Privacy Policy for Parendar

1. Introduction and Data Controller Information

Welcome to Parendar ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:
[YOUR LEGAL NAME OR COMPANY NAME]
[YOUR ADDRESS]
[YOUR EMAIL]
[YOUR PHONE NUMBER]

For data protection inquiries, contact: [YOUR DATA PROTECTION EMAIL]

2. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

2.1 Contract Performance (Art. 6(1)(b))

To provide the custody coordination services you signed up for.

2.2 Legitimate Interest (Art. 6(1)(f))

To improve the App, prevent fraud, and ensure security.

2.3 Consent (Art. 6(1)(a))

For optional features like push notifications and analytics (where required).

2.4 Legal Obligation (Art. 6(1)(c))

To comply with laws, regulations, and legal processes.

You have the right to withdraw consent at any time (see Section 8).

3. Information We Collect

3.1 Personal Information You Provide

When you create an account, we collect:

• Email address (required for authentication)
• Password (encrypted and hashed)
• Display name
• Parental role (mother/father)
• Partner pairing information (User ID of your co-parent)

3.2 Custody and Schedule Information

The App stores:

• Custody calendar data and schedule arrangements
• Custody requests and their status (pending, accepted, declined)
• Date-specific custody assignments and modifications
• Notes and communications related to custody arrangements

This data relates to custody arrangements for children but is entered by parents/guardians only. We do not directly collect information from children.

3.3 Technical Information (Automatically Collected)

• Device information (platform, OS version, device model)
• App usage data and interactions
• Push notification tokens (for delivering notifications)
• Error logs and crash reports
• IP address (for security and fraud prevention)
• Timestamps of actions

3.4 Information We Do NOT Collect

• We do not collect precise geolocation data
• We do not collect biometric data
• We do not collect financial information (unless you make purchases)
• We do not collect social security numbers or government IDs

4. How We Use Your Information (Purpose and Legal Basis)

We do NOT use your data for:

• Selling to third parties
• Automated decision-making that significantly affects you (GDPR Art. 22)
• Profiling for marketing purposes

5. Firebase Services and Data Processing

Parendar uses Firebase services provided by Google LLC as our data processor:

5.1 Firebase Authentication

• Manages user accounts and authentication
• Stores email addresses and encrypted authentication credentials
• Privacy Policy: https://firebase.google.com/support/privacy
• Google's GDPR compliance: https://cloud.google.com/privacy/gdpr

5.2 Firebase Firestore (Database)

• Stores user data, custody schedules, and requests
• Provides real-time data synchronization between co-parents
• Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Data location: [SPECIFY: e.g., "EU region (europe-west1)" or "US region"]

5.3 Firebase Cloud Functions (if applicable)

• Processes background tasks and notifications
• All functions operate within secure, isolated environments

5.4 Data Processing Agreement

We have a Data Processing Agreement (DPA) with Google LLC as required by GDPR Art. 28. Google acts as our data processor and processes data only on our instructions.

5.5 International Data Transfers

Firebase/Google may process data outside the EU/EEA. For such transfers, we rely on:

• EU Standard Contractual Clauses (SCCs)
• Google Cloud's adequacy decisions and certifications
• Additional safeguards as required by GDPR Chapter V

More information: https://cloud.google.com/privacy/gdpr

6. Data Sharing and Disclosure

6.1 With Your Co-Parent (Your Explicit Action)

When you pair with another user, you explicitly share:

• Your display name and parental role
• Custody calendar and schedule information
• Custody requests and responses
• Any notes or communications you choose to send

This sharing is based on your explicit action (pairing) and is necessary for contract performance.

6.2 With Service Providers (Data Processors)

We share information with trusted service providers who process data on our behalf:

All processors are bound by data processing agreements and process data only on our instructions.

6.3 Legal Requirements

We may disclose information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations (court orders, subpoenas)
• Respond to lawful requests from law enforcement
• Protect our rights, property, or safety
• Protect users from harm or illegal activities

We will notify you of legal requests unless prohibited by law.

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the receiving party honors this Privacy Policy.

6.5 We Do Not Sell Your Data

We will NEVER sell your personal information to third parties for marketing or any other purpose.

7. Data Security

We implement appropriate technical and organizational security measures to protect your information:

Technical Measures:

• Industry-standard encryption for data in transit (TLS 1.2+/SSL)
• Encrypted storage for data at rest (AES-256)
• Secure authentication using Firebase Authentication
• Password hashing with bcrypt
• Regular security audits and penetration testing
• Automated vulnerability scanning

Organizational Measures:

• Access controls and role-based permissions
• Employee training on data protection
• Incident response procedures
• Regular security reviews and updates
• Data minimization practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights Under GDPR (EU Residents)

If you are located in the European Union or European Economic Area, you have the following rights under GDPR:

8.1 Right of Access (Art. 15)

You have the right to request a copy of all personal data we hold about you. We will provide this within one month of your request.

How to exercise: Contact [YOUR DATA PROTECTION EMAIL] or use in-app "Export My Data" feature.

8.2 Right to Rectification (Art. 16)

You have the right to correct inaccurate or incomplete personal data.

How to exercise: Update your profile in the App settings or contact us.

8.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required by legal obligation

How to exercise: Use "Delete My Account" in App settings or contact us. Data will be deleted within 30 days.

Note: We may retain some data if required by law (e.g., financial records, dispute resolution).

8.4 Right to Restriction of Processing (Art. 18)

You have the right to limit how we use your data in certain circumstances:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data, but you need it for legal claims
• You've objected to processing pending verification

How to exercise: Contact [YOUR DATA PROTECTION EMAIL].

8.5 Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON) and transmit it to another service.

How to exercise: Use "Export My Data" feature in App settings. You'll receive a JSON file with all your data.

8.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Contact [YOUR DATA PROTECTION EMAIL]. We will stop processing unless we have compelling legitimate grounds.

8.7 Right to Withdraw Consent (Art. 7(3))

Where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to exercise: Adjust settings in the App or contact us. For example, disable push notifications in device settings.

8.8 Right Not to Be Subject to Automated Decision-Making (Art. 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affects you. We do not use automated decision-making or profiling in Parendar.

8.9 Right to Lodge a Complaint with Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe your rights have been violated.

EU Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en

For Germany:

• Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
• Website: https://www.bfdi.bund.de
• Or your local state data protection authority (Landesdatenschutzbehörde)

For other EU countries, find your authority at the link above.

8.10 Response Time

We will respond to your rights requests within one month. In complex cases, we may extend this by two additional months and will inform you of the delay.

8.11 No Fee (Usually)

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

9.1 Right to Know

You have the right to know:

• What personal information we collect
• The sources of that information
• The purposes for collection
• The categories of third parties we share with

9.2 Right to Delete

You have the right to request deletion of your personal information (subject to certain exceptions).

9.3 Right to Opt-Out of Sale

We do NOT sell your personal information. Therefore, there is nothing to opt-out of.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

9.5 How to Exercise CCPA Rights

Contact us at [YOUR DATA PROTECTION EMAIL] or use the "Data Privacy Request" option in App settings.

We will verify your identity before processing requests (to prevent unauthorized access).

10. Data Retention

We retain your information only as long as necessary for the purposes set out in this policy:

After deletion:

• Your personal information will be permanently deleted within 30 days
• We may retain anonymized/aggregated data that cannot identify you
• Backups are automatically purged after 90 days
• Your co-parent's data is not affected by your deletion

11. Children's Privacy

11.1 Age Requirement

Parendar is designed for parents/guardians who are at least 18 years old. We do not knowingly collect information from individuals under 18.

For EU residents: The minimum age for consent to data processing is 16 (or lower if your country allows, but never below 13).

11.2 Information About Children

The App stores information about custody arrangements for children, but this data is entered by parents/guardians, not by the children themselves. We do not directly collect personal information from children.

11.3 Parental Control

If you believe a child under 18 has created an account or we have collected information from a child, please contact us immediately at [YOUR DATA PROTECTION EMAIL] and we will delete the account promptly.

12. International Data Transfers

12.1 Where Your Data is Processed

Your information may be stored and processed in:

• European Union (if using Firebase EU region)
• United States (if using Firebase US region, or via Expo services)
• Other countries where our service providers operate

12.2 Safeguards for EU Residents (GDPR Chapter V)

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards:

• EU Standard Contractual Clauses (SCCs) approved by European Commission
• Adequacy decisions (for countries deemed to have adequate protection)
• Additional security measures (encryption, access controls)

12.3 Your Rights Regarding Transfers

EU residents can request information about:

• Which countries your data is transferred to
• The safeguards in place for each transfer
• Copies of the safeguards (e.g., SCCs)

Contact [YOUR DATA PROTECTION EMAIL] for this information.

13. Data Breach Notification

13.1 Our Commitment

We take data security seriously. In the event of a data breach that poses a risk to your rights and freedoms:

For EU Residents (GDPR Art. 33-34):

• We will notify the relevant supervisory authority within 72 hours
• We will notify affected users without undue delay
• Notification will include nature of breach, likely consequences, and remedial measures

13.2 What We'll Tell You

If you're affected by a breach, we'll inform you about:

• What happened and when
• What data was affected
• What we're doing about it
• What you should do (e.g., change password)
• How to contact us for more information

13.3 Your Actions

If you suspect unauthorized access to your account:

• Change your password immediately
• Contact us at [YOUR DATA PROTECTION EMAIL]
• Review your account activity

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Changes in applicable law
• New features or services
• User feedback

14.2 Notification of Changes

We will notify you of significant changes by:

• Posting the new Privacy Policy in the App with a prominent notice
• Updating the "Last Updated" date at the top
• Sending you an in-app notification or email (for material changes)
• For EU residents: Requesting renewed consent if required by GDPR

14.3 Material Changes

Material changes include:

• Changes to purposes of data processing
• Addition of new data types collected
• Changes to data sharing practices
• Changes to your rights

14.4 Your Acceptance

Your continued use of the App after changes become effective constitutes acceptance of the updated policy. If you don't agree, please stop using the App and delete your account.

15. Third-Party Links and Services

15.1 External Links

The App may contain links to third-party websites or services (e.g., support documentation, legal resources). We are not responsible for:

• The privacy practices of these third parties
• The content or security of external sites
• Data collected by third parties

15.2 Your Responsibility

Please review the privacy policies of any third-party services you access through the App. Your use of third-party services is at your own risk.

15.3 Third-Party SDKs

The App may include software development kits (SDKs) from:

• Expo (push notifications, app infrastructure)
• Google/Firebase (authentication, database)

These SDKs may collect technical information. See their privacy policies for details.

16. Cookies and Tracking Technologies

16.1 Mobile App (No Cookies)

As a native mobile application, Parendar does not use browser cookies. However, we use similar technologies:

16.2 Web Version (If Applicable)

If you access Parendar via web browser, we may use:

• Essential cookies (required for functionality)
• Analytics cookies (with your consent)
• Session cookies (expire when you close browser)

You can control cookies through your browser settings.

17. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. As a mobile app, we don't respond to browser DNT signals. However, you can control tracking through:

• Device privacy settings (iOS: Limit Ad Tracking, Android: Opt out of Ads Personalization)
• App settings (disable analytics if available)

18. Contact Information for Privacy Matters

For questions, concerns, or requests regarding your personal data:

General Privacy Inquiries:
Email: [YOUR DATA PROTECTION EMAIL]
Response time: Within 5 business days

Data Subject Rights Requests (GDPR/CCPA):
Email: [YOUR DATA PROTECTION EMAIL]
Subject line: "Data Rights Request - [Your Request Type]"
Response time: Within 30 days (GDPR), 45 days (CCPA)

Data Protection Officer (if applicable):
[DPO NAME]
Email: [DPO EMAIL]

Postal Address:
[YOUR LEGAL NAME OR COMPANY NAME]
[STREET ADDRESS]
[CITY, STATE/PROVINCE, POSTAL CODE]
[COUNTRY]

In-App Contact:
Settings → Help & Support → Contact Us → "Privacy/Data Question"

19. Legal Compliance and Certifications

Parendar complies with:

• ✓ EU General Data Protection Regulation (GDPR)
• ✓ California Consumer Privacy Act (CCPA)
• ✓ ePrivacy Directive (Cookie Law)
• ✓ Children's Online Privacy Protection Act (COPPA) - N/A (no children users)
• [Add others as applicable: LGPD (Brazil), PIPEDA (Canada), etc.]

Data Processing Agreements:

• ✓ Google Cloud / Firebase Data Processing Amendment
• [Add others as applicable]

20. Consent and Acknowledgment

By creating an account and using Parendar, you:

• Acknowledge that you have read and understood this Privacy Policy
• Agree to the collection, use, and disclosure of your information as described
• Confirm that you are at least 18 years old (or 16+ for EU with parental consent if applicable)
• Understand your rights under GDPR, CCPA, and other applicable laws
• Consent to international data transfers as described in Section 12

For processing based on consent:

• Your consent is freely given, specific, informed, and unambiguous
• You can withdraw consent at any time (see Section 8.7)
• Withdrawal does not affect lawfulness of processing before withdrawal

21. Specific Provisions for EU/EEA Residents

If you are located in the EU/EEA, the following additional provisions apply:

21.1 Data Controller

[YOUR LEGAL NAME OR COMPANY NAME] is the data controller responsible for your personal data.

21.2 Legal Representative (if outside EU)

If we are not established in the EU, our EU representative is:

[EU REPRESENTATIVE NAME AND CONTACT - Required if you're outside EU but serve EU users]

21.3 Data Protection Officer

[If you process data at scale or sensitive data, you may need a DPO]

Contact: [DPO EMAIL]

21.4 Right to Lodge Complaint

You have the right to lodge a complaint with your local supervisory authority. Find your authority at:

https://edpb.europa.eu/about-edpb/board/members_en

22. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable law, such unenforceability or invalidity shall not render this Privacy Policy unenforceable or invalid as a whole. The unenforceable or invalid provisions will be replaced with valid provisions that most closely match the intent of the original.

23. Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Parendar regarding the use of the App.

24. Language

This Privacy Policy is written in English. In case of conflicts between translated versions, the English version prevails.

Effective Date

EFFECTIVE DATE: [INSERT DATE]

DISCLAIMER FOR DEVELOPERS: This is a GDPR-compliant template privacy policy. Before launching:

1. Replace ALL bracketed placeholders [LIKE THIS] with your actual information
2. Choose Firebase data location (EU or US) and update Section 5.2
3. Specify your legal jurisdiction
4. Add Data Protection Officer info if required
5. Add EU representative if you're outside EU but serve EU users
6. Have this reviewed by a qualified data protection lawyer
7. Ensure your app actually implements the data practices described here
8. Set up processes to handle data subject rights requests
9. Sign Data Processing Agreements with all processors (Firebase, Expo, etc.)
10. Create internal procedures for data breach notification

Legal review is strongly recommended. This template provides a strong foundation but should be customized to your specific circumstances.

For GDPR compliance checklist: https://gdpr.eu/checklist/

For Firebase GDPR compliance: https://firebase.google.com/support/privacy