Privacy Policy for Parendar

Last Updated: January 1, 2026

1. Introduction and Data Controller Information

Welcome to Parendar ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:
Krisztian Kesztyues
Buergermeister-Krebs Str. 5
85221 Dachau, Germany
Email: support@parendar.com
Phone: [PHONE NUMBER REQUIRED BY LAW - Please add before launch]

For data protection inquiries, contact: support@parendar.com

2. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

2.1 Contract Performance (Art. 6(1)(b))

To provide the custody coordination services you signed up for.

2.2 Legitimate Interest (Art. 6(1)(f))

To improve the App, prevent fraud, and ensure security.

2.3 Consent (Art. 6(1)(a))

For optional features like push notifications and analytics (where required).

2.4 Legal Obligation (Art. 6(1)(c))

To comply with laws, regulations, and legal processes.

You have the right to withdraw consent at any time (see Section 8).

3. Information We Collect

3.1 Personal Information You Provide

When you create an account, we collect:

Email address (required for authentication)
Password (encrypted and hashed)
Display name
Parental role (mother/father)
Partner pairing information (User ID of your co-parent)

3.2 Custody and Schedule Information

The App stores:

Custody calendar data and schedule arrangements
Custody requests and their status (pending, accepted, declined)
Date-specific custody assignments and modifications
Notes and communications related to custody arrangements

This data relates to custody arrangements for children but is entered by parents/guardians only. We do not directly collect information from children.

3.3 Technical Information (Automatically Collected)

Device information (platform, OS version, device model)
App usage data and interactions
Push notification tokens (for delivering notifications)
Error logs and crash reports
IP address (for security and fraud prevention)
Timestamps of actions

Note: For details on Analytics and Crashlytics data collection, see Section 6.

3.4 Information We Do NOT Collect

We do not collect precise geolocation data
We do not collect biometric data
We do not collect financial information (unless you make purchases)
We do not collect social security numbers or government IDs

4. How We Use Your Information (Purpose and Legal Basis)

Purpose	Legal Basis (GDPR)
Provide and maintain App functionality	Contract Performance
Facilitate custody schedule coordination	Contract Performance
Send notifications about requests/responses	Contract Performance + Consent
Authenticate and secure your account	Contract Performance + Legitimate Interest
Improve and optimize App experience	Legitimate Interest
Provide customer support	Contract Performance
Ensure security and prevent fraud	Legitimate Interest + Legal Obligation
Comply with legal obligations	Legal Obligation
Analytics, crash reporting, and usage statistics (see Section 6)	Legitimate Interest + Consent

We do NOT use your data for:

Selling to third parties
Automated decision-making that significantly affects you (GDPR Art. 22)
Profiling for marketing purposes

5. Firebase Services and Data Processing

Parendar uses Firebase services provided by Google LLC as our data processor:

5.1 Firebase Authentication

Manages user accounts and authentication
Stores email addresses and encrypted authentication credentials
Privacy Policy: https://firebase.google.com/support/privacy
Google's GDPR compliance: https://cloud.google.com/privacy/gdpr

5.2 Firebase Firestore (Database)

Stores user data, custody schedules, and requests
Provides real-time data synchronization between co-parents
Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
Data location: EU region (europe-west1) - Frankfurt, Germany

5.3 Firebase Cloud Functions (if applicable)

Processes background tasks and notifications
All functions operate within secure, isolated environments

5.4 Data Processing Agreement

We have a Data Processing Agreement (DPA) with Google LLC as required by GDPR Art. 28. Google acts as our data processor and processes data only on our instructions.

5.5 International Data Transfers

Firebase/Google may process data outside the EU/EEA. For such transfers, we rely on:

EU Standard Contractual Clauses (SCCs)
Google Cloud's adequacy decisions and certifications
Additional safeguards as required by GDPR Chapter V

More information: https://cloud.google.com/privacy/gdpr

Note: For information about PostHog Analytics and Sentry crash reporting, see Section 6 below.

6. Analytics and Usage Data

Parendar uses PostHog Analytics and Sentry to improve the app, identify bugs, and understand how users interact with our features. This section explains what data is collected, why, and how you can control it.

6.1 PostHog Analytics

We use PostHog, a privacy-focused analytics platform, to understand how users interact with our app and improve the user experience.

Data Collected:

App lifecycle events (app open, app close)
Screen views and navigation patterns
Touch interactions and UI element interactions
Custom events: sign-up, login, partner pairing, request creation/response
User properties: role (mother/father), partner status
Firebase User ID (pseudonymized identifier)

Specific Events Tracked:

sign_up - When you create an account
login - When you log in
partner_paired - When you pair with your co-parent
request_created - When you create a custody request (includes request type)
request_responded - When you respond to a request (includes response: accepted/declined)
rate_limit_hit - When you hit rate limits (includes limit type and time remaining)

Service Provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA
Privacy Policy: https://posthog.com/privacy
Data Location: EU Cloud (https://eu.i.posthog.com) for GDPR compliance

Legal Basis: Your consent (GDPR Art. 6(1)(a))

Opt-Out: You can disable analytics tracking at any time in the app's Settings menu. When disabled, no analytics events are collected.

Data Retention: 90 days from collection

Important: We do NOT collect the actual content of your custody schedules, communications with your co-parent, or any information about your children.

6.2 Sentry for Crash Reporting

We use Sentry to detect, diagnose, and fix crashes and errors in the app. This helps us maintain app stability and quickly address technical issues.

Data Collected:

Stack traces and error messages
Device information (model, OS version, screen size)
App state at time of error
User context: Firebase User ID, email (if logged in)
Breadcrumbs: Recent user actions leading to the error
Performance data (20% sampling rate in production)

Service Provider: Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
Privacy Policy: https://sentry.io/privacy/
Data Location: US Cloud

Legal Basis: Legitimate interest in maintaining app stability and security (GDPR Art. 6(1)(f))

Opt-Out: Crash reporting cannot be disabled as it is necessary for app stability and security. However, we minimize data collection and anonymize personal information where possible.

Data Retention: 90 days from collection. Error reports are automatically deleted after this period.

Platform: Sentry is enabled only on native iOS and Android builds (not on web or Expo Go).

6.3 Why We Collect This Data (Legal Basis)

We collect analytics and crash data for the following purposes:

PostHog Analytics: Based on your consent (GDPR Art. 6(1)(a)). You can opt out at any time in Settings.

Sentry Crash Reporting: Based on our legitimate interest (GDPR Art. 6(1)(f)) in maintaining app stability and security. We cannot provide a reliable app without crash reporting.

Specifically, we use this data to:

Improve app performance and user experience
Identify and fix bugs and crashes
Understand which features are most useful to users
Ensure app stability, security, and reliability
Make data-driven decisions about future development

Privacy Protection: This data does NOT include:

Actual custody schedule details
Communications or notes between co-parents
Children's names or personal information
Precise geolocation data
Financial or payment information

6.4 How to Opt Out of Analytics

You can disable PostHog Analytics tracking at any time through the app settings:

Step-by-Step Instructions:

Open Parendar and go to Settings
Navigate to Analytics & Privacy section
Toggle "Analytics Tracking" to OFF

What Happens When You Opt Out:

Your preference is stored locally on your device
Takes effect immediately - no analytics events will be sent
You can re-enable analytics tracking at any time
Important: Disabling analytics does NOT affect core app functionality

Sentry Opt-Out: As mentioned in Section 6.2, Sentry crash reporting cannot be disabled through app settings. This is necessary for app stability and security. Crash data is minimal and retained for 90 days.

6.5 Data Retention

PostHog Analytics Data:

Retained for 90 days from collection
Automatically deleted after this period
Used exclusively for improving the app and understanding user behavior
Not used for marketing, profiling beyond feature improvement, or sale to third parties

Sentry Crash Reports:

Retained for 90 days from collection
Automatically deleted after this period
Used exclusively for debugging and fixing app crashes
Not used for marketing, profiling, or any other purpose

Account Deletion: When you delete your account (Section 9), your personal data is removed, including any stored analytics and crash data associated with your user ID.

6.6 Third-Party Service Providers

Analytics and crash data are processed by the following service providers:

PostHog Inc. (Analytics):

Provider: PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA
Privacy Policy: https://posthog.com/privacy
GDPR Compliance: PostHog is GDPR-compliant and provides data processing agreements
Data Location: EU Cloud (https://eu.i.posthog.com) for GDPR compliance
Data Processing: PostHog acts as our data processor and processes analytics data only on our instructions

Functional Software, Inc. dba Sentry (Crash Reporting):

Provider: Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA
Privacy Policy: https://sentry.io/privacy/
GDPR Compliance: Sentry is GDPR-compliant and provides data processing agreements
Data Location: US Cloud
Data Processing: Sentry acts as our data processor and processes crash data only on our instructions

6.7 Reassurance: What Disabling Analytics Does NOT Affect

Disabling analytics tracking does NOT:

Prevent you from using any app features
Affect your custody schedules or calendar
Impact your custody requests or responses
Affect your co-parent's app experience
Delete any of your existing data
Require you to log out or log back in

You can enable or disable analytics tracking at any time without any consequences to your account or app functionality.

Note About Sentry: Sentry crash reporting remains active for app stability and is based on legitimate interest under GDPR (security and bug fixes). Crash data is minimal, technical in nature, and automatically deleted after 90 days.

7. Data Sharing and Disclosure

7.1 With Your Co-Parent (Your Explicit Action)

When you pair with another user, you explicitly share:

Your display name and parental role
Custody calendar and schedule information
Custody requests and responses
Any notes or communications you choose to send

This sharing is based on your explicit action (pairing) and is necessary for contract performance.

7.2 With Service Providers (Data Processors)

We share information with trusted service providers who process data on our behalf:

Provider	Purpose	Location	Safeguards
Google/Firebase	Hosting, database, authentication	EU (Germany)	DPA, SCCs, GDPR-compliant
Expo	Push notifications	US	DPA, Privacy Shield successor

All processors are bound by data processing agreements and process data only on our instructions.

7.3 Legal Requirements

We may disclose information if required by law or in good faith belief that such action is necessary to:

Comply with legal obligations (court orders, subpoenas)
Respond to lawful requests from law enforcement
Protect our rights, property, or safety
Protect users from harm or illegal activities

We will notify you of legal requests unless prohibited by law.

7.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the receiving party honors this Privacy Policy.

7.5 We Do Not Sell Your Data

We will NEVER sell your personal information to third parties for marketing or any other purpose.

8. Data Security

We implement appropriate technical and organizational security measures to protect your information:

Technical Measures:

Industry-standard encryption for data in transit (TLS 1.2+/SSL)
Encrypted storage for data at rest (AES-256)
Secure authentication using Firebase Authentication
Password hashing with bcrypt
Regular security audits and penetration testing
Automated vulnerability scanning

Organizational Measures:

Access controls and role-based permissions
Employee training on data protection
Incident response procedures
Regular security reviews and updates
Data minimization practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

10.1 Right to Know

You have the right to know:

What personal information we collect
The sources of that information
The purposes for collection
The categories of third parties we share with

10.2 Right to Delete

You have the right to request deletion of your personal information (subject to certain exceptions).

10.3 Right to Opt-Out of Sale

We do NOT sell your personal information. Therefore, there is nothing to opt-out of.

10.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

10.5 How to Exercise CCPA Rights

We will verify your identity before processing requests (to prevent unauthorized access).

11. Data Retention

We retain your information only as long as necessary for the purposes set out in this policy:

Data Type	Retention Period	Reason
Account information	While account is active + 30 days after deletion	Contract performance, legal obligation
Custody schedules	While account is active + 30 days after deletion	Service provision
Custody requests	While account is active + 30 days after deletion	Service provision, dispute resolution
Communications between co-parents	While account is active + 30 days after deletion	Service provision
Technical logs (IP, device info)	90 days	Security, fraud prevention
Analytics data (aggregated/pseudonymized - see Section 6)	Indefinitely	Legitimate interest (aggregated data)
Crash reports (Crashlytics - see Section 6)	15 days	Legitimate interest, app stability
Backups	90 days after deletion	System integrity, disaster recovery
Legal/dispute data	As required by law	Legal obligation

After deletion:

Your personal information will be permanently deleted within 30 days
We may retain anonymized/aggregated data that cannot identify you
Backups are automatically purged after 90 days
Your co-parent's data is not affected by your deletion

12. Children's Privacy

12.1 Age Requirement

Parendar is designed for parents/guardians who are at least 18 years old. We do not knowingly collect information from individuals under 18.

For EU residents: The minimum age for consent to data processing is 16 (or lower if your country allows, but never below 13).

12.2 Information About Children

The App stores information about custody arrangements for children, but this data is entered by parents/guardians, not by the children themselves. We do not directly collect personal information from children.

12.3 Parental Control

If you believe a child under 18 has created an account or we have collected information from a child, please contact us immediately at support@parendar.com and we will delete the account promptly.

13. International Data Transfers

13.1 Where Your Data is Processed

Your information may be stored and processed in:

European Union (if using Firebase EU region)
United States (if using Firebase US region, or via Expo services)
Other countries where our service providers operate

13.2 Safeguards for EU Residents (GDPR Chapter V)

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards:

EU Standard Contractual Clauses (SCCs) approved by European Commission
Adequacy decisions (for countries deemed to have adequate protection)
Additional security measures (encryption, access controls)

13.3 Your Rights Regarding Transfers

EU residents can request information about:

Which countries your data is transferred to
The safeguards in place for each transfer
Copies of the safeguards (e.g., SCCs)

Contact support@parendar.com for this information.

14. Data Breach Notification

14.1 Our Commitment

We take data security seriously. In the event of a data breach that poses a risk to your rights and freedoms:

For EU Residents (GDPR Art. 33-34):

We will notify the relevant supervisory authority within 72 hours
We will notify affected users without undue delay
Notification will include nature of breach, likely consequences, and remedial measures

14.2 What We'll Tell You

If you're affected by a breach, we'll inform you about:

What happened and when
What data was affected
What we're doing about it
What you should do (e.g., change password)
How to contact us for more information

14.3 Your Actions

If you suspect unauthorized access to your account:

Change your password immediately
Contact us at support@parendar.com
Review your account activity

15. Changes to This Privacy Policy

15.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our practices
Changes in applicable law
New features or services
User feedback

15.2 Notification of Changes

We will notify you of significant changes by:

Posting the new Privacy Policy in the App with a prominent notice
Updating the "Last Updated" date at the top
Sending you an in-app notification or email (for material changes)
For EU residents: Requesting renewed consent if required by GDPR

15.3 Material Changes

Material changes include:

Changes to purposes of data processing
Addition of new data types collected
Changes to data sharing practices
Changes to your rights

15.4 Your Acceptance

Your continued use of the App after changes become effective constitutes acceptance of the updated policy. If you don't agree, please stop using the App and delete your account.

16. Third-Party Links and Services

16.1 External Links

The App may contain links to third-party websites or services (e.g., support documentation, legal resources). We are not responsible for:

The privacy practices of these third parties
The content or security of external sites
Data collected by third parties

16.2 Your Responsibility

Please review the privacy policies of any third-party services you access through the App. Your use of third-party services is at your own risk.

16.3 Third-Party SDKs

The App may include software development kits (SDKs) from:

Expo (push notifications, app infrastructure)
Google/Firebase (authentication, database)

These SDKs may collect technical information. See their privacy policies for details.

17. Cookies and Tracking Technologies

17.1 Mobile App (No Cookies)

As a native mobile application, Parendar does not use browser cookies. However, we use similar technologies:

Technology	Purpose	Duration	Opt-Out
Firebase Auth Tokens	Keep you logged in	1 hour (refreshed)	Logout
Local Storage	Store app preferences	Persistent	Clear app data
Push Notification Tokens	Send notifications	Until revoked	Device settings
Analytics IDs (PostHog - see Section 6)	Understand app usage	90 days	Settings → Analytics & Privacy (see Section 6.4)

17.2 Web Version (If Applicable)

If you access Parendar via web browser, we may use:

Essential cookies (required for functionality)
Analytics cookies (with your consent)
Session cookies (expire when you close browser)

You can control cookies through your browser settings.

18. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. As a mobile app, we don't respond to browser DNT signals. However, you can control tracking through:

Device privacy settings (iOS: Limit Ad Tracking, Android: Opt out of Ads Personalization)
App settings (disable analytics if available)

19. Contact Information for Privacy Matters

For questions, concerns, or requests regarding your personal data:

General Privacy Inquiries:
Email: support@parendar.com
Response time: Within 5 business days

Data Subject Rights Requests (GDPR/CCPA):
Email: support@parendar.com
Subject line: "Data Rights Request - [Your Request Type]"
Response time: Within 30 days (GDPR), 45 days (CCPA)

Data Protection Officer (if applicable):
Not required - Small-scale operations
For data protection inquiries: support@parendar.com

Postal Address:
Krisztian Kesztyues
Buergermeister-Krebs Str. 5
85221 Dachau
Germany

In-App Contact:
Settings → Help & Support → Contact Us → "Privacy/Data Question"

20. Legal Compliance and Certifications

Parendar complies with:

✓ EU General Data Protection Regulation (GDPR)
✓ California Consumer Privacy Act (CCPA)
✓ ePrivacy Directive (Cookie Law)
✓ Children's Online Privacy Protection Act (COPPA) - N/A (no children users)

Data Processing Agreements:

✓ Google Cloud / Firebase Data Processing Amendment

22. Specific Provisions for EU/EEA Residents

If you are located in the EU/EEA, the following additional provisions apply:

22.1 Data Controller

Krisztian Kesztyues is the data controller responsible for your personal data.

22.2 Legal Representative (if outside EU)

Not applicable - Service provider is established in the EU (Germany)

22.3 Data Protection Officer

Not required for small-scale operations. For data protection inquiries: support@parendar.com

22.4 Right to Lodge Complaint

You have the right to lodge a complaint with your local supervisory authority. Find your authority at:

https://edpb.europa.eu/about-edpb/board/members_en

23. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid under applicable law, such unenforceability or invalidity shall not render this Privacy Policy unenforceable or invalid as a whole. The unenforceable or invalid provisions will be replaced with valid provisions that most closely match the intent of the original.

24. Entire Agreement

This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Parendar regarding the use of the App.

25. Language

This Privacy Policy is written in English. In case of conflicts between translated versions, the English version prevails.

Effective Date

This Privacy Policy is effective as of January 12, 2026.

Last updated: January 12, 2026

← Back to Home