Data controller: Rama Utbildning AB, Borstnejlikegatan 26, 291 58 Kristianstad, Sweden (org.nr 559429-7920).
Contact: support@familyskillz.com
On this page
1. Accounts are created by parents
Only adults (parents or guardians) can create a FamilySkillz account. Children do not create their own accounts and cannot sign up. A parent creates and fully controls each child profile, and a child can only use the App on a device the parent has explicitly connected. All data about a child is provided by, and remains under the control of, the parent.
2. What data we collect
Account data (parents). Email address and name, used to create and secure your account. Authentication is handled by our sign-in provider, Clerk.
Family and child profile data. Information the parent enters about each child: first name, birthday, gender, an avatar (emoji, photo or AI-generated image), and optional preferences. We use the floor age of 6 for app mechanics; the App is intended for children aged 6–17 under parental supervision.
Activity data. Tasks, habits, completions, rewards, tokens/XP and similar in-app activity for each family member. This is the core function of the App.
Photos.
- Task proof photos: a child may attach a photo when marking a task done, so the parent can review it. These photos are automatically deleted 48 hours after upload.
- AI avatar source photos: see section 3.
- Profile/pet photos: stored while the profile exists, deleted when you remove them or delete the profile.
Purchase data. Subscriptions are processed by Apple and our subscription provider RevenueCat. We never see or store your payment card details. We receive only the subscription status (active/expired) and anonymized transaction identifiers.
Device and technical data. Push notification tokens (so we can send the notifications you enable), language and device type.
Usage analytics and crash reports. We use PostHog (product analytics) and Sentry (crash reporting) to understand how the App is used and to fix bugs. This data is tied to your account or device identifiers, not sold, and not used for advertising.
3. AI features
AI avatar maker. A parent (or a child, with the parent's in-app PIN approval) can create a cartoon-style avatar from a photo. The photo is sent to our AI image provider Replicate, Inc. (USA) solely to generate the avatar. The source photo is deleted from our servers as soon as generation completes. Only the generated cartoon avatar is kept, stored in our cloud storage (Cloudflare R2). The parent-stated gender of the child is used in the generation prompt so the avatar matches the child.
Mentor (AI guidance for parents). Parents can ask our AI mentor questions about routines and parenting around chores. The text of your questions and relevant family context (such as children's first names and task setup) is sent to our AI provider OpenRouter to generate the answer. No photos are sent to the Mentor. Mentor conversations are not used to train AI models by us.
4. What we do NOT do
- We do not show advertising of any kind.
- We do not sell personal data, ever.
- We do not use children's data for marketing, profiling or tracking across apps.
- We do not collect precise location.
5. Service providers
We use the following processors to run the App. Each receives only the data needed for its purpose:
| Provider | Purpose | Location |
|---|---|---|
| Clerk | Account sign-in and authentication | USA |
| Convex | Application database and backend hosting | USA |
| Cloudflare R2 | Storage of generated avatar images | Global (USA) |
| Replicate | AI avatar image generation | USA |
| OpenRouter | AI text generation for the parent Mentor | USA |
| RevenueCat | Subscription management | USA |
| Apple | Payment processing, push notification delivery | Global |
| Expo | Push notification delivery | USA |
| Resend | Transactional email (e.g. co-parent invites) | USA |
| Sentry | Crash reporting | USA/EU |
| PostHog | Product analytics | EU/USA |
Where data is transferred outside the EU/EEA, we rely on the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses.
6. Legal bases (GDPR)
- Performance of contract: account, family, activity and subscription data — needed to provide the App.
- Consent: AI avatar photos, push notifications, task proof photos. Parental consent covers data about children, which parents provide and control.
- Legitimate interest: crash reporting, analytics and abuse prevention, balanced against your rights.
7. Data retention
- Account and family data: kept while your account exists.
- Task proof photos: deleted automatically after 48 hours.
- AI avatar source photos: deleted immediately after generation.
- Crash and analytics data: kept per our providers' standard retention, then deleted.
- When you delete your account, all family data — including all child profiles, tasks, progress and images — is permanently deleted.
8. Your rights
You can exercise both of these directly in the App under Profile → Privacy:
- Export your data — download a copy of everything stored about your family.
- Delete your account — permanently erase your account and all family data.
You also have the right to rectification, restriction, objection and data portability under GDPR. Contact us at support@familyskillz.com. You may lodge a complaint with the Swedish Authority for Privacy Protection (IMY, imy.se) or your local supervisory authority.
9. Security
Data is encrypted in transit (TLS) and at rest by our hosting providers. Access to family data requires authentication; child devices are bound to the family by parent-issued pairing codes and personal codes.
10. Changes
We may update this policy. Material changes will be announced in the App. The "Last updated" date above always reflects the current version.