KidsEarnIt App Privacy Policy

  Effective Date: [MAY/14/2025]

This Privacy Policy describes how KidsEarnIt ("we," "us," or "our") collects, uses, and discloses information in connection with your use of the KidsEarnIt mobile application (the "App").

1. Information We Collect

We collect the following types of information when you use the App:

Account Information: When you create an account and use the App, we interact with the following information:

Email Address: Used for account authentication and recovery through Firebase Authentication. We do not store your email address within our database; it is handled directly by Firebase Authentication.

User Name: Used to identify you within your family. **This data, along with other family data, is encrypted locally on your device using advanced security measures. Creating an account generates a unique encryption key stored securely on your device for this purpose.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Password: Used for account access through Firebase Authentication. We do not store or have access to your password. Firebase Authentication handles password management securely, typically storing passwords in a hashed format.

Family Name: Used to group users into a family. **This data is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Account Creation Timestamp: A timestamp associated with activity logs, primarily used to manage data retention for historical activity logs.

In-App Data: When you use the App, we collect information related to your activities within the family environment:

Tasks: The name, description, points value, and completion status of tasks. **This data is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Rewards: The name and points cost of rewards. **This data is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Transactions: Records of points earned (such as for completing tasks or good attitude bonuses) and rewards redeemed. **This data is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Payee Information: If you add payees to represent individuals (including children) within your family account, we store their associated information, which includes:

Payee Name: Used to identify the payee within the family. **The payee name is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Financial Data: This includes transactions, balances, and other financial activity associated with the payee. **This data is encrypted locally on your device as described above.** This encrypted data is then stored locally on your device. It is only decrypted locally on your device for display and updating within the App's user interface.

Family ID: A unique identifier generated to group members within a family. This identifier does not contain personally identifiable information.

Other User Information within the Family: Within a family account, we may also store information about users, such as their user roles (administrator or user) and their status as the account holder.

Firebase Data: We use Firebase services (such as Firebase Authentication) for account management. While we encrypt your sensitive data locally, Firebase Authentication may collect and process certain data as described in their privacy policy, including information related to authentication events. We encourage you to review their privacy policy for more information on what data they collect.

Usage Data: We do not track usage data at this time. If we implement usage tracking in the future, we will update this policy to describe what data is collected and how it is used.

Device Information and Permissions:

Device Information: We do not collect any personal device data at this time. If we use device information in the future for debugging or other purposes, we will update this policy to describe what data is collected and how it is used.

Camera Access: The App may request access to your device's camera. This access is solely used to facilitate the "Invite to Family" feature by allowing you to scan QR codes to join a family. We do not use the camera for any other purpose, such as taking photos or videos, or for any form of tracking or data collection beyond the information contained within the QR code for the purpose of joining a family. The images or video streams from the camera are processed in real-time on your device for QR code detection and are not stored or transmitted by the App.

Cookies and Tracking: We do not use cookies or any form of third-party tracking within the App.

**3. How We Use Information**

We use the information we collect and store locally on your device primarily to provide and improve the functionality of the KidsEarnIt app and to manage your family account. Specifically, we use your information for the following purposes:

**To Provide and Maintain the App's Functionality:** We use your account information, in-app data (tasks, rewards, transactions), and payee information to operate the core features of the App, such as:

Managing family accounts and user roles.

Tracking tasks, rewards, and financial transactions within the family.

Calculating and displaying balances for individuals (payees) within the family.

Facilitating the "Invite to Family" feature, including generating and scanning QR codes.

**To Manage Your Family Account:** Your account information, including your User Name and Family Name, is used to identify you and other members within your specific family group. The Family ID is used to link users to their respective family data.

**For Authentication and Security:** We use your email address and password (handled by Firebase Authentication) for secure login and account access. The unique encryption key generated upon account creation is essential for decrypting and accessing your stored family data.

**For Activity Logging:** Account creation timestamps are used to manage the retention of activity logs, which provide a history of events within the family account. These logs are used for record-keeping within the app's interface.

**Important Note:** Given that your sensitive family data (User Name, Family Name, Tasks, Rewards, Transactions, Payee Information, Financial Data) is encrypted locally on your device, our use of this information is limited to the operations performed *within your device* to provide the App's functionality. We do not access or process the decrypted content of this sensitive data on our servers.

4. How We Share Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share or disclose your information in the following limited circumstances:

**With Third-Party Service Providers:** We use third-party service providers to assist us in operating the App. These providers may have access to your information only to the extent necessary to perform their services and are obligated to protect your information.

**Firebase Authentication:** We use Firebase Authentication to manage user accounts, including handling email and password authentication. Please refer to the Firebase privacy policy for more information on how they handle data.

**Firebase Realtime Database (for metadata):** While your sensitive family data is primarily stored and encrypted locally, we may use Firebase Realtime Database to store certain metadata in a mult-iuser environment or facilitate features like the QR invite code functionality. NO decrypted sensitive family data is ever stored locally or within Firebase Realtime Database.

**Within Your Family Group:** When you use the "Invite to Family" feature, you are initiating the sharing of information (such as the Family ID and potentially the Family Name) with the individual you are inviting. This is necessary for the new user to join your family group within the App.

**For Legal Reasons and to Protect Safety:** **Your safety and the safety of all KidsEarnIt users are paramount.** We may disclose your information if required to do so by law or when we have a good faith belief that such action is necessary for the following reasons, with particular emphasis on protecting individuals:

Comply with a legal obligation or valid legal process.

Protect and defend our rights or property.

Prevent or investigate possible wrongdoing in connection with the App, **especially if it involves harm or a threat to safety.**

Protect the personal safety of users of the App or the public.

**In the event of a Business Transfer:** If we were to be involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We would notify you of any such transfer and any changes to the privacy policy.

5. Data Security

We take reasonable measures to protect the information collected through the App from unauthorized access, use, or disclosure. These measures include:

Local Encryption: **For the data stored within the App on your device, we employ advanced security measures to encrypt your family's data locally. When you create an account, a unique encryption key is generated and stored securely on your device. This key is required to decrypt and access your family's data within the App.**

Firebase Security Features: Firebase Authentication provides robust security features for managing user accounts, including secure handling of passwords.

Access Control: Access to data within the App is controlled through user authentication and authorization based on user roles within the family.

Limited Data Collection: We strive to collect only the information necessary for the App's functionality.

However, please be aware that no security measures are perfect or impenetrable. We cannot guarantee the absolute security of your information.

6. Data Retention

We retain your information for as long as necessary to provide you with the services of the App and to fulfill the purposes outlined in this Privacy Policy. The retention periods for different types of data are as follows:

**Family Account Data:** Your core family account data (including encrypted User Names, Family Names, Tasks, Rewards, Transactions, Payee Information, and Financial Data) is retained for as long as your family account remains active within the App. If you delete your family account, this data will be permanently deleted from your device and Firebase Realtime Database.

**Activity Logs:** Activity logs, which may contain information about actions taken within the family account (such as task completions or reward redemptions), are retained for a limited period. **To minimize the amount of historical data, especially concerning children, we retain activity logs for a period of 12 months post-creation. The Account Creation Timestamp associated with activity logs is used to facilitate the automated deletion of logs older than 12 months.**

**Firebase Authentication Data:** Data retained by Firebase Authentication is subject to their data retention policies. Please refer to the Firebase privacy policy for details.

We may retain information for a longer period if required to do so by law or for legitimate business purposes, such as resolving disputes or enforcing our agreements. However, we will always strive to minimize the amount of data retained and the duration of retention, particularly for data related to children.

**7. Your Choices and Rights**

We believe you should have control over your information and how it is used within the KidsEarnIt App. This section outlines the choices and rights you have regarding your data:

**Managing Your Family Account:**

**Removing Users:** Within the App, administrators have the ability to remove any user from the family account, with the exception of the account holder who initiated the family creation. Child users do not have the ability to remove users. Removing a user will remove their associated data from the family account within the App on the administrator's device.

**Deleting Your Account:** The account holder of a family account has the ability to delete the entire family account. Deleting your family account will permanently delete all associated family data stored locally on your device and in Firebase Realtime Database. Please note that deleting your account is irreversible.

**Camera Access Permissions:** You can manage the App's access to your device's camera through your device's operating system settings. Please note that disabling camera access will prevent you from using the QR code scanning feature for inviting or joining families. Use of the In-app invite functionality remains available for inviting or joining families.

**Firebase Authentication Data:** For information regarding your choices and rights related to data handled by Firebase Authentication (such as your email and password), please refer to the Firebase privacy policy.

**Exercising Your Rights:** If you have any questions about exercising your choices and rights, or if you encounter any issues, please contact us at [superdadsmith@gmail.com].

**8. Children's Privacy**

KidsEarnIt is designed to be used by families, including children, under the direct supervision and control of an adult account holder. We are committed to protecting the privacy of children and handle their information with the utmost care.

Account Creation: All user accounts within a family are authorized and managed by the adult family account holder.

Information Collected from Children: We collect information about children (such as their User Name and participation in tasks and rewards) only through the adult account holder who adds them to the family account. This information is solely for the purpose of providing the core functionality of the app (tracking tasks, rewards, and balances within the family unit).

Local and Encrypted Storage & Data Sharing within the Family: Sensitive information related to children, including their names and activity within the app, is stored and encrypted locally on the devices of the adult account holder and any child users who have the app installed on their own devices as part of the family account. This encrypted data is then synchronized and shared securely between the devices of the family members through Firebase Realtime Database. Crucially, this data remains encrypted during transfer and storage within the Realtime Database, and we, as the app provider, do not access, collect, or store the unencrypted sensitive data of children on our servers.

No Third-Party Sharing of Children's Data: We do not share any personal information collected from or about children with any third parties for their marketing or advertising purposes.

Limited Use of Children's Information: Information about children is used strictly within the family unit as managed by the adult account holder to provide the intended functionality of the app.

Adult Account Holder Controls: The adult account holder has complete control over the information related to children within their family account, including the ability to add, modify, or remove child users and their associated data. Removing a child user or deleting the family account will initiate the deletion of their associated data from the devices of all family members using the app and from the Firebase Realtime Database.

Compliance with COPPA (and similar regulations): KidsEarnIt is designed to be used by an adult account holder who creates and manages accounts for their children. By requiring adult consent and control for the creation of child profiles, limiting the collection and use of children's data to the functional purposes within the family unit, and prioritizing local encrypted storage and secure sharing only between authorized family devices, we aim to comply with applicable children's privacy regulations like the Children's Online Privacy Protection Act (COPPA) in the United States.

Parental Rights: Parents and legal guardians of children using the app have the right to:

Review the personal information we have collected from their child (which is stored locally and accessible through the app on the adult's device and the child's device if applicable).

Request the deletion of personal information collected from their child (by removing the child user within the app or deleting the entire family account).

Refuse to allow any further collection or use of their child's information (by removing the child user or deleting the account). To exercise these rights, please use the functionality provided within the KidsEarnIt app or contact us at [superdadsmith@gmail.com].

No Online Contact Information Collected from Children: We do not knowingly collect online contact information from children under 13 years of age (or the relevant age in other jurisdictions) directly from them within the app.

Action on Inadvertent Collection: If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible.