LEGAL · PRIVACY POLICY

Privacy Policy

Effective: 12 May 2026 Operator: ChoreBoard, Australia Contact: privacy@choreboard.io

The short version

ChoreBoard stores the data you and your family enter so the app works. We don't sell it and we don't run advertising.
Parents sign in with email + password. Kids sign in with a 4-digit PIN added by a parent. Both are stored as Argon2 hashes — we never see them in plain text.
We use a small set of standard SaaS sub-processors for hosting, email, analytics, and crash reporting. They're listed in §5.
You can export or delete your family's data any time. Email privacy@choreboard.io.
ChoreBoard is operated from Australia and complies with the Australian Privacy Principles under the Privacy Act 1988.

01 Who we are

ChoreBoard ("we", "us", "our") is a family-dashboard SaaS operated from Australia. We provide a web app where parents and kids in a single household track and complete chores together, and a marketing site at choreboard.io.

For privacy questions or to exercise any of the rights described below, write to privacy@choreboard.io.

02 What we collect

From parents (account holders)

Email address, name, password (stored as an Argon2id hash, never plain text).
Family name and timezone.
Optional web-push subscription details (only if you install the PWA and opt in to notifications).
Payout-day and payout-time preferences.

About kids in the family (entered by a parent)

Display name, avatar, colour, and a 4-digit PIN (stored as an Argon2id hash).
Optional personal goal name and target amount.

Kids do not have an email address on file, do not receive email or push notifications from us, and cannot create their own ChoreBoard account.

Activity data created as you use the product

The chore catalog (chore names, dollar values, cadences) you set up.
Chore instances — created, claimed, submitted, approved, or missed timestamps and the member who took the action.
Optional photos attached to chore submissions.
Ledger entries, weekly tallies, badges, streaks, XP, and goals.

Automatically collected

Server logs (IP, user-agent, request path, response status) used for security and debugging.
A first-party HTTP-only cookie (cb_session) used to keep you signed in.
Pseudonymous product analytics (which screens you opened, which features you used). No advertising pixels, no third-party trackers.
Crash reports (stack traces, browser/device model) when something goes wrong.

03 Children's data

ChoreBoard is designed for households where parents add their own children. We treat that responsibility seriously.

Kids sign in with a 4-digit PIN selected by a parent. They never enter an email address.
Kids cannot create their own ChoreBoard account. Only a parent who has accepted these terms can add a kid profile.
The Owner of a family is the controller of all kid data in their household and can delete any kid profile and its history at any time from /admin.
We do not show advertising to anyone. We do not sell or share kid data with anyone for marketing purposes.
If you believe a kid profile has been added without parental consent, email privacy@choreboard.io and we will remove it within 7 days.

04 How we use it

Run the product (showing the board, materialising recurring chores, sending push notifications you opted in to, etc.).
Authenticate sign-in and keep your session alive.
Send transactional email — sign-up verification, password reset, weekly payout summary. We don't run marketing email campaigns.
Improve the product (which features get used, where people get stuck).
Investigate bugs, abuse, and security incidents.
Comply with legal obligations.

We do not sell your data, share it with advertisers, or use it to build profiles for marketing — yours or your kids'.

05 Sub-processors

We rely on a small set of vendors to run the service. Each one only sees the data they need to do their job, under a written data-processing agreement. The list below is current as of the effective date.

Vendor	Data they see	Purpose
Render (USA)	Database, application logs	Hosting (Postgres + web server)
Cloudflare R2 (USA / EU)	Photos you choose to attach	Object storage for chore photos
Resend (USA)	Email address, transactional content	Sending sign-up, reset, and payout-summary email
PostHog (USA / EU)	Pseudonymous product events	Product analytics
Sentry (USA)	Error stack traces, user pseudonym	Crash reporting
Apple / Google / Mozilla push gateways	Encrypted push payloads	Delivering opt-in browser notifications

We'll update this list before adding a new sub-processor that handles family data. The current list is also published at /privacy.html on the marketing site.

06 Cookies and local storage

We use a single first-party cookie, cb_session, set as HttpOnly; Secure; SameSite=Lax. It contains only a session identifier and is used to keep you signed in. We don't set marketing or third-party tracking cookies.

We also store a small amount of data in your browser's localStorage so the app can remember which family device you're on (for example, the family roster on the kid sign-in screen). That data never leaves your browser.

07 Security

Passwords and PINs are hashed with Argon2id before being written to disk.
Sessions are server-side. Session cookies are HTTP-only and SameSite=Lax.
All traffic is HTTPS in production.
Photos are uploaded directly to Cloudflare R2 over presigned URLs and served only over HTTPS.
We follow the principle of least privilege internally.

No system is perfectly secure. We commit to keeping at it and to telling affected families promptly if something goes wrong.

08 Data retention

Active families: we keep your data while your account is active.
Inactive families: if no parent has signed in for 24 months, we'll email the Owner and then delete the family after 30 days.
Photos attached to chores: retained for 12 months by default, then auto-deleted. The Owner can change this in /admin.
Server logs: rolling 30 days.
Backups: rolling 30 days. Any deletion you request will replicate to backups within that window.

09 Your rights

You can:

Access the data we hold about your family by signing in — the app shows you all of it.
Export the family ledger as CSV from the admin screen, and request a full data export by emailing us.
Correct any record from the admin screens.
Delete your account and your family at any time. Email privacy@choreboard.io and we'll action within 30 days.
Object to product analytics — tell us at the same address and we'll exclude your account.
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data: oaic.gov.au.

If you are in the EU/UK, the same rights are available to you under the GDPR/UK GDPR. We process EU/UK personal data on the basis of contract (running the product you signed up for) and legitimate interest (security and product improvement).

10 International transfers

Our hosting and sub-processors may store data in the United States and Europe. Where data leaves Australia we rely on contractual safeguards consistent with the Australian Privacy Principles and, for EU data, Standard Contractual Clauses.

11 Changes to this policy

We'll post material changes here and email the Owner of each family at least 14 days before they take effect. Trivial fixes (typos, vendor name updates, contact addresses) take effect immediately.

12 Contact

privacy@choreboard.io — privacy questions and rights requests.
support@choreboard.io — everything else.
ChoreBoard, Australia.