Privacy Policy
Last updated: March 27, 2026
Your privacy matters to us. This policy explains how we collect, use, and protect your personal information when you use Sprout Saver.
Key Privacy Commitments
1. Information We Collect
Personal Information
We collect information that you provide directly to us:
Parent Accounts
- Name and email address
- Account password (encrypted)
- Payment information (processed by Stripe for web, and by Google Play/App Store for in-app purchases)
- Account preferences and settings
Child Accounts
- Child's first name only
- Age (for age-appropriate content)
- Optional username
- No email address collected from children
Automatically Collected Information
When you use our service, we automatically collect:
- Device Information: Browser type, operating system, device identifiers
- Usage Data: Pages visited, features used, time spent in app
- Log Data: IP address, access times, error reports
- Performance Data: App performance metrics, crash reports
2. How We Use Your Information
We use collected information to:
- Provide Services: Operate and maintain your family bank
- Process Transactions: Handle subscription billing through Stripe (web) or app store billing systems (mobile)
- Personalization: Customize content based on age and preferences
- Communication: Send important updates, security alerts, and support
- Improvement: Analyze usage to improve features and performance
- Security: Detect and prevent fraud or unauthorized access
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under one of the six lawful bases identified in Article 6(1) of the General Data Protection Regulation (GDPR):
| Processing Purpose | Lawful Basis (Art. 6(1)) |
|---|---|
| Providing the Service (accounts, chores, allowances, lessons) | Contract — Art. 6(1)(b) |
| Processing subscriptions and billing | Contract — Art. 6(1)(b) |
| Security, fraud prevention, platform integrity | Legitimate interests — Art. 6(1)(f) |
| Analytics (only with consent; never on child-facing pages) | Consent — Art. 6(1)(a) |
| Newsletter / marketing communications | Consent — Art. 6(1)(a) |
| Retention of billing records for tax/accounting | Legal obligation — Art. 6(1)(c) |
| Processing children's data (COPPA / GDPR Art. 8) | Verifiable parental consent — Art. 6(1)(a) + Art. 8 |
Right to Object (Art. 21): Where we rely on legitimate interests, you have the right to object at any time. Where we process your data for direct marketing purposes (e.g., our newsletter), you have an absolute right to object and we will stop such processing. To exercise this right, email support@sproutsaver.com with subject line "GDPR Right to Object".
Withdrawing Consent: Where we rely on consent, you may withdraw it at any time with no effect on the lawfulness of prior processing. Analytics consent can be changed via the cookie banner or Settings. Newsletter consent can be withdrawn from any newsletter email's unsubscribe link.
International Transfers: We are based in the United States. Where we transfer personal data outside the EEA/UK/Switzerland, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of protection.
4. Children's Privacy (COPPA Compliance)
Special Protections for Children Under 13
Sprout Saver is designed for families with children. We fully comply with COPPA:
- ✓ We do not collect email addresses from children
- ✓ Children use PIN-based authentication only
- ✓ Parents have full control over children's data
- ✓ No targeted advertising to children
- ✓ We never sell children's personal information
5. Information Sharing
We do not sell your personal information. We only share data in these situations:
Service Providers
Third parties who help operate our service (hosting, payments)
Legal Requirements
When required by law or to protect our rights
Business Transfers
In connection with mergers, acquisitions, or asset sales
With Your Consent
When you explicitly authorize sharing
6. Data Security
We implement industry-standard security measures:
- Encryption: All data encrypted in transit (TLS) and at rest (AES-256)
- Authentication: Secure password hashing (Firebase Auth)
- Access Controls: Strict employee access policies and audit logs
- Infrastructure: Hosted on Google Cloud Platform with SOC 2 compliance
- Monitoring: Continuous security monitoring and incident response
7. Data Breach Response
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the supervisory authority within 72 hours of becoming aware of the breach, where feasible (GDPR Article 33)
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
- Document the breach including its nature, the categories and approximate number of individuals and records affected, likely consequences, and measures taken to address it
Notifications will include a description of the breach, the name and contact details of our data protection point of contact, a description of likely consequences, and a description of the measures taken or proposed to address the breach. For full details on our incident response procedures, see our internal Incident Response Plan.
8. Data Retention
We retain your information for as long as your account is active or as needed to provide services. The following table describes our retention periods by data category:
| Data Category | Retention Period |
|---|---|
| Account data (parent) | Until deletion requested + 30-day grace period |
| Child account data | Deleted immediately when parent removes child; included in 30-day grace period for full-family deletion |
| In-app notifications | 30 days (read notifications auto-deleted) |
| Audit logs | 90 days |
| Billing webhook events | 90 days |
| Financial records (invoices) | As required by applicable tax law (typically 6-7 years) |
| Contact form submissions | 90 days after processing |
| Newsletter subscriber records | Until unsubscribed; unsubscribed records deleted within 30 days |
| Anonymized analytics | May be retained indefinitely for service improvement |
Upon full account deletion request, personal data is soft-deleted immediately and permanently purged after a 30-day grace period (during which you may cancel the deletion). Backup data is purged within 90 days of the permanent deletion date.
iOS subscribers — important: Apple does not allow third parties (including Sprout Saver) to cancel App Store subscriptions on your behalf. If you delete your account while your iOS subscription is active, you may continue to be charged through your next renewal date unless you cancel the subscription manually in Settings → Apple ID → Subscriptions → Sprout Saver on your iPhone or iPad. The deletion confirmation flow surfaces this requirement and provides a deep-link to your subscription settings; we recommend cancelling there before confirming deletion. Stripe (web) and Google Play (Android) subscriptions are cancelled automatically as part of deletion.
Sign in with Apple: When you delete your account, we revoke your Apple Sign-In refresh token through Apple's /auth/revoke endpoint, so Sprout Saver no longer appears in your Apple ID privacy settings under "Apps Using Apple ID." This complies with App Store Review Guideline §5.1.1(v).
9. Your Rights
Regardless of where you live, you have the right to:
View the personal data we hold about you
Fix inaccurate or incomplete data
Request deletion of your data
Download a portable copy of your data
EEA/UK residents also have rights to restrict processing, object to legitimate-interest or marketing processing (see §3), and lodge a complaint with your local supervisory authority.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights:
- Right to Know: What personal information we collect, use, disclose, or sell, and the categories of sources and recipients.
- Right to Delete: Request deletion of the personal information we hold about you.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: You may opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: Restrict the use of sensitive data to what is necessary to provide the Service.
- Right to Non-Discrimination: We will not discriminate against you for exercising these rights.
We Do Not Sell Personal Information
Sprout Saver does not sell personal information as defined by the CCPA/CPRA, and we do not share personal information for cross-context behavioral advertising. We also honor the Global Privacy Control (GPC) browser signal as a valid opt-out of sale/sharing.
California residents under 16 (or their parents on their behalf) must opt-in affirmatively before any "sale" or "sharing" — a practice we do not engage in, but which we disclose here for clarity.
11. How to Submit a Request
To exercise any right described above (access, correct, delete, port, object, restrict, opt-out of sale, withdraw consent):
- Email support@sproutsaver.com with subject line "Privacy Request" and a clear description of the right you are exercising (e.g., "Access request", "Deletion request", "CCPA opt-out", "DSAR").
- We will verify your identity using reasonable means (matching your email against your account; for high-risk requests, we may request additional verification).
- We will respond within 30 days (extendable by an additional 60 days where permitted by law, with written notice to you). No fee unless the request is manifestly unfounded or excessive.
- You may authorize an agent to act on your behalf; we will require proof of authorization and may separately verify your identity.
If we decline a request, we will explain why and inform you of your right to lodge a complaint with your local data protection authority (EEA/UK) or the California Privacy Protection Agency.
12. Third-Party Services
We use the following third-party services:
| Service | Purpose |
|---|---|
| Firebase (Google) | Authentication, database, hosting |
| Stripe | Web subscription payment processing |
| Google Play Billing | Android in-app subscription billing and purchase management |
| Apple App Store Billing | iOS in-app subscription billing and purchase management |
| Google Analytics | Anonymous usage analytics (loaded only with user consent; never on child-facing pages) |
| Sentry | Error and crash monitoring. No PII is sent; device and browser context are stripped for child sessions. |
| Capawesome (Genz IT Solutions GmbH, Germany) | Mobile app over-the-air updates. Receives only operational data on each update check: app ID, app version, platform, OS version, plugin version, bundle ID, channel name, and a per-vendor anonymous device identifier. No personal information about you or your children is transmitted. Server logs (IP address, timestamp) are retained 30 days and deleted. Subprocessors: Cloudflare (USA), Scaleway (FR), Hetzner (DE), PlanetScale (USA). Data Processing Agreement available on request. |
13. Changes to This Policy
We may update this Privacy Policy periodically. When we make changes, we'll update the "Last updated" date and notify you via email for significant changes. Your continued use after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions about this Privacy Policy or our practices: