The plain-language privacy policy.

• You (the parent) sign up with an email and password. You add your children; they don't have their own accounts.
• We collect the minimum we need to run a chore-and-rewards app: parent email, the child's name (whatever you enter), an optional birthday, and the activity that happens inside the app.
• We never show ads in the children's app. We never sell or rent data. We don't put behavioral analytics or third-party trackers in the children's experience.
• You can edit or delete a child's profile from your dashboard. To delete your whole account, email us — a self-serve button is coming.
• Hosted in the United States by Supabase. Subprocessors are listed below.

Havenquest is a small, indie product. The website is havenquest.app. The parent dashboard is at parents.havenquest.app and the children's app lives at kids.havenquest.app. You can reach us any time at privacy@havenquest.app.

When you sign up and use Havenquest, we collect:

• Email and password. Used to sign you in. Passwords are hashed by our auth provider (Supabase) — we never see them in the clear.
• Optional profile fields: first name, last name, your relationship label (e.g. "Mom," "Dad," "Grandparent"), and a family name. You can leave any of these blank.
• Co-parent invites. If you invite another adult to share your family, we'll send them an email with a one-click invite link via SendGrid.
• Push-notification tokens. If you opt into browser or mobile push so you can be notified about pending approvals, we store a device token. You can revoke this any time from your browser/device settings.

Children don't sign up themselves. A parent creates their account, adds each child, and enters whatever the parent chooses to provide:

• A name — typically a first name or nickname. You're welcome to use a fake name; nothing in the app requires the real one.
• Optional date of birth. Only used to display age-appropriate content and progress over time. You can skip this; the app works without it.
• A color and a token type. Customization choices the child (or you) pick — like "purple" and "unicorns." We store these as labels, not images.
• An avatar configuration. The parameters that describe the child's cartoon avatar (color, shape, accessory choices). We do not store photographs of children as profile pictures.
• Optional child PIN. If you set one, it's stored so the children's app can check it before letting that child log their progress.
• Activity data. The quests they complete, when, the tokens earned, rewards redeemed, achievements unlocked, and a running coin-balance ledger. This is the data the app needs to function.
• Photo proof, only if you ask for it. If you mark a specific quest as needing photo confirmation (e.g. "show me your made bed"), the child uploads a photo and the photo is stored alongside the completion record. Only adults in your family see it. If you don't enable photo proof on a task, no photos are collected.

We don't collect a child's email, phone number, location, contacts, microphone audio, or browsing history. The children's app contains no analytics SDKs.

• To run the app — show today's quests, track tokens, deliver rewards, send approval notifications.
• To keep your account secure — rate limiting, abuse prevention, password resets.
• To respond when you email us about a problem.
• That's it. We don't use family data to train ad models, build profiles, or feed third-party analytics products.

We use a small set of trusted services to actually run the app. None of them receive data we don't need them to have.

• Supabase — our database, authentication, file storage, and serverless functions. Data is hosted in the United States. (supabase.com/privacy)
• SendGrid (Twilio) — sends transactional email like password resets and co-parent invites. We've turned off click and open tracking. (twilio.com/legal/privacy)
• ElevenLabs — generates the read-aloud audio for quest text. We send only the quest title and description, never a child's name or any personal info. The same audio is reused across all families when the text matches. (elevenlabs.io/privacy-policy)
• Replicate — generates the small illustrations on each quest card. We send a generic prompt built from the quest title only — no child information. (replicate.com/privacy)
• Expo / Apple / Google push services — deliver notifications to your device. They see device tokens, not the family content of the message body beyond what's required to display it.
• Vercel — hosts the marketing site and parent dashboard. Their logs may capture standard server-request metadata (IP, user-agent) for security. (vercel.com/legal/privacy-policy)

We currently use no advertising networks, no behavioral analytics services (no PostHog, Sentry, Mixpanel, Amplitude, Segment, or Firebase Analytics), and no payment processors. If we ever add one, we'll list it here first.

The parent dashboard uses session cookies to keep you signed in. They're set by our auth provider (Supabase) and they expire on sign-out. We don't use third-party advertising cookies, social-share cookies, or analytics cookies.

• We don't show advertisements to children. Not in-app, not anywhere.
• We don't sell, rent, or trade data about your family.
• We don't allow children to make purchases inside the children's app.
• We don't include third-party trackers, ad SDKs, or behavioral analytics in the child experience.
• We don't profile children for marketing or any other purpose.
• We don't share child data with anyone outside the subprocessor list above.

• Review. Your dashboard shows every quest, redemption, and approval for every child in your family. There are no hidden chats or unseen activity.
• Edit. Tap any child's profile to change name, birthday, avatar, or PIN. Edit any quest or reward at any time.
• Delete a child. The Children page has a delete button. Removing a child wipes their quests, redemptions, achievements, push tokens, and the rest of their data within seven days.
• Delete your whole account. Email privacy@havenquest.app from the address on your account and we'll fully delete it within 30 days. (A self-serve button is on our short-term roadmap.)
• Get a copy of your data. Email us and we'll send you an export. A self-serve export is also on the roadmap.

Havenquest is designed to be used by children but signed up for them by a parent or legal guardian. The parent creates the account, adds each child, and controls what's collected — that's how we obtain parental consent.

We collect only what's needed to operate the app for that child. We don't disclose children's information to third parties for marketing or profiling. Parents can review, edit, or delete their children's data at any time using the controls described above, or by emailing us.

We're not currently certified by a formal children-privacy program (kidSAFE, ESRB Privacy Certified, etc.). If we pursue certification later, we'll note it here. In the meantime, the practices on this page are what we follow.

We keep family data while your account is active. When you delete a child, their records are removed within seven days. When you delete (or ask us to delete) your account, everything we store about your family is removed within 30 days, except records we're legally required to retain (which today is none).

Some data lives on briefly in encrypted backups, then ages out on the standard backup retention cycle of our database provider (Supabase).

Data is stored on Supabase infrastructure in the United States (region us-east-1). If we add other regions later — for example, an EU region for European families — we'll update this page first.

Connections to Havenquest are encrypted with TLS. Data is encrypted at rest by our database and storage providers. Passwords are hashed; we never see them. Internal access is limited to the small number of people who actually need it to operate the service.

No system is bulletproof. If we ever discover a security issue that affects family data, we'll email the affected accounts promptly and explain what happened, what we know, and what we're doing about it.

When something material changes, we'll update this page and the effective date at the top. If the change reduces protections in a way that affects you, we'll email you before it takes effect.

Questions, requests, or anything else: privacy@havenquest.app. We try to reply the same day.