Privacy Policy

Last updated: 27 April 2026

Twiggly ("we", "us", "our") is a family task-management app. We take your family's privacy seriously — especially because children use this app.

1. What we collect

We collect only what's needed to run the app:

• Parent accounts — email address, nickname, and language preference.
• Child accounts — nickname, birth year (used to tailor task suggestions to the child's age), and language preference. No email address is collected for child accounts. Children sign in with a family code and PIN; the PIN is used to derive a secure authentication credential and is never stored in plaintext.
• Family activity — tasks and their descriptions, categories, completion photos, point balances, streak counts, reward goals, and reward-redemption history.
• Invitations — when you invite someone by email, we store the recipient's email so we can match it to their account at sign-up. Once the invitation is accepted, the email is deleted within 7 days. Pending invitations remain until you cancel them.
• Device tokens — push-notification tokens, if you enable notifications. Tokens are removed when you sign out.
• Crash diagnostics — when the app crashes, a stack trace and basic device info (model, OS version) are sent to Google Firebase Crashlytics so we can diagnose and fix bugs. These reports do not include your tasks, photos, nicknames, or any other content you've entered. Twiggly is installed on a parent-owned device, and the parent who set up the family is the account holder responsible for it — so even when a child is the active in-app profile, crash diagnostics are collected under the parent's account, not the child's. Crash reports are retained by Google for approximately 90 days under their default policy and are not under our direct control.
• On-device storage — to make PIN sign-in smoother, we cache a nickname and a non-sensitive login identifier securely on the device.

We do not collect location data, contacts, browsing history, microphone or camera recordings, or advertising identifiers.

2. How we use it

• To operate the app — display tasks, track points, send reminders and notifications.
• To authenticate your account and keep each family's data isolated from every other family.
• To diagnose crashes and technical problems through Firebase Crashlytics.

We do not sell or share personal data with third parties for advertising or marketing. Our website uses Google Analytics to count page views and understand where traffic comes from. Analytics cookies are only set if you accept them via the consent banner — if you decline, no cookies are stored and your visit is not tracked.

3. Children's privacy

Twiggly is designed for families with children aged roughly 6–16. We do not knowingly collect personal information from children without parental involvement.

Parental consent. Child accounts can only be created by an authenticated parent or guardian. By adding a child to your family, you consent to the collection and use of that child's data as described in this policy.

What we store for children. For each child we store a nickname, a birth year (used to tailor task suggestions to their age), and the family activity they generate inside the app — tasks, points, streaks, reward goals, and task-completion photos. No email address is collected for child accounts. Children sign in with a family code and a PIN that only the family knows. All child data is stored within the family unit and is only visible to other family members.

Parental rights over child data. As the parent or guardian who manages the family, you can at any time:

• Review your child's data through the app (tasks, points, streaks, photos).
• Edit your child's nickname or other profile details.
• Remove your child from the family. When you remove a child, their account is immediately locked out and their personal data — including task-completion photos, point balance, recurring tasks, and sign-in credentials — is automatically and permanently deleted within 24 hours. Completed tasks remain in your family history with the child's name but are no longer linked to an account.

4. Data storage and security

Your data is stored in Google Firebase (Cloud Firestore) with encryption at rest and in transit. Access is controlled by security rules that isolate each family's data. Task-completion photos are stored in Firebase Storage and automatically deleted 30 days after the task is approved or deleted.

Your data is stored and processed on Google's infrastructure in the European Union and the United States. For users in the European Economic Area, any transfer of personal data outside the EEA — for example, task-completion photos, which are stored in the United States — is carried out under Google's Data Processing Terms and the EU Standard Contractual Clauses.

To make the app work smoothly and offline, your active task and family data is also cached locally on your device (up to 50 MB). This local cache is wiped when you sign out and is protected by your device's standard at-rest encryption when the device is locked.

5. Data retention

• Account data — retained as long as your account is active.
• Task-completion photos — automatically deleted 30 days after the task is approved or deleted.
• Push-notification tokens — removed when you sign out, and replaced automatically when the device issues a new token.
• Invitations — the recipient's email is deleted within 7 days of the invitation being accepted; pending invitations are removed when you cancel them.
• Crash diagnostics — crash reports sent to Firebase Crashlytics are retained by Google for approximately 90 days per their default policy. We cannot delete these on demand; they expire automatically.
• Deleted accounts — all associated data is permanently removed within 30 days of account deletion.

6. Your rights

You can:

• Access your data at any time through the app.
• Delete your account and all associated data from in-app settings (Settings → Delete account); the app opens a secure confirmation page in your browser to complete the request.
• Export your data from the app settings.
• Manage your children's data — review, edit, or request deletion of any child account you manage (see section 3).

7. Third-party services

We use the following services from Google, all of which are covered by the Firebase Privacy Policy and the Google Privacy Policy:

• Firebase Authentication — manages sign-in and account identifiers.
• Cloud Firestore — stores your family's account and activity data.
• Cloud Storage for Firebase — stores task-completion photos.
• Cloud Functions for Firebase — runs server-side logic such as sending invites and scheduled cleanup.
• Firebase Cloud Messaging — delivers push notifications to your device.
• Firebase Crashlytics — receives crash reports (stack trace + device model) when the app crashes.
• Google Sign-In — only if you choose to sign in with a Google account, in which case Google shares your email and basic profile with us.
• Google Analytics — collects anonymous page-view statistics on our website. Analytics cookies are set only if you accept the consent banner; otherwise no cookies are stored.

We do not share your data with any third party beyond what's required for these services to function.

8. Changes to this policy

We'll notify you of significant changes via the app or email. Continued use after changes constitutes acceptance.

9. Contact

Questions about your privacy? Reach us at our support page or email support@twiggly.app.