ChoreCoin Privacy Policy

Effective Date: April 29, 2026
Last Updated: April 29, 2026

Plain-language summary. ChoreCoin is a chore and allowance tracking app for families. We collect the minimum information needed to run your account, sync your family group across devices, and process subscription payments. We do not sell personal information. We do not show third-party advertising inside the app. If a child under 13 (or under 16 in the EEA/UK) uses ChoreCoin, a parent or legal guardian must create the account and provide verifiable consent, and the parent controls all data associated with that child.

1. Who we are

This Privacy Policy describes how we collect, use, disclose and safeguard personal information when you use the ChoreCoin mobile application (the “App”), our related websites and services (collectively, the “Service”).

The data controller responsible for your personal information is:

ChoreCoin (operated by Nicolas Rozas, sole proprietor)
Email: supportbloom@gmail.com
Postal address: 9 de Julio 1708, Rosario, Santa Fe, 2000, Argentina

Where you contact us about a child’s personal information, please use the email above and identify yourself as the parent or legal guardian. We will respond within thirty (30) days and may require reasonable verification of your identity and parental status before acting.

2. Scope of this Policy

This Policy applies to personal information processed in connection with the App and the Service. It does not apply to:

Third-party services you reach by following links from the App (their own privacy notices govern);
Information you choose to share publicly outside the Service;
Aggregated or de-identified data that can no longer reasonably be linked to you.

3. Information we collect

3.1 Information you provide directly

Account information: email address, password (stored as a salted hash by our authentication provider, Supabase), display name, and profile avatar.
Family/group information: name of the family group you create or join, the invite code shared between members, and your role (parent/admin or member).
Chore content: the tasks you create, edit, complete or verify; the rewards you offer or redeem; the coins and points awarded by the system you operate.
Photographic proof of completion: if a chore requires photographic verification, the image captured by the device camera or chosen from the device library is uploaded to our storage provider and associated with the task. You may decline camera or photo-library permission, in which case those features will not function.
Communications you send us: support requests, feedback, and any attachments you choose to provide.

3.2 Information collected automatically

Device and technical data: mobile operating system and version, App version, device model, language preference, time zone, approximate region inferred from the device.
Usage data: events such as “task created,” “task completed,” “reward redeemed,” “paywall viewed,” in order to understand how the App is used and to improve reliability. We use product analytics from PostHog for this purpose. Where required by law, we collect this only with your consent.
Crash and diagnostic information: stack traces and non-personal device telemetry generated when the App encounters an error.
Push-notification tokens: a device-specific token issued by Apple Push Notification service or Firebase Cloud Messaging, used solely to deliver notifications you have enabled.

3.3 Information from third parties

Authentication providers: if you sign in using Google Sign-In or Sign in with Apple, we receive the basic identifiers those providers return (typically a stable user identifier and your email address). We do not receive your password.
Subscription provider: our subscription manager (RevenueCat) communicates with the Apple App Store and the Google Play Store to confirm purchase, renewal and cancellation events. We receive entitlement status and the associated transaction identifiers; we never receive your payment card details.

3.4 Information we do not collect

We do not knowingly collect: precise geolocation; contacts; browsing history outside the App; biometric identifiers; or special category personal data (such as health, religion, race, sexual orientation, or trade-union membership) within the meaning of Article 9 GDPR. If you provide such information voluntarily (for example by typing it into a chore description), please refrain from doing so — the App is not designed to safeguard sensitive categories.

4. How we use information

Purpose	Categories of data used
Provide the App: create your account, sync your family group, store tasks and rewards across your devices.	Account information; family/group information; chore content.
Authenticate you on each session and protect your account.	Account information; device data.
Process and verify subscription purchases, renewals and cancellations.	Subscription identifiers from Apple/Google via RevenueCat.
Send push notifications you have enabled (task reminders, group invitations, daily digest).	Push token; account information.
Improve the App, fix bugs, measure feature performance.	Usage data; crash and diagnostic information.
Communicate with you about service updates, security and legal notices.	Account information.
Detect fraud, abuse, or violation of our Terms.	Account information; usage data; device data.
Comply with legal obligations and enforce our rights.	As necessary.

5. Legal bases for processing (EEA, UK and Switzerland)

Where the European Union General Data Protection Regulation, the United Kingdom GDPR or the Swiss Federal Act on Data Protection applies, we rely on the following legal bases:

Performance of a contract (Article 6(1)(b) GDPR) — to provide the App, manage your account and process subscriptions you purchase.
Legitimate interests (Article 6(1)(f) GDPR) — to keep the App secure, prevent abuse, and improve reliability, balanced against your rights and freedoms.
Consent (Article 6(1)(a) GDPR) — for optional analytics, optional push notifications, and any other processing where consent is required. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal obligation (Article 6(1)(c) GDPR) — to respond to lawful requests from public authorities and to comply with applicable laws.
Parental consent (Article 8 GDPR) — where the user is below the digital-age-of-consent in the relevant Member State, processing is conducted only with verifiable consent from the holder of parental responsibility.

6. Children’s privacy

ChoreCoin is designed for use by families. Children may use the App, but only under the supervision of a parent or legal guardian who is the account-holder.

6.1 United States — Children’s Online Privacy Protection Act (COPPA)

We do not knowingly collect personal information from children under thirteen (13) years of age except through a parent-administered account. By creating an account that includes a child as a family member, the parent represents and warrants that they are the child’s parent or legal guardian and provides verifiable parental consent for the limited collection and use of the child’s information described in this Policy.

For child users, we collect only what is reasonably necessary to operate the chore-tracking features: the child’s display name, avatar, completed-task records, coins and rewards, photos voluntarily uploaded as proof of completion, and minimal device data needed for security and delivery of notifications. We do not condition the child’s participation on the disclosure of more information than is reasonably necessary. We do not use child data for behavioural advertising. We do not sell or rent child data.

A parent may, at any time, review the personal information we hold about their child, refuse further collection or use, and request deletion. Contact supportbloom@gmail.com from the email address used to create the account.

6.2 European Economic Area, United Kingdom and Switzerland

Where the user is below the applicable digital-age-of-consent (between thirteen (13) and sixteen (16), depending on the Member State), processing of that user’s personal data is carried out only on the legal basis of consent given or authorised by the holder of parental responsibility. Where consent cannot be verified, the account will not be activated.

6.3 Apple App Store Kids Category and Google Play Families Policy

Where the App is distributed under Apple’s Kids Category or Google Play’s Designed for Families program, we comply with the additional requirements of those programs, including: no behavioural advertising; no use of third-party analytics SDKs that are not certified for children’s services; and clear parental gate flows for any purchase or external link.

7. Sharing and disclosure

We do not sell personal information. We share personal information only as set out below.

Service providers (processors). We engage trusted vendors that process personal information on our behalf, under written contracts that limit their use of the data to the services we ask them to perform. The principal categories are listed in Section 17.
Within your family group. Information you place in the App (your display name, avatar, the tasks you complete, the coins you earn) is visible to other members of the same family group, by design.
Legal and safety. We may disclose information if we believe in good faith that disclosure is necessary to comply with a subpoena, court order or other legal process; to protect the rights, property or safety of ChoreCoin, our users or others; or to investigate fraud or violations of our Terms.
Business transfers. If we are involved in a merger, acquisition, financing or sale of assets, personal information may be transferred as part of that transaction. We will notify you and provide an opportunity to object to processing under the new owner where required by law.
With your consent. For any other disclosure, we will ask first.

8. Subscriptions and payments

Premium features are offered through auto-renewable subscriptions purchased on Apple App Store or Google Play. Payment is processed entirely by the relevant store. We do not receive, see or store your payment-card details. We use RevenueCat as a subscription-management layer to validate receipts, deliver entitlement updates to your device, and surface aggregated metrics. RevenueCat receives a pseudonymous user identifier and the transaction metadata returned by the store.

If you start a free introductory trial, you can cancel before the trial ends free of charge through the store’s subscription management screen. If you do not cancel before the trial ends, the subscription will renew at the listed price.

9. Push notifications

If you grant push-notification permission, we may send you task reminders, group activity summaries, and security or service announcements. You can disable notifications at any time in your device settings or in the App’s notification preferences. Disabling notifications does not delete your push token from our records immediately; it is purged on the next device sync or upon account deletion.

10. Analytics and product improvement

We use a privacy-respecting product-analytics provider (PostHog) to understand how features are used and to debug issues. Events are tagged with a pseudonymous user identifier rather than your name or email. We do not share analytics data with advertising networks. Where required by applicable law, analytics are activated only after you provide consent in the App.

11. International data transfers

Our service providers may process personal information in countries outside your country of residence, including the United States. Where personal data of residents of the European Economic Area, the United Kingdom or Switzerland is transferred to a country that has not been recognised as offering an adequate level of protection, we rely on the European Commission’s Standard Contractual Clauses (or equivalent UK/Swiss instruments) and, where appropriate, supplementary technical and organisational measures.

You may request a copy of the safeguards applicable to a specific transfer by writing to supportbloom@gmail.com.

12. Data retention

We retain personal information for as long as your account remains active and for a reasonable period afterwards as described below.

Category	Retention
Account profile and authentication credentials	For the lifetime of the account, then deleted within 30 days of deletion request.
Family/group data, tasks, rewards, coins	While the group exists; archived 30 days after the last member leaves; deleted within 90 days of full deletion request.
Photographic proof of completion	30 days after task verification, then automatically purged from storage.
Push-notification tokens	Until invalidated by the platform or by account deletion.
Subscription / billing identifiers	For the period required by Apple, Google and applicable tax/accounting law (typically up to 7 years).
Analytics events	Aggregated; pseudonymous identifiers rotated or deleted within 12 months.
Support correspondence	Up to 24 months after the last interaction.

13. Security

We implement administrative, technical and physical safeguards designed to protect personal information against unauthorised access, disclosure, alteration and destruction. These include encryption in transit (TLS 1.2+), encryption at rest for stored credentials and storage objects, strict access controls on our service-provider consoles, the use of secure operating-system keychains for session tokens on your device, and regular review of supplier security posture.

No method of electronic storage or transmission is one-hundred-percent secure. If we become aware of a personal-data breach affecting you, we will notify you and the competent supervisory authority where, and within the timeframes, required by law.

14. Your rights

Subject to applicable law and to verification of your identity, you have the right to:

Access the personal information we hold about you;
Receive a copy in a portable, machine-readable format;
Request correction of inaccurate or incomplete information;
Request deletion of your personal information (“right to be forgotten”);
Restrict or object to certain processing;
Withdraw consent where processing is based on consent;
Lodge a complaint with the supervisory authority of your country of residence.

To exercise any of these rights, contact supportbloom@gmail.com. We will respond within thirty (30) days, or such shorter period as applicable law requires. We do not charge for these requests except where they are manifestly unfounded or excessive.

15. California disclosures (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights:

Right to know what personal information we collect, the purposes for which we collect it, the categories of sources, and the categories of third parties with whom we share it — all of which is described above.
Right to delete personal information we have collected from you, subject to limited statutory exceptions.
Right to correct inaccurate personal information.
Right to opt out of sale or sharing. We do not sell personal information for monetary value, and we do not share personal information for cross-context behavioural advertising. There is, accordingly, nothing to opt out of, but we honour Global Privacy Control signals to the extent applicable.
Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond those permitted under § 7027 of the CCPA Regulations.
Right to non-discrimination for exercising any of the above rights.

To exercise these rights, contact supportbloom@gmail.com. You may designate an authorised agent to act on your behalf, subject to verification.

16. Brazil disclosures (LGPD)

If you are located in Brazil, the Lei Geral de Proteção de Dados (Law No. 13.709/2018) applies. The legal bases described in Section 5 map to the corresponding bases in Article 7 LGPD, including the execution of a contract, legitimate interest, the protection of credit, the regular exercise of rights in judicial proceedings, and consent. You have the rights set out in Article 18 LGPD, including the right to confirmation of processing, access, correction, anonymisation or blocking of unnecessary or excessive data, portability, deletion of data processed on the basis of consent, information about sharing, and withdrawal of consent.

The data protection officer for Brazilian users can be reached at supportbloom@gmail.com.

17. Third-party services we use

Provider	Purpose	Privacy policy
Supabase, Inc.	Authentication, database, secure storage of uploaded photos.	supabase.com/privacy
RevenueCat, Inc.	Subscription management and entitlement validation.	revenuecat.com/privacy
Apple Inc.	App Store distribution; in-app purchases; Sign in with Apple; push notifications.	apple.com/legal/privacy
Google LLC	Google Play distribution; in-app purchases; Google Sign-In; Firebase Cloud Messaging.	policies.google.com/privacy
PostHog Inc.	Product analytics (pseudonymous events).	posthog.com/privacy
Expo (650 Industries, Inc.)	Push-notification dispatch and over-the-air updates.	expo.dev/privacy

Where any of the above changes, we will update this list. Each provider acts as our processor under our written instructions, except Apple and Google, who act as independent controllers in respect of payments and store services.

18. Account deletion

You may delete your account at any time from inside the App: Profile → Settings → Delete account. Account deletion permanently removes your profile, your authentication credentials and the personal data associated with you, except where retention is required by applicable law (for example, for tax records related to subscriptions). If you are the administrator of a family group, you will be prompted either to transfer administration to another member or to delete the group along with your account.

You may also request deletion by writing to supportbloom@gmail.com from the email address used to create the account.

19. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will revise the “Last Updated” date at the top and, where the change is material, provide additional notice (for example, an in-App banner or email). Continued use of the App after the effective date of an updated Policy constitutes acceptance of the changes.

20. Contact us

For questions about this Policy or our privacy practices:

Email: supportbloom@gmail.com
Postal mail: 9 de Julio 1708, Rosario, Santa Fe, 2000, Argentina

If you are located in the European Economic Area, the United Kingdom or Switzerland and we have not addressed your concern to your satisfaction, you have the right to lodge a complaint with your local supervisory authority. A list of EEA authorities is available at edpb.europa.eu; the UK authority is the Information Commissioner’s Office (ico.org.uk); the Swiss authority is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).