Privacy Policy

Last updated: 16 April 2026

Twiggly ("we", "us", "our") is a family task-management app. We take your family's privacy seriously — especially because children use this app.

1. What we collect

We collect only what's needed to run the app:

• Parent accounts — email address, nickname, language preference, and (optionally) a profile photo.
• Child accounts — nickname, birth year (used to tailor task suggestions to the child's age), language preference, and (optionally) a profile photo. No email address is collected for child accounts. Children sign in with a family code and PIN; the PIN is used to derive a secure authentication credential and is never stored in plaintext.
• Family activity — tasks and their descriptions, categories, completion photos, point balances, streak counts, reward goals, and reward-redemption history.
• Invitations — when you invite someone by email, we store the recipient's email until the invitation is accepted or expires, so we can match it to the account at sign-up.
• Device tokens — push-notification tokens, if you enable notifications. Tokens are removed when you sign out.
• Crash diagnostics — when the app crashes, a stack trace and basic device info (model, OS version) are sent to Google Firebase Crashlytics so we can diagnose and fix bugs. These reports do not include your tasks, photos, nicknames, or any other content you've entered.
• On-device storage — to make PIN sign-in smoother, we cache a nickname and a non-sensitive login identifier securely on the device.

We do not collect location data, contacts, browsing history, microphone or camera recordings, or advertising identifiers.

2. How we use it

• To operate the app — display tasks, track points, send reminders and notifications.
• To authenticate your account and keep each family's data isolated from every other family.
• To diagnose crashes and technical problems through Firebase Crashlytics.

We do not sell or share personal data with third parties for advertising or marketing. Our website uses Google Analytics in cookieless mode to count page views and understand where traffic comes from — no cookies are set and no individual visitor can be identified.

3. Children's privacy

Child accounts are created and managed by a parent or guardian. For each child we store a nickname, a birth year (used to tailor task suggestions to their age), an optional profile photo, and the family activity they generate inside the app — tasks, points, streaks, reward goals, and task-completion photos. No email address is collected for child accounts. Children sign in with a family code and a PIN that only the family knows. All child data is stored within the family unit and is only visible to other family members.

4. Data storage and security

Your data is stored in Google Firebase (Cloud Firestore) with encryption at rest and in transit. Access is controlled by security rules that isolate each family's data. Task-completion photos are stored in Firebase Storage and automatically deleted 30 days after the task is approved or deleted.

To make the app work smoothly and offline, your active task and family data is also cached locally on your device (up to 50 MB). This local cache is wiped when you sign out and is protected by your device's standard at-rest encryption when the device is locked.

5. Data retention

• Account data — retained as long as your account is active.
• Task-completion photos — automatically deleted 30 days after the task is approved or deleted.
• Push-notification tokens — removed when you sign out, and replaced automatically when the device issues a new token.
• Invitations — stored until accepted or until the invitation expires, then removed.
• Deleted accounts — all associated data is permanently removed within 30 days of account deletion.

6. Your rights

You can:

• Access your data at any time through the app.
• Delete your account and all associated data via in-app settings (Settings → Delete account) or the account deletion page.
• Export your data from the app settings.

7. Third-party services

We use the following services from Google, all of which are covered by the Firebase Privacy Policy and the Google Privacy Policy:

• Firebase Authentication — manages sign-in and account identifiers.
• Cloud Firestore — stores your family's account and activity data.
• Cloud Storage for Firebase — stores profile and task-completion photos.
• Cloud Functions for Firebase — runs server-side logic such as sending invites and scheduled cleanup.
• Firebase Cloud Messaging — delivers push notifications to your device.
• Firebase Crashlytics — receives crash reports (stack trace + device model) when the app crashes.
• Google Sign-In — only if you choose to sign in with a Google account, in which case Google shares your email and basic profile with us.
• Google Analytics — collects anonymous page-view statistics on our website in cookieless mode. No personal data is stored and no cookies are set.

We do not share your data with any third party beyond what's required for these services to function.

8. Changes to this policy

We'll notify you of significant changes via the app or email. Continued use after changes constitutes acceptance.

9. Contact

Questions about your privacy? Reach us at our support page or email support@twiggly.app.