Privacy Policy

Last Updated: November 13, 2024

1. Introduction

Welcome to nufamly ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains how nufamly collects, uses, and protects your information.

Our Privacy-First Architecture: nufamly uses a client-first architecture where your Google account credentials (OAuth tokens) are stored only in your browser, never on our servers. This means we have zero capability to access your Gmail or Calendar data without your explicit, real-time consent.

2. Information We Collect

2.1 Information Stored on Our Servers

  • Account Information: Your name, email address (from your account signup, not Gmail)
  • Family Information: Names, birthdates, and interests of family members you add
  • Preferences: Your app settings and preferences
  • Subscription Data: Stripe customer ID and subscription status
  • Categories: Custom event categories you create

2.2 Information Stored in Your Browser Only

  • Google OAuth Tokens: Access and refresh tokens for Gmail and Calendar (NEVER sent to our servers)
  • Cached Events: Temporary cache of your calendar events for faster loading
  • UI State: Your view preferences, filter settings, etc.

2.3 Information We Process But Don't Store

  • Email Content: When you scan emails, content is sent to OpenAI for event extraction but is not stored on our servers
  • Calendar Events: Stored in your Google Calendar with app metadata (extended properties), not in our database

3. How We Use Your Information

  • Provide and maintain the nufamly service
  • Process your subscription payments via Stripe
  • Extract event information from emails using AI (OpenAI)
  • Sync events with your Google Calendar
  • Send you service notifications and support messages
  • Improve and optimize our service

4. Third-Party Services

We use the following third-party services:

Google APIs (Gmail & Calendar)

Your browser connects directly to Google's APIs. Your OAuth tokens never pass through our servers.

Google Privacy Policy: https://policies.google.com/privacy

OpenAI

We use OpenAI's API to extract event information from email text. Email content is sent to OpenAI but is not stored by us or OpenAI after processing.

OpenAI Privacy Policy: https://openai.com/policies/privacy-policy

Stripe

Payment processing is handled by Stripe. We don't store your payment card information.

Stripe Privacy Policy: https://stripe.com/privacy

Clerk

User authentication is provided by Clerk.

Clerk Privacy Policy: https://clerk.com/legal/privacy

Convex

Database hosting for non-Google data (family members, preferences, etc.).

Convex Privacy Policy: https://www.convex.dev/privacy

5. Data Retention

  • Browser Storage: OAuth tokens and cached data remain until you log out or clear your browser data
  • Server Data: Your account and family information remain until you delete your account
  • Google Calendar: Events remain in your Google Calendar until you delete them
  • After Account Deletion: All server-side data is deleted within 30 days

6. Data Security

We implement security measures to protect your data:

  • OAuth tokens stored in browser only (never transmitted to our servers)
  • HTTPS encryption for all communications
  • Content Security Policy (CSP) to prevent XSS attacks
  • Secure database hosting with Convex
  • Regular security audits and updates

7. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update incorrect information
  • Deletion: Delete your account and all associated data
  • Revoke Access: Disconnect Gmail/Calendar at any time
  • Data Portability: Export your data in standard formats

To exercise these rights, contact us at privacy@nufamly.com

8. Children's Privacy

nufamly is intended for use by parents/guardians. We do not knowingly collect personal information from children under 13. Family member information added by parents is stored solely for organizational purposes within the family account.

9. Google API Services User Data Policy

nufamly's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the minimum scopes necessary for functionality
  • Gmail data is used solely to extract event information at your request
  • Calendar data is used to display and manage your family events
  • We do not transfer your Google data to third parties except as disclosed in this policy
  • We do not use your Google data for advertising purposes

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of nufamly after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us: