Privacy Policy - Family Connection Hub

Family Connection Hub ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

                    Our Commitment: Family Connection Hub is designed with privacy at its core. All sensitive family data is encrypted end-to-end using AES-256 encryption before it ever leaves your device.
                

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address - Used for authentication and account recovery
Display name - Encrypted and shown to your family members
Profile photo (optional) - Encrypted before storage
Password - Stored securely in Firebase Authentication (never accessible to us)

1.2 Family Data

Content you create within your family group is encrypted and includes:

Messages and conversations
Photos and voice messages
Memories and timeline entries
Family traditions, recipes, and activities
Goals, gratitude entries, and to-do items
Calendar events and meal plans
Question answers and Bible verse reflections
Fun facts and lending library items

1.3 Device Information

Push notification tokens - To deliver notifications to your device
Device type and OS version - For crash reporting and compatibility

1.4 Usage Analytics

We collect anonymized, aggregated analytics to improve the app:

Feature usage statistics (which features are used, not specific content)
Session duration
App crashes and errors
General engagement metrics

                What We Do NOT Collect:
                Location data - The app does not track your location
Contact lists - We never access your device contacts
Browsing history
Data from other apps

            

2. How We Use Your Information

Purpose	Data Used
Provide the service	Account info, family data
Send notifications	Push tokens, notification preferences
Improve the app	Anonymized analytics, crash reports
Account security	Email for MFA, login verification
Customer support	Account info when you contact us

3. Data Encryption & Security

3.1 End-to-End Encryption

Your family's data is protected with industry-standard encryption:

Algorithm: AES-256-CBC encryption
Key Derivation: Your family passphrase generates the encryption key using SHA-256
Passphrase Protection: Your passphrase is encrypted with Argon2id (memory-hard algorithm) before storage
What's Encrypted: Messages, photos, voice messages, memories, and all family content

3.2 Local Security

Biometric authentication: Optional fingerprint/Face ID protection
Secure storage: Sensitive data stored in iOS Keychain / Android Keystore
Multi-factor authentication: Email verification and authenticator app support

3.3 Data in Transit

All data transmitted between your device and our servers uses HTTPS/TLS encryption.

4. Data Storage & Third-Party Services

We use the following Google Firebase services to operate the app:

Service	Purpose	Data Stored
Firebase Authentication	User login & security	Email, password (hashed), MFA factors
Cloud Firestore	Database	Encrypted family data
Firebase Storage	File storage	Encrypted photos & voice messages
Firebase Messaging	Push notifications	Device tokens
Firebase Analytics	Usage analytics	Anonymized usage data
Firebase Crashlytics	Crash reporting	Error logs, device info

All Firebase services are hosted on Google Cloud Platform infrastructure. See Firebase Privacy Policy for more details.

4.1 Optional Integrations

Google Calendar Integration: You may optionally connect your Google Calendar account to sync family events. When connected, we store encrypted OAuth tokens on our secure servers to maintain the connection. We only access your calendar to read and write family events you create in the app. You can disconnect at any time from Settings > Google Calendar, which will delete the stored tokens.

Immich Photo Backup: You may optionally connect to your own self-hosted Immich server for photo backup. Your Immich credentials are encrypted locally on your device. This is entirely under your control, and we do not have access to your Immich server.

5. Data Retention

Active accounts: Data retained while your account is active
Deleted accounts: Data deleted upon account deletion (see Section 7)
Analytics data: Aggregated metrics retained for service improvement
Crash logs: Retained for 90 days for debugging purposes

6. Data Sharing

                We do NOT sell your data. We do not share your personal information with third parties for marketing purposes.
            

We may share information only in these circumstances:

With your family: Content you create is shared with members of your family group
Service providers: Firebase/Google Cloud for hosting (see Section 4)
Legal requirements: If required by law or valid legal process
Safety: To protect the rights, safety, or property of users

7. Your Rights & Choices

7.1 Data Export

You can export all your data at any time using our Data Takeout feature:

Export as a ZIP file containing PDF documents and media files
Choose time range: last 30 days, 90 days, 1 year, or all time
Export personal data only or entire family data (if admin)

7.2 Account Deletion

You can delete your account at any time from within the app. When deleting, you can choose:

Label as former member: Your content remains visible but marked as from a former member
Hide content: Your content is hidden from family but preserved
Delete all content: Permanently remove all your messages, photos, and contributions

7.3 Notification Preferences

Control notifications for each feature individually in Settings.

7.4 Biometric Settings

Enable or disable biometric authentication at any time.

8. Children's Privacy

Family Connection Hub is designed for families, which may include children. However:

Account creation requires an adult (18+) to manage the family
Children should use the app under parental supervision
We do not knowingly collect personal information from children under 13 without parental consent
Parents can manage and delete their children's data through the family admin features

9. International Data Transfers

Your data may be processed in the United States or other countries where Google Cloud/Firebase operates data centers. These transfers are protected by:

End-to-end encryption of your family data
Google's data protection commitments
Standard contractual clauses where applicable

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new policy on this page with an updated effective date
Sending a notification through the app for significant changes

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: privacy@familyconnectionhub.com
Website: familyconnectionhub.com/support

                For California Residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, request deletion, and opt-out of sales (we do not sell data). Contact us to exercise these rights.
            

                For EU/EEA Residents: Under GDPR, you have rights to access, rectify, erase, restrict processing, data portability, and object to processing. Our Data Takeout and Account Deletion features support these rights. Contact us for additional requests.
            