Privacy Policy

1. Our Privacy Commitment

Fam Kit is built on a simple principle: technology should serve your family, not extract from it. We do not run ads, sell data, or use third-party trackers. This policy explains exactly what data we collect, why, and how we protect it. Fam Kit is operated by Victor Crispin (“we,” “us,” or “our”) and available at famkit.io.

2. Data We Collect

2a. Free Tier (No Account Required)

When you use Fam Kit without an account, we collect no personal data whatsoever. All app data (settings, saved content, progress) is stored exclusively in your browser's localStorage. This data never leaves your device and is not accessible to us.

2b. Cloud Sync & Family Plan (Account Required)

When you create an account and opt into Cloud Sync, we collect:

• Email address — For account authentication and critical service communications
• App data you choose to sync — Stored in our Supabase-hosted database with row-level security
• Billing information — Processed by our payment provider; we do not store credit card numbers

2c. What We Never Collect

• Location data
• Device fingerprints or advertising identifiers
• Browsing history outside of Fam Kit
• Social media profiles or contacts
• Data from children (see COPPA section below)

3. How We Use Your Data

If you create an account, your data is used exclusively to:

• Authenticate your identity and provide account access
• Sync your app data across devices when Cloud Sync is enabled
• Process subscription payments
• Send critical service notifications (e.g., password resets, billing issues)

We do not use your data for advertising, analytics profiling, or any purpose beyond delivering the Service.

4. AI-Powered Features

Some Fam Kit tools use AI (Google Gemini) to generate content like lesson plans, devotional prompts, and creative exercises. When you use these features, your prompt text is sent to Google's API for processing. We do not store your prompts or the AI responses on our servers beyond the immediate request. Google's use of this data is governed by their own privacy policy. AI-generated content is provided “as-is” — parents should always review AI output before sharing with children.

5. Third-Party Services

Fam Kit integrates with a minimal set of third-party services, only as needed to operate:

We do not integrate any advertising networks, social media pixels, or data brokers. Our analytics (OpenPanel) and email (Resend) are self-hosted on our own servers — your data never reaches a third-party analytics or email company.

Note on Sentry: Sentry is the one service where error data (including IP addresses and request context) is sent to Sentry's US-based servers. This is used exclusively for diagnosing bugs and crashes. Sentry's privacy policy is available at sentry.io/privacy. We plan to migrate to a self-hosted alternative in a future phase — see our infrastructure migration plan.

6. COPPA Compliance (Children's Privacy)

All Fam Kit apps can be used by children under parental supervision without creating an account. In this mode, all data stays in local browser storage and is never transmitted to any server.

Cloud Sync accounts may only be created by adults (18+). If a Family Plan includes children, the adult account holder is responsible for managing their data and consenting on their behalf.

If we discover that personal data from a child under 13 has been collected without verifiable parental consent, we will delete it immediately. Parents can contact us at hello@famkit.io to request deletion.

7. Data Security

We take reasonable measures to protect your data, including:

• All data transmitted over HTTPS/TLS encryption
• Supabase row-level security (RLS) ensuring users can only access their own data
• No plain-text password storage — all authentication handled via Supabase Auth
• Minimal data collection — we only store what is strictly necessary

No system is 100% secure. While we work to protect your data, we cannot guarantee absolute security.

8. Cookies & Local Storage

Fam Kit does not use tracking cookies or third-party cookies.

We use browser localStorage to save your app data locally. If you opt into Cloud Sync, a secure authentication token (cookie) is used to maintain your session. This is a functional, first-party cookie required for the Service to operate — not a tracking mechanism.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of all personal data we hold about you
• Delete — Request deletion of your account and all associated data
• Export — Download your synced data in a portable format
• Correct — Update inaccurate personal information
• Withdraw consent — Disable Cloud Sync at any time to return to local-only storage

To exercise any of these rights, email us at hello@famkit.io. We will respond within 30 days.

10. Data Retention

Local storage data persists until you clear your browser data. Cloud Sync data is retained while your account is active. If you delete your account, all associated data is permanently removed from our servers within 30 days. Billing records may be retained as required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email to registered users. The “Effective Date” at the top of this page will be updated accordingly. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at: hello@famkit.io