- We do not share data with third parties other than the processors listed in Section 04, and where required by law (for example, a valid, lawful request from a competent authority).
07 Retention and deletion
- Data is retained while your account exists.
- You can delete your account in the app (Settings → Delete account). This deletes your data; if you are the sole adult in the family, the entire family and its data are deleted, including child profiles.
- After deletion, data may persist in backups until they are rotated (overwritten) in the ordinary course.
08 Your rights
Depending on applicable law, you have the right to access your data; correct inaccurate data; delete your data (including via account deletion); withdraw consent previously given; and restrict or object to processing, and to data portability — to the extent provided by applicable law (Estonia / GDPR for the EU/EEA). You may also lodge a complaint with a supervisory authority (in the EU, your local data protection authority).
Send requests to info@apliom.com.
09 Security
- Access is restricted at the database level: Row-Level Security (deny-by-default plus per-row policies), with writes performed only through controlled server procedures;
- access to Vault records is further restricted;
- data is encrypted in transit (TLS).
No internet service can be guaranteed 100% secure, but we apply reasonable technical and organizational measures.
10 Children
Accounts are created and managed by adults (parents or guardians). Minors cannot register themselves. Child profiles are created and populated by the parent. See our separate Children’s Data Notice for details, including our parental-consent model and COPPA considerations.
11 Changes
We may update this policy. We will notify you in the app of material changes.
12 Contact
For any privacy questions or data requests, contact info@apliom.com.