how we handle your data

Privacy Policy

Effective · April 22, 2026

This Privacy Policy explains how Familymaxxing ("we", "us", "our") collects, uses, stores, shares, and protects your information when you use the Familymaxxing mobile app and related services (the "Service"). By using the Service you agree to this policy.

1. Who we are

Familymaxxing is a social accountability app that lets small groups of friends and family set personal goals, check in with each other, chat, and optionally stake a money pool that gets settled at the end of a group.

2. Information we collect

2.1 Information you provide

• Account details. When you sign up via Apple, Google, or email, we receive your email address, display name, and (for Apple/Google) a provider-issued user identifier. You also choose a unique handle and may upload an avatar image.
• Group content. Groups you create or join, group names, emoji/colors, descriptions, start and end dates, goal type, scoring mode, pool mode, pool amount / stake per member, currency, and invite codes.
• Goals. The personal goal payload you set for a membership (for example the metric, target value, and unit).
• Check-ins. Quick-log values with units, or posts containing a photo and optional caption.
• Messages, reactions, comments, and stories. Text you send in group chat, emoji reactions on check-ins and messages, comments on check-ins, and 24-hour story photos with optional captions.
• Settlement data. For groups with a money pool, computed leaderboards and splits, plus your confirmations that you paid or received a payout. We do not process the actual money transfer — payments happen between members off-platform (e.g. via bank transfer or a third-party payment app).
• Settings and preferences. Account settings and per-type notification preferences (check-in reminders, new messages, new check-ins in a group, mentions, settlement-ready, milestones).

2.2 Information collected automatically

• Device push tokens. If you enable push notifications, we store Firebase Cloud Messaging (FCM) tokens for your devices so we can deliver notifications.
• Technical data. Timestamps of activity (account creation, check-ins, messages, settlements), IP address and basic request metadata associated with authenticated API calls for security, abuse prevention, and debugging.

2.3 Information from third parties

If you sign in with Apple or Google, we receive the identity information that provider returns (typically a subject ID, email, and display name). We do not receive your password.

3. How we use your information

• Operate core features: groups, goals, check-ins, chat, stories, reactions, comments, and settlements.
• Authenticate you and keep your account secure.
• Compute leaderboards and draft settlement splits at the end of a group.
• Send push notifications you've opted in to.
• Prevent abuse, enforce our Terms, and debug issues.
• Comply with legal obligations.

We do not sell your personal information. We do not use your content to serve third-party advertising.

4. Who can see what

• Other members of your groups can see your display name, handle, avatar, check-ins (including photos and captions), messages, reactions, comments, stories, goal progress, and settlement entries for that group.
• Anyone with an invite code can view a limited, anonymous preview of the group before joining (group name, emoji, description, dates, and mode).
• Your stories are visible to members of any group you share with and expire after 24 hours.
• Your email is never shown to other users. Your handle is public within your groups.

5. Service providers

We share data with the minimum number of processors needed to run the Service:

• Supabase — authentication, Postgres database, and file storage for avatars, check-in photos, and story photos.
• Apple and Google — OAuth sign-in (only if you choose those providers).
• Firebase Cloud Messaging (Google) — delivery of push notifications to your devices.
• Hosting / edge infrastructure — for serving API requests and scheduled jobs.

These providers may process data in the United States, the EU, or the United Kingdom. We rely on their contractual and technical safeguards, including Standard Contractual Clauses where applicable.

6. Legal bases (EEA / UK users)

Where GDPR or UK GDPR applies, we process your data on the following bases: performance of a contract (to provide the Service), your consent (for push notifications and optional features), our legitimate interests (security, abuse prevention, product improvement), and legal obligations.

7. Data retention

• Account data is retained while your account exists.
• Check-ins, messages, reactions, and comments are retained for the life of the group.
• Stories expire 24 hours after posting and are removed by scheduled cleanup.
• When you delete your account, we delete or anonymize your personal data within 30 days, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements. Content that has been shared with a group (messages, check-ins, reactions, comments) may remain visible in that group's history in anonymized form.

8. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (you can edit name, handle, avatar, and settings in the app).
• Delete your account and associated data.
• Withdraw consent for notifications.
• Object to or restrict certain processing.
• Export your data in a portable format.
• Lodge a complaint with your local data protection authority.

To exercise these rights email us at privacy@familymaxxing.app.

9. Security

We use TLS in transit and encryption at rest for databases and file storage. Access to raw data is restricted to a small number of engineers and is audited. Database access is enforced via row-level security so you can only read and write your own data and the groups you belong to. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

10. Children

Familymaxxing is not directed at children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11. International transfers

Your data may be processed in countries other than where you live, including the United States. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

12. Money pools and settlements

Familymaxxing does not hold, escrow, or transmit funds. When a group uses a money pool, leaderboards and draft splits are computed inside the app, but the actual payments happen between members outside of Familymaxxing. You are responsible for any tax or legal implications of settling with other members.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll notify you in the app or by email before they take effect. The "Effective date" at the top of this page reflects the most recent revision.

14. Contact us

Questions or requests about this policy? Email privacy@familymaxxing.app.