Privacy Policy
The short version. Oikos Connect is a private home for your family's life together. We collect only what the app needs to work, we never sell your data and we don't run ads, you decide who sees each thing through our privacy scopes, and you can export or delete your family's data at any time. Children's data is handled with extra care — see Section 9.
1. Who we are
Oikos Connect ("Oikos Connect," "we," "us," or "our") provides a family-organization application spanning calendar, chores, shared lists, meal planning, goals, and faith features (prayer, devotionals, scripture, and gratitude), available on the web and, over time, native apps. This policy explains what information we collect when you use Oikos Connect at oikosconnect.com and our applications, and how we handle it.
The family is the core unit of the app. An adult creates a family, and data is organized and access-controlled around that family.
2. Information we collect
2.1 Information you give us
| Category | Examples |
|---|---|
| Account | Your name, email address, and password (stored only as a secure hash). Optional profile photo. |
| Family & member profiles | Family name, the display names, roles, and colors of household members — including children that a parent adds (see Section 9). Optional profile details you choose to enter. |
| Calendar & events | Events, times, locations, and notes you create — and, if you connect Google Calendar, events synced between the two. |
| Chores & goals | Chore assignments, completion and "actually done" (altruism) records, rewards/points, and family or personal goals. |
| Lists | Shopping and other shared lists, including items added by barcode scan or voice. |
| Faith content | Prayer requests and prayer logs, gratitude entries, devotional and scripture interactions. |
| Meals | Meal plans and related recipes or notes. |
| Communication | Comments, reactions, and (where enabled) messages you send to connected families, groups, or your church. |
| Payment | If you purchase Plus or a Family Pack, our payment processor collects your billing details. We receive a confirmation and limited billing metadata — we never see or store your full card number. |
Faith content is sensitive, and we treat it that way. Prayer requests, prayer logs, gratitude entries, and devotional activity can reveal religious beliefs and personal circumstances. We handle this content as a sensitive category: it exists only because you chose to use those features, it defaults to your narrowest applicable privacy scope, it is never used for advertising, profiling, or inference about your beliefs, and anonymous prayer options are built in for the most sensitive requests. Using Oikos Connect does not require us to assume — and we do not infer — any particular religious affiliation.
2.2 Information collected automatically
- Device & technical data — such as device type, browser, app version, and IP address, used to operate and secure the service.
- Usage data — basic diagnostic and reliability information (for example, errors) so we can keep the app working.
- Push tokens — if you enable notifications, an identifier used to deliver them.
We use only the cookies and local storage needed to keep you signed in and to make the app function (including offline). We do not use advertising or cross-site tracking cookies.
2.3 Information from connected services
If you choose to connect Google Calendar, we access your calendar data through Google's OAuth process, using only the permissions you grant, solely to provide two-way calendar sync. We do not use Google user data for advertising, and our use complies with the Google API Services User Data Policy, including its Limited Use requirements. You can disconnect at any time in settings or from your Google account.
3. How we use information
- To provide, maintain, and improve the app's features for your family.
- To sync your data across your devices and (if you connect it) Google Calendar.
- To enable sharing you initiate with connected families, groups, or your church, according to your chosen privacy scope.
- To send you notifications and, if you're a subscriber, service and billing messages.
- To secure the service, prevent abuse, and comply with legal obligations.
We do not use your family's content to build advertising profiles, and we do not use children's information for any commercial purpose beyond providing the service.
4. Privacy scopes & sharing — you decide who sees what
Sharing in Oikos Connect is never automatic. Every event, prayer, list, note, and photo carries a privacy scope that you set. Nothing moves beyond a circle you chose:
- Private — visible only to you.
- Family — visible within your household (the default).
- Oikos — visible to specific families you've connected with.
- Group — visible to a group you've joined (e.g., a small group or ministry team).
- Church — visible to your congregation, with optional anonymous posting for sensitive prayer requests.
Access is enforced at the database level, not merely hidden in the interface. Anonymous prayer requests are designed so that your identity is not disclosed to the wider audience.
5. Service providers (data processors)
We rely on a small set of trusted providers to run the service. They process data only to perform services for us, under contract:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase (PostgreSQL hosting) | Primary database, authentication, and file storage | Your account and all family content you store |
| Cloudflare | Website/app hosting, delivery, and security | Technical/request data |
| Google (OAuth & Calendar API) | Optional two-way calendar sync | Calendar data you authorize |
| Stripe | Payment processing for Plus and Family Pack | Billing details (card data handled by Stripe, not us) |
| PowerSync (JourneyApps) | Offline-first sync between your devices and our database | The family content that syncs to your devices |
| OneSignal | Push notifications | Push token + notification content |
| Anthropic | Optional AI features (e.g., "Magic Import"), only when you use them | The specific content you submit for that action |
The full list — including each provider's processing location and when it is active — is maintained on our Subprocessors page, which we update when the list changes.
We may also disclose information if required by law, to protect the safety of a child or any person, or in connection with a business transfer — in which case this policy will continue to govern your data.
6. AI features (opt-in)
Some Plus features use artificial intelligence — for example, Magic Import, which turns a photo of a flyer or a block of text into a calendar event, and a weekly family digest. AI processing happens only when you choose to use one of these features. When you do, the relevant content is sent to our AI provider (Anthropic) to generate the result and return it to you. This content is not used to train third-party models, and we do not enable AI features for children's accounts by default. If you never use an AI feature, no content is sent for AI processing.
7. We do not sell your data
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have no advertising business. We do not sell, rent, or trade your family's information — or your children's information — to data brokers or advertisers. Our revenue comes solely from the subscriptions and one-time purchases you choose to make.
8. Retention & deletion
We keep your information only as long as it serves you. Concretely:
| Data | Kept for |
|---|---|
| Your account & family content (calendar, chores, lists, faith entries, photos) | As long as your account is active. Individual items can be deleted anytime and are removed immediately from the app. |
| Deleted account data | Deleted or irreversibly de-identified within 30 days of account deletion. |
| Database backups | Purged on a rolling schedule; deleted data leaves the last backup within 35 days. |
| Server & security logs (IP, request data) | Up to 90 days, for security and abuse prevention only. |
| Payment records | Retained by us and Stripe as required by tax and financial law (typically 7 years) — billing metadata only, never your card number. |
| Content submitted to AI features | Processed to generate your result; not used to train models and not retained by us beyond the result you keep. |
| Waitlist emails (this website) | Until we invite you or you ask to be removed, whichever comes first. |
How to delete your account and data
- In the app: Settings → Family → Delete account. The account owner can delete the entire family account; members can delete their own profile.
- By email: send a deletion request to [email protected] from the email address on your account. We verify it's you, then delete.
Either path triggers the timeline above. You can export your family's data first from Settings — we recommend it, because deletion is permanent.
9. Children's privacy (COPPA)
Oikos Connect is a family app, and we take the privacy of children seriously. It is designed to comply with the U.S. Children's Online Privacy Protection Act (COPPA). Children do not create their own accounts. This section is the summary — the full parent-facing notice lives at Children's Privacy Notice.
Parental consent & control
A child's profile exists only because a parent or guardian created it from within their own account. By adding a child profile, the parent provides consent for the limited collection described below and confirms they have the authority to do so. Parents can view, edit, or delete a child's profile and data at any time.
What we collect about a child, and why
- A display name (often a first name) and an avatar color or photo — so the child appears in the family's calendar, chores, and lists. Parents choose what to enter; a real name is not required.
- Activity within the family — chores assigned and completed, rewards, goals, and (if the parent enables them) prayer, gratitude, and devotional entries.
We collect this only to provide the family features to your household. A child's information is scoped to the family by default and is not shared beyond it without a parent's action. We do not require a child to disclose more than is reasonably necessary to participate.
What we do not do with a child's data
- We do not show children advertising or use their data for advertising or profiling.
- We do not sell or disclose children's personal information to third parties for their own purposes.
- We do not enable messaging outside the family, or AI features, for children by default. Any cross-family or child-messaging capability is off unless a parent deliberately turns it on, and — where allowed — remains visible to parents.
Parent controls & rights
A parent or guardian can, at any time: review the personal information collected about their child, request that we delete it, and refuse to permit further collection by removing the child's profile or closing the family account. To exercise these rights, use the in-app controls or contact us at [email protected]. We will honor verified parental requests promptly.
10. Your rights & choices
Depending on where you live, you may have the right to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Oikos Connect gives you tools to do most of this directly in the app, and you can always contact us for help. We will not discriminate against you for exercising these rights.
- Access & export — view and export your family's data.
- Correction — edit your profiles and content.
- Deletion — delete content or your entire account.
- Notifications — turn push notifications on or off per category.
- Connected services — disconnect Google Calendar at any time.
To exercise any right you can't complete in-app, email [email protected] with the subject "Privacy request." We verify the request comes from the account holder (or a parent/guardian, for child data) and respond within 30 days.
11. US state privacy rights (California, Colorado, Virginia, Connecticut & others)
If you live in California (CCPA/CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), or another US state with a comprehensive privacy law, you have specific rights in addition to those above:
- Right to know / access — what personal information we've collected about you, the categories of sources, and the purposes (they are exactly the ones in Sections 2–3; we collect nothing beyond them).
- Right to correct inaccurate personal information.
- Right to delete — see Section 8 for both paths.
- Right to data portability — export your family's data from Settings.
- Right to opt out of sale, sharing, and targeted advertising — we do not sell or share personal information for cross-context behavioral advertising, and we do not use it for targeted advertising, so there is nothing to opt out of. This is a design decision, not a toggle. We treat the "no sale" commitment as covering the preceding 12 months and the life of the product to date.
- Limits on sensitive personal information — the sensitive information we handle (faith content; children's data a parent adds) is used only to provide the features you chose, never for inference, profiling, or advertising, which means no separate "limit use" request is needed.
- Right to appeal (Colorado, Virginia, Connecticut) — if we decline a request, we'll explain why, and you may appeal by replying with "Appeal" in the subject line; a different reviewer will decide within 45 days and we'll include how to contact your state Attorney General if you remain unsatisfied.
- No discrimination — exercising any right never degrades your service.
- Authorized agents (California) — an authorized agent may submit requests on your behalf with proof of authorization; we'll verify with you directly.
- Global Privacy Control — because we don't sell or share data, GPC signals require no action from us; we honor the spirit of the signal by default.
12. International users (GDPR & UK GDPR)
Oikos Connect is operated from the United States and our providers process data primarily in the US (see Subprocessors). If you use the service from the European Economic Area, the United Kingdom, or Switzerland:
- Legal bases. We process your data to perform our contract with you (providing the app), for our legitimate interests (securing and improving the service, in ways you'd reasonably expect), with your consent (optional connections like Google Calendar, AI features, faith features), and to comply with legal obligations.
- Your rights include access, rectification, erasure, restriction, portability, and objection — exercised through the same in-app tools and [email protected] path as Section 10 — plus the right to withdraw consent at any time and to lodge a complaint with your local supervisory authority.
- International transfers. Using the service transfers your data to the United States. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses with our processors, and we will formalize additional transfer mechanisms (and appoint EU/UK representatives) before actively marketing in the EEA/UK — a counsel item noted in our launch checklist.
- No automated decision-making that produces legal or similarly significant effects about you.
13. Security
We protect your data with encryption in transit, database-level access controls that scope data to your family, hashed passwords, and least-privilege access for our systems. No method of transmission or storage is perfectly secure, but we work continually to safeguard your information and will notify you of a significant breach as required by law.
14. Changes to this policy & contact
We may update this policy as the product evolves or the law requires. Every version carries its effective date and version number at the top of this page, and superseded versions will remain available once we're out of draft. For material changes — anything that expands what we collect or how we use it — we will notify you in the app and by email before the change takes effect, and where the change concerns children's data we will obtain fresh parental consent as COPPA requires. Continued use after a non-material update means you accept the revised policy.
Contact us
Privacy questions or requests: [email protected]
General: [email protected]
Related: Terms of Service · Refunds & Cancellation · Children's Privacy Notice · Subprocessors