Privacy Policy

Version: 0.2 (draft)  ·  Effective date: July 9, 2026  ·  Last updated: July 9, 2026
When this policy leaves draft, superseded versions will remain available at stable URLs, and material changes will be announced before they take effect.

The short version. Oikos Connect is a private home for your family's life together. We collect only what the app needs to work, we never sell your data and we don't run ads, you decide who sees each thing through our privacy scopes, and you can export or delete your family's data at any time. Children's data is handled with extra care — see Section 9.

Contents
  1. Who we are
  2. Information we collect
  3. How we use information
  4. Privacy scopes & sharing
  5. Service providers
  6. AI features
  7. We do not sell your data
  8. Retention & deletion
  9. Children's privacy (COPPA)
  10. Your rights & choices
  11. US state privacy rights
  12. International users (GDPR)
  13. Security
  14. Changes & contact

1. Who we are

Oikos Connect ("Oikos Connect," "we," "us," or "our") provides a family-organization application spanning calendar, chores, shared lists, meal planning, goals, and faith features (prayer, devotionals, scripture, and gratitude), available on the web and, over time, native apps. This policy explains what information we collect when you use Oikos Connect at oikosconnect.com and our applications, and how we handle it.

The family is the core unit of the app. An adult creates a family, and data is organized and access-controlled around that family.

2. Information we collect

2.1 Information you give us

CategoryExamples
AccountYour name, email address, and password (stored only as a secure hash). Optional profile photo.
Family & member profilesFamily name, the display names, roles, and colors of household members — including children that a parent adds (see Section 9). Optional profile details you choose to enter.
Calendar & eventsEvents, times, locations, and notes you create — and, if you connect Google Calendar, events synced between the two.
Chores & goalsChore assignments, completion and "actually done" (altruism) records, rewards/points, and family or personal goals.
ListsShopping and other shared lists, including items added by barcode scan or voice.
Faith contentPrayer requests and prayer logs, gratitude entries, devotional and scripture interactions.
MealsMeal plans and related recipes or notes.
CommunicationComments, reactions, and (where enabled) messages you send to connected families, groups, or your church.
PaymentIf you purchase Plus or a Family Pack, our payment processor collects your billing details. We receive a confirmation and limited billing metadata — we never see or store your full card number.

Faith content is sensitive, and we treat it that way. Prayer requests, prayer logs, gratitude entries, and devotional activity can reveal religious beliefs and personal circumstances. We handle this content as a sensitive category: it exists only because you chose to use those features, it defaults to your narrowest applicable privacy scope, it is never used for advertising, profiling, or inference about your beliefs, and anonymous prayer options are built in for the most sensitive requests. Using Oikos Connect does not require us to assume — and we do not infer — any particular religious affiliation.

2.2 Information collected automatically

We use only the cookies and local storage needed to keep you signed in and to make the app function (including offline). We do not use advertising or cross-site tracking cookies.

2.3 Information from connected services

If you choose to connect Google Calendar, we access your calendar data through Google's OAuth process, using only the permissions you grant, solely to provide two-way calendar sync. We do not use Google user data for advertising, and our use complies with the Google API Services User Data Policy, including its Limited Use requirements. You can disconnect at any time in settings or from your Google account.

3. How we use information

We do not use your family's content to build advertising profiles, and we do not use children's information for any commercial purpose beyond providing the service.

4. Privacy scopes & sharing — you decide who sees what

Sharing in Oikos Connect is never automatic. Every event, prayer, list, note, and photo carries a privacy scope that you set. Nothing moves beyond a circle you chose:

Access is enforced at the database level, not merely hidden in the interface. Anonymous prayer requests are designed so that your identity is not disclosed to the wider audience.

5. Service providers (data processors)

We rely on a small set of trusted providers to run the service. They process data only to perform services for us, under contract:

ProviderPurposeData involved
Supabase (PostgreSQL hosting)Primary database, authentication, and file storageYour account and all family content you store
CloudflareWebsite/app hosting, delivery, and securityTechnical/request data
Google (OAuth & Calendar API)Optional two-way calendar syncCalendar data you authorize
StripePayment processing for Plus and Family PackBilling details (card data handled by Stripe, not us)
PowerSync (JourneyApps)Offline-first sync between your devices and our databaseThe family content that syncs to your devices
OneSignalPush notificationsPush token + notification content
AnthropicOptional AI features (e.g., "Magic Import"), only when you use themThe specific content you submit for that action

The full list — including each provider's processing location and when it is active — is maintained on our Subprocessors page, which we update when the list changes.

We may also disclose information if required by law, to protect the safety of a child or any person, or in connection with a business transfer — in which case this policy will continue to govern your data.

6. AI features (opt-in)

Some Plus features use artificial intelligence — for example, Magic Import, which turns a photo of a flyer or a block of text into a calendar event, and a weekly family digest. AI processing happens only when you choose to use one of these features. When you do, the relevant content is sent to our AI provider (Anthropic) to generate the result and return it to you. This content is not used to train third-party models, and we do not enable AI features for children's accounts by default. If you never use an AI feature, no content is sent for AI processing.

7. We do not sell your data

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We have no advertising business. We do not sell, rent, or trade your family's information — or your children's information — to data brokers or advertisers. Our revenue comes solely from the subscriptions and one-time purchases you choose to make.

8. Retention & deletion

We keep your information only as long as it serves you. Concretely:

DataKept for
Your account & family content (calendar, chores, lists, faith entries, photos)As long as your account is active. Individual items can be deleted anytime and are removed immediately from the app.
Deleted account dataDeleted or irreversibly de-identified within 30 days of account deletion.
Database backupsPurged on a rolling schedule; deleted data leaves the last backup within 35 days.
Server & security logs (IP, request data)Up to 90 days, for security and abuse prevention only.
Payment recordsRetained by us and Stripe as required by tax and financial law (typically 7 years) — billing metadata only, never your card number.
Content submitted to AI featuresProcessed to generate your result; not used to train models and not retained by us beyond the result you keep.
Waitlist emails (this website)Until we invite you or you ask to be removed, whichever comes first.

How to delete your account and data

Either path triggers the timeline above. You can export your family's data first from Settings — we recommend it, because deletion is permanent.

9. Children's privacy (COPPA)

Oikos Connect is a family app, and we take the privacy of children seriously. It is designed to comply with the U.S. Children's Online Privacy Protection Act (COPPA). Children do not create their own accounts. This section is the summary — the full parent-facing notice lives at Children's Privacy Notice.

Parental consent & control

A child's profile exists only because a parent or guardian created it from within their own account. By adding a child profile, the parent provides consent for the limited collection described below and confirms they have the authority to do so. Parents can view, edit, or delete a child's profile and data at any time.

What we collect about a child, and why

We collect this only to provide the family features to your household. A child's information is scoped to the family by default and is not shared beyond it without a parent's action. We do not require a child to disclose more than is reasonably necessary to participate.

What we do not do with a child's data

Parent controls & rights

A parent or guardian can, at any time: review the personal information collected about their child, request that we delete it, and refuse to permit further collection by removing the child's profile or closing the family account. To exercise these rights, use the in-app controls or contact us at [email protected]. We will honor verified parental requests promptly.

10. Your rights & choices

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, and to object to or restrict certain processing. Oikos Connect gives you tools to do most of this directly in the app, and you can always contact us for help. We will not discriminate against you for exercising these rights.

To exercise any right you can't complete in-app, email [email protected] with the subject "Privacy request." We verify the request comes from the account holder (or a parent/guardian, for child data) and respond within 30 days.

11. US state privacy rights (California, Colorado, Virginia, Connecticut & others)

If you live in California (CCPA/CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), or another US state with a comprehensive privacy law, you have specific rights in addition to those above:

12. International users (GDPR & UK GDPR)

Oikos Connect is operated from the United States and our providers process data primarily in the US (see Subprocessors). If you use the service from the European Economic Area, the United Kingdom, or Switzerland:

13. Security

We protect your data with encryption in transit, database-level access controls that scope data to your family, hashed passwords, and least-privilege access for our systems. No method of transmission or storage is perfectly secure, but we work continually to safeguard your information and will notify you of a significant breach as required by law.

14. Changes to this policy & contact

We may update this policy as the product evolves or the law requires. Every version carries its effective date and version number at the top of this page, and superseded versions will remain available once we're out of draft. For material changes — anything that expands what we collect or how we use it — we will notify you in the app and by email before the change takes effect, and where the change concerns children's data we will obtain fresh parental consent as COPPA requires. Continued use after a non-material update means you accept the revised policy.

Contact us

Privacy questions or requests: [email protected]
General: [email protected]

Related: Terms of Service · Refunds & Cancellation · Children's Privacy Notice · Subprocessors