Privacy Policy
Draft — pending legal review. Last updated: July 10, 2026.
Who we are
Roundup Crew is a family chore-management service. A parent or guardian sets up a family (“Crew”), adds members, and the family tracks chores, rewards, and streaks together. This policy explains what we collect, why we collect it, who touches it, and the choices you have. Questions any time: privacy@roundupcrew.com.
Information we collect
From parents and guardians
- Account: email address, display name, and password (stored only as a modern cryptographic hash — we cannot read it).
- Billing: subscription plan and status, plus Stripe customer and subscription identifiers. Card numbers are entered on Stripe’s pages and handled entirely by Stripe — we never see or store them.
About children (added only by a parent)
- Profile: a display name, an optional date of birth (used only to match age-appropriate chores), and — if the parent chooses to give the child their own login — a parent-chosen handle and password (hashed). We do not collect a child’s email address, and children cannot create accounts themselves.
- Activity: chores assigned or claimed, completions and confirmations, rewards credited, streaks, and in-app notifications — the family’s own chore record.
From devices
- Notifications (optional): if a member turns on chore reminders on a device, we store that device’s push subscription (a delivery address issued by the browser plus its encryption keys). Turning the toggle off deletes it.
- Logs: our servers keep standard technical logs (IP address, request time, endpoint) for security and debugging. Application logs are written to exclude family content, and our error-monitoring service is configured not to receive personal information.
Cookies
We use one essential cookie: rc_refresh, an httpOnly session cookie that keeps you signed in. A non-identifying local flag (rc_has_session) remembers that a session exists so pages load faster. We use no analytics, advertising, or tracking cookies, and no third-party trackers of any kind.
How we use information
To run the service (your Crew’s chores, rewards, streaks, and notifications), to manage subscriptions, to send transactional email to parents (verification, password reset, invites, the weekly recap), to deliver notifications you opted into, and to keep the service secure. We do not sell personal information, we show no advertising, and we never use children’s information for marketing of any kind.
Children’s privacy (COPPA)
Roundup Crew is built for families and is intentionally parent-controlled:
- Consent: a child’s profile can only be created by a parent or guardian inside their own Crew. The parent provides every piece of the child’s information and, by creating the profile, consents to its collection and use as described here. Children cannot sign up, join a Crew, or add information about themselves without a parent having set that up.
- Minimization: we collect from children only what the feature needs — the profile and activity listed above. No email, no contacts, no location, no photos, no behavioral profiling.
- No third-party disclosure: children’s information is never shared except with the service providers below, strictly to operate the service, and is never made public.
- Parental rights: a parent can review a child’s information (the member’s profile page), correct it (edit the member), delete it (erase the member — the child’s personal details are removed and their history anonymized), or delete the entire Crew account. Erasure also ages out of our backups automatically within 30 days.
Service providers
We share data only with processors needed to run the service:
- Cloudflare — serves the web app.
- Fly.io — hosts the API (United States).
- Neon — hosts the database (United States).
- Stripe — payment processing (parents’ billing only).
- Resend — transactional email (parent addresses only).
- Sentry — error monitoring, configured to exclude personal data.
- GitHub — stores our encrypted database backups (readable only with a key we hold; automatically deleted after 30 days).
- Your browser’s push service (Apple, Google, or Mozilla) — delivers notifications you opted into; it sees the encrypted notification payload, not your account.
Data is stored and processed in the United States.
Retention
Your Crew’s data is kept while your account is active. When you erase a member or delete your account, personal details are removed and contribution history is anonymized immediately; encrypted backups expire within 30 days. Security audit records (who signed in, who changed what) are retained to protect the service.
Security
All traffic is encrypted in transit (HTTPS). Passwords are hashed with argon2. Sessions use httpOnly cookies with rotation and reuse detection. Backups are encrypted at rest. Access to production systems is limited to the operator.
Your rights
From account settings you can export everything we hold about you and your Crew, or delete your account. Parents exercise these rights on behalf of their children. If you believe we hold data we shouldn’t, email privacy@roundupcrew.com and we’ll fix it.
Changes
If this policy changes materially — especially anything touching children’s data — we’ll email parents and update the date above before the change takes effect.