Privacy Policy
Draft — pending legal review. Bracketed [placeholders] have not been filled in and this document is not yet in force.
Who this is for
Tidiest is operated by [Operator legal name] ("we", "us"). This Privacy Policy explains what information we collect, why, and your rights as a parent or legal guardian. Tidiest is intended to be set up and controlled by a parent or legal guardian who is at least 18 years old. Children do not have their own accounts and cannot agree to this policy.
Our commitment to children's privacy (COPPA)
Tidiest is designed for households with children, including children under 13, and we comply with the U.S. Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from a child without first obtaining verifiable consent from that child's parent or legal guardian. We collect the minimum information needed to run the chore-and-rewards feature, and nothing more.
What we collect from the parent
• Identity: Tidiest uses your own iCloud account as your identity. There is no Tidiest username, password, or login — we do not run an authentication server and we never hold a credential for you. Apple, not us, knows who you are. • Subscription status: whether you have an active paid plan. Apple processes all payments; we never see your card details. The only place any real contact or billing information lives is your Apple account, which we do not control.
What we collect about a child
• A nickname you choose (e.g. "Kid 1") and an age group — NOT the child's real name. • Chore photos the child submits. A photo of a child is "personal information" under COPPA, which is exactly why a parent must consent before the camera is unlocked. • Chore results: the AI's score/grade, brief feedback, and the gems earned. We do NOT collect a child's real name, email, phone number, precise location, or any advertising/tracking identifier. Photo location metadata (EXIF/GPS) is stripped on the device before any photo leaves the phone.
How we use chore photos
A submitted photo is used for one purpose: to grade the chore against the rules you wrote, and to let you review and contest the result. We do not use children's photos to build profiles, train advertising systems, or identify or track anyone.
Third parties we share with
• Apple (iCloud / CloudKit): all of your family's data lives in your own iCloud account — the account and household, chores, rewards, the gem ledger, and the review photos. Apple, not us, is the custodian of that data; Apple also processes subscription payments and provides the consent verification step. Each child's device joins your household by scanning a private invite code you show them. • Google (Vertex AI): each submitted photo and its chore rules are sent to Google's Vertex AI platform — an enterprise service operating under a data-processing agreement, with the photo processed transiently for grading only and never stored or used to train models. This is the only third party that receives a child's photo, and only for grading. • Our grading service: the only server we run. It receives the transient photo, requests the grade from Vertex AI, and writes the resulting gem award into your family's iCloud as a cryptographically signed record. It stores no photos and keeps no copy of your family's data at rest. We do not sell personal information, and we do not share it for advertising.
How long we keep information
We keep each kind of information only as long as it is reasonably necessary, then delete it. This is our data-retention policy; the same policy is also published in full as a standalone Data Retention Policy. • Chore photos (the review copy): permanently and irreversibly deleted after roughly 72 hours. That window is deliberate — long enough for you to review and dispute a child's work, and no longer. Photos are shared through your own iCloud (CloudKit) and never live on our servers. • The transient photo sent for grading: discarded the moment the grade is produced — never stored or logged by us, and not retained by the AI provider. • Gem ledger, balance, chore submissions, and reward redemptions: kept in your family's iCloud while your account is active, because they are the running record of the app, and deleted when you remove the child or the account. • Device pairing codes: expire 24 hours after creation and are swept automatically; also deleted when the child is removed. • Your version-stamped consent record: kept while the account is active as proof that consent was given. • The age-verification signal at setup: never stored — reduced to a yes/no result and immediately discarded. A child's nickname, age group, and personality are kept while the account is active and deleted when the child or account is removed.
Your rights as a parent
You can, at any time: review the photos and grades your child submitted in the parent dashboard; overrule the AI's decision; and request deletion of your child's information or your entire account, which cascade-deletes all associated children, chores, submissions, and ledger entries. To exercise these rights, use the in-app controls or contact us at [privacy@your-domain]. You may also refuse to allow any further collection of your child's information by withdrawing consent (this disables photo submission).
Security
Your family's data lives in your own iCloud account, isolated per child in its own CloudKit zone — a child's device can read its chores and write its chore photos, but cannot alter its own gem balance. Gems are authoritative because only our grading service can issue them: every gem entry is cryptographically signed, and the app trusts only signed balances, so neither a child's device nor a tampered record can mint gems. Verification photos stay within your family's iCloud rather than on our servers. No system is perfectly secure, but we apply reasonable measures appropriate to the sensitivity of children's data. The full set of safeguards is published as our Information Security Program.
Changes & contact
If we make a material change to how we handle children's information, we will ask the parent to review and consent again before the change applies to your household. Questions or requests: [Operator legal name], [privacy@your-domain]. This policy is governed by the laws of [your state/country].