Privacy Policy

Company (referred to as "We", "Us", or "Our") refers to FamilyHQ, United Kingdom. For the purposes of GDPR, the Company is the Data Controller.

Service refers to the FamilyHQ iOS application and the website at family-hq.uk.

Personal Data means any information relating to an identified or identifiable individual — including name, email address, location data, or any online identifier.

You means the individual accessing or using the Service. Under GDPR, You may be referred to as the Data Subject.

Age Requirement: FamilyHQ is intended for users 13 years of age or older. Children under 13 may appear in family content (photos, events, tasks) added by a parent or guardian, but may not create their own accounts.

Core Account Information

• •Required: First name, last name, email address, date of birth, profile picture, unique @handle.
• •Optional profile fields: Bio, phone number, nickname, pronouns, occupation, workplace, timezone, home postal address, and social media links (Instagram, TikTok, X, Facebook, personal website).

Sensitive Personal Information (Optional)

These fields are entirely optional and only stored if you choose to enter them:

• •Emergency contact: Name, phone number, relationship, and notes for your nominated emergency contact.
• •Medical information: Blood type, allergies, medical conditions, current medications, GP name, GP phone number, and NHS number. This constitutes health data and is treated as special category data under UK GDPR Article 9. It is stored in your user profile, visible only to you and family admins you trust, and is processed solely for the purpose of making it available within your family group in an emergency.

Calendar Events (including Family Circle Events)

• •Standard events: Title, date, time, location, description, attendee UIDs, RSVP responses, recurrence rules, and reminder preferences.
• •Family Circle events: In addition to standard event data, circle events may include a per-person price and currency, maximum headcount, dress code, RSVP deadline, and per-member RSVP responses. Each RSVP response stores: the member's UID, their answer (coming / not coming / maybe), their headcount, an optional note, their display name, and their avatar. Secret circle events also store the UIDs of members excluded from seeing the event.

Family Content You Create

• •Tasks and chores: Titles, assignments, due dates, completion records, points, and reward configurations.
• •Expenses: Title, amount, currency, category, who paid, individual split amounts per member, and optional receipt image and notes.
• •Grocery lists, meal plans, and recipes: Items, quantities, weekly meal plans (breakfast, lunch, dinner, and snacks per day), and saved family recipes.
• •Notes, routines, countdowns, and goals: Content and configuration you create within these features, including which family members are assigned to or participating in each item.
• •Family feed posts: Text, photos, and videos shared to your family feed. Posts may also include: a location tag (place name and coordinates), a mood or "feeling" label, and the UIDs of members who liked the post. Posts may include polls (question, options, and the UIDs of members who voted for each option) and emoji reactions (a mapping of emoji to an array of member UIDs who used it).
• •Post comments: Comment text, author name and UID, the UIDs of members who liked each comment, and reply threading (which comment a reply is responding to) are stored per post.
• •Family stories: Short-lived photo or video posts visible to your family. Each story records which member UIDs have seen it (seenByUIDs). Stories are ephemeral — they expire automatically.
• •Memory jar: Photos, videos, and captions saved as family memories. Emoji reactions on memories (member UID → emoji) are stored alongside each memory.
• •Chat messages: Text, images, videos, voice notes, stickers, and GIFs sent in family and direct conversations. Each message records which member UIDs have read it (read receipts) and emoji reactions (a mapping of emoji to the UIDs of members who reacted).
• •Wish lists: Items and gift claim relationships (stored separately to preserve gift-surprise secrecy; the item owner cannot read who claimed their gift).
• •Family tree: Names, relationships, dates of birth and death, gender, and biographical notes for family tree members (including deceased relatives you choose to record).
• •Emergency playbook: Emergency scenario plans you create for your family.
• •Ask The House: Short-lifecycle family requests ("Can someone take the bins out?"), including the question text, request type, responses from members (text and emoji), and resolution status.
• •Streaks: Streak title, goal, frequency, and which family members are participating.

Family Hub

The Family Hub is a shared daily board visible to all family members. It stores:

• •Mood check-ins: An emoji and short status text per member (e.g. "At work until 6"), updated in real time.
• •Shoutouts (appreciations): The sending member, the receiving member, and the message text when one member sends a shoutout to another.
• •Looking forward: A short text entry from each member about what they are looking forward to that week.
• •Morning messages: An optional daily note left for the family by any member.

Trusted Contacts

The Contacts+ feature lets your family store a shared directory of trusted third-party contacts. Each entry may include that person's name, phone number, email address, category tags (e.g. neighbour, doctor, babysitter, dentist, vet, solicitor, accountant, plumber), and optional notes. This is data about third parties who have not themselves used FamilyHQ. You are responsible for ensuring you have an appropriate basis for storing another person's contact details.

Sitter Access and Safe Arrival

• •Sitter access records: When you grant a babysitter or carer temporary access to your family, we store their name, optional email address, access level (limited / standard / full), start and end dates, and a checklist of handover items.
• •Safe Arrival requests: When a family member sets a Safe Arrival check-in, we store the destination name, destination latitude and longitude, expected arrival time, actual arrival time (if confirmed), and the UIDs of the requesting and target member. These location coordinates are stored in Firestore until the request is resolved or cancelled.

Pets

• •Pet profile: Name, species, breed, colour, date of birth, gender, microchip ID, vet name and phone, and owner notes.
• •Feeding and care schedules: Configured feeding times, feeding notes, let-out times, and let-out notes stored on the pet's profile.
• •Health records: Vaccination records, vet checkup notes, surgery records, medication records, grooming and dental records — each with the date, vet name, document attachments (stored in Firebase Storage), and next-due reminders. Pet health records are stored within your family's private Firestore documents.
• •Daily care logs: Logged feeding, walking, grooming, medication administration, and play sessions, each with a timestamp and which family member recorded the entry.

Vehicles

• •Vehicle details: UK registration number, and vehicle details retrieved from the DVLA (make, colour, fuel type, tax and MOT status). Registration lookups go through our server-side Cloud Function — your device does not contact DVLA directly.
• •Additional vehicle data: Insurance expiry date, monthly vehicle budget, current mileage, and which family member the vehicle is assigned to.
• •Vehicle expenses: Fuel, service, and other vehicle cost entries — amount, category, date, notes, and who logged the entry.
• •Mileage log: Odometer readings with date, notes, and which family member recorded them.
• •Service reminders: MOT, service, tyre, brake, warranty, and breakdown cover reminders with due dates and completion status.

Family Vault

The Family Vault is a PIN and biometric-protected secure store. Vault entries (passwords, PINs, insurance details, financial accounts, and other sensitive records) are encrypted on your device using AES-GCM before upload. We store only the ciphertext — we cannot read the content of your vault items. Each entry also stores a cleartext category label and, if applicable, a website URL. The encryption key is derived from your Vault PIN and never leaves your device in plaintext.

Local Business Directory

FamilyHQ includes a community-maintained local business directory. If you add your own business listing, we store the business name, phone number, address, website URL, business category, opening hours, and tags in a publicly readable Firestore collection (visible to any authenticated FamilyHQ user). Reviews submitted to a listing (star rating 1–5 and optional comment text) are similarly stored publicly and attributed to your display name.

Family Circle

Family Circle connects multiple family units into a wider extended-family network. We store the circle name, description, avatar and banner images, member list (display names, roles, and which family each member belongs to), invite codes, and join requests (including the display name, family details, and UIDs of the requesting user and anyone they wish to bring).

Parental Controls and Children's Data

• •Child controls: Screen time limits, bedtime schedules, curfew settings, and content rating preferences — set by a parent or guardian.
• •Screen time reports: Daily screen time totals and per-app usage summaries for children, viewable by parents.
• •Allowance and rewards: Allowance amounts, frequency, currency, points balance, and total points earned per child.

Media and Files

• •Photos and videos: Media uploaded to the family feed, memory jar, or chat. GPS coordinates embedded in EXIF data may be extracted and stored with the media.
• •Voice notes: Audio recordings sent in chat.
• •Pet health documents: Document files (e.g. vaccination certificates) attached to pet health records are stored in Firebase Storage within your family's private storage bucket.

Community Content

• •Emergency playbook scenarios, chore packs, and recipes you voluntarily share are stored in public collections attributed to your display name and family ID. Content is AI-moderated before publication and can be deleted by you at any time.

Technical Data

• •FCM token: Device push notification token used solely to deliver notifications to your device.
• •Notification history: In-app notification records (type, title, body, read status) stored per user to power the in-app notification centre.
• •Security audit log: A tamper-evident log of security-relevant actions — sign-in, sign-out, vault access, profile edits, family joins and leaves — stored at users/{uid}/auditLog and readable only by you. Each entry records the event type, optional detail, device model, iOS version, app version, and server timestamp. No IP addresses are logged.
• •Subscription status: Active subscription and product entitlements. Payment is handled entirely by Apple — we never see card details.
• •Biometric credentials: Stored in the iOS Keychain on your device only if you enable Face ID / Touch ID for the Family Vault. We never receive or store biometric data.
• •Location: Requested when you search for nearby businesses (Google Places) or set a Safe Arrival destination. Safe Arrival coordinates are stored in Firestore as described above. Location for Places searches is transmitted to Google but not stored by us. EXIF location from uploaded media is stored with that media as noted above.

FamilyHQ uses the following trusted services to operate:

• •Google Firebase (Google LLC): Authentication, Firestore database, Cloud Storage, Cloud Functions, Cloud Messaging (push notifications), and App Check (security). Data may be processed on Google servers within and outside the UK/EEA. Google acts as a Data Processor under our instruction. See Google's Privacy Policy.
• •Google Places API (Google LLC): Used in the app to search for nearby businesses (e.g. vets, local services). Search queries and your approximate location are sent to Google when you perform a search. "Powered by Google" attribution is displayed where this data appears. See Google's Privacy Policy.
• •Google Gemini AI (Google LLC): Powers the Compass AI assistant (server-side only). Questions you ask Compass are sent to Gemini via our Cloud Functions. We do not store your Compass conversation history on our servers beyond the active session. Gemini's use is governed by Google's Privacy Policy.
• •DVLA Vehicle Enquiry Service (Driver and Vehicle Licensing Agency, UK): Used to look up UK vehicle details when you add a vehicle. Lookups are made server-side via our Cloud Functions — your API request does not originate directly from your device. The DVLA returns publicly registered vehicle data (make, tax status, MOT status). No personal data about you is sent to DVLA.
• •Apple (App Store, StoreKit, APNs, App Attest): Subscription and payment processing (Apple manages all billing), push notification delivery, and App Check verification to confirm the app is genuine. Apple's use of data is governed by Apple's Privacy Policy.

• ✓To provide, operate, and improve the FamilyHQ service
• ✓To sync your family's content in real time across devices
• ✓To send push notifications (reminders, events, messages) you have opted into
• ✓To moderate community content for safety using AI-assisted review
• ✓To manage your subscription status and verify entitlements
• ✗We never sell your personal data to any third party
• ✗We never use your data for advertising or tracking
• ✗We do not use analytics SDKs, advertising identifiers, or behavioural tracking

The Compass AI assistant processes the questions you type or speak via Google Gemini, running server-side in our Firebase Cloud Functions.

• •Your question and any relevant family context you include are sent to Gemini for processing.
• •Compass responses are displayed in the app. We do not retain a permanent server-side log of your Compass conversations.
• •Compass does not provide medical diagnoses or legal advice. Always consult a qualified professional for medical, legal, or financial matters.
• •Community content moderation (for submitted playbook scenarios and chore packs) also uses Gemini server-side to assess reports. No user-identifying information is included in moderation prompts.

Your data is protected by multiple layers of security:

While we use commercially reasonable measures to protect your data, no method of internet transmission is 100% secure. We encourage you to use a strong password and keep your device locked.

• •Account and family data: Retained for as long as your account is active. Deleted within 30 days of account deletion, except where legally required to retain.
• •Location data: Not permanently stored — updated in real time and discarded when sharing is disabled.
• •Community content: Retained until you delete your submission or it is removed by moderation. Deleted submissions are removed within 24 hours.
• •Biometric credentials (Keychain): Stored on your device only. Automatically invalidated by iOS if you add a new biometric enrolment. Cleared when you disable biometric login in the app or delete the app.
• •Security audit log: Retained for the lifetime of your account to support your right to review your security activity history. Deleted with your account.
• •Safe Arrival coordinates: Destination latitude and longitude stored in Firestore only for the duration of an active Safe Arrival request. Automatically cleared when the request is resolved, missed, or cancelled — typically within hours.

• •Contract: Processing your account and family data is necessary to deliver the FamilyHQ service you signed up for.
• •Legitimate interests: Community content moderation, security monitoring, and push notifications for service-related events.
• •Consent (Article 9 — special category health data): Medical information (blood type, allergies, conditions, medications, NHS number) is processed only on the basis of your explicit consent. You can withdraw this consent at any time by deleting the data from your profile. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

If you are in the UK or European Economic Area, you have the following rights under GDPR:

• •Access: Request a copy of the personal data we hold about you.
• •Rectification: Ask us to correct inaccurate information.
• •Erasure: Request deletion of your personal data. You can also delete your account directly from within the app.
• •Restriction: Ask us to limit how we process your data in certain circumstances.
• •Portability: Request your data in a portable, machine-readable format.
• •Object: Object to processing based on legitimate interests.
• •Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@family-hq.uk. We will respond within one month, with a possible extension of two further months for complex requests. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

You can delete your account and all associated data at any time from Profile → Settings → Delete Account within the app. Upon deletion:

• •Your account is immediately deactivated.
• •Personal data is permanently deleted from our systems within 30 days.
• •Content you contributed to shared family spaces (e.g. messages, photos) may remain visible to other family members unless the family itself is deleted.

To request deletion without in-app access, email privacy@family-hq.uk.

FamilyHQ does not knowingly collect personal data from children under the age of 13. Account creation requires the user to be at least 13 years old. If you are a parent or guardian and believe your child under 13 has created an account, please contact us at privacy@family-hq.uk and we will delete the account promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email, and update the "Last updated" date at the top of this page. Continued use of FamilyHQ after changes are posted constitutes acceptance of the updated policy.