Privacy Policy

Last updated: April 8, 2026

SKAFLD ("we," "us," or "our") operates the SKAFLD platform (the "Service"), accessible at skafld.app and skafld.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information — and your children's information — when you use our Service.

We take the privacy of families and children seriously. By using SKAFLD, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

Parent/Guardian Account:

  • Email address
  • Display name
  • Password (stored as a one-way cryptographic hash; we never store or see your actual password)
  • Optional 6-digit PIN for quick login (stored as a cryptographic hash)
  • Family name
  • Timezone preference
  • Avatar customization choices (hair style, clothing, skin tone, etc.)

Child Account (created by a parent or guardian):

  • Display name (first name or nickname — we do not require a child's full legal name)
  • Date of birth (used solely to determine age group for UI adaptation: 4-7, 8-11, 12-14)
  • 4-digit PIN (stored as a cryptographic hash)
  • Avatar customization choices

Children do not provide an email address, last name, phone number, physical address, or any government-issued identifiers. Children log in using a family code and their PIN — no email is required or collected.

Family Helper/Admin Accounts (grandparents, babysitters, etc.):

  • Display name and optional label (e.g., "Grandma")
  • 6-digit PIN
  • Customizable permissions set by the parent

1.2 Information Generated Through Use

As your family uses SKAFLD, the Service generates and stores:

  • Chore/quest data: titles, descriptions, point values, completion records, approval status, and optional photo attachments submitted by children as proof of completion
  • Gamification data: points, XP, levels, streaks, and badges earned
  • Behavioral records: strikes (with reason and severity), good deeds (with description and point value)
  • Mood check-ins: daily mood ratings (1-5 scale) with optional notes written by the child
  • Reward data: rewards created by parents, redemption records
  • Group goals: family-wide reward goals and voting records
  • Family meeting records: meeting dates, discussion items, and commitment signatures
  • Creative content: scene studio creations (avatar poses, backgrounds, stickers) and their thumbnails
  • Challenge data: competitive challenge participation and scores
  • Social connections: friend codes and family-to-family connections

1.3 Information Collected Automatically

We collect minimal technical information necessary to operate the Service:

  • Authentication tokens: JSON Web Tokens (JWTs) stored in your browser's local storage to maintain your login session
  • Device information: browser type and version, operating system (provided by standard HTTP headers)

We do not use cookies for tracking, advertising, or analytics. We do not use any third-party analytics services (no Google Analytics, Mixpanel, Amplitude, or similar). We do not deploy advertising pixels or tracking beacons of any kind.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: authenticate users, display family data, process quest completions, manage rewards, track behavioral progress, and facilitate family meetings
  • Adapt the experience: adjust the interface based on a child's age group (larger buttons for younger children, more detail for older children)
  • Send notifications: in-app notifications for quest approvals, badge achievements, strike alerts, and meeting invitations (no push notifications or emails are currently sent)
  • Improve the Service: understand aggregate usage patterns to fix bugs and develop new features (we do not profile individual users)
  • Process payments: when subscription billing is implemented, we will use a PCI-compliant payment processor (Stripe) to handle credit card information. We will never store credit card numbers on our servers.

3. Children's Privacy (COPPA Compliance)

SKAFLD is designed for use by families with children ages 4-14. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar international regulations.

3.1 Parental Consent

Child accounts can only be created by a verified parent or guardian account. By creating a child account, the parent or guardian provides verifiable parental consent for SKAFLD to collect and use the child's information as described in this policy. Parents may:

  • Review all data associated with their child's account at any time through the Parent Dashboard
  • Modify their child's display name, date of birth, and PIN
  • Delete their child's account and all associated data
  • Revoke consent at any time by removing the child from the family

3.2 Limited Data Collection From Children

We deliberately minimize the data we collect from children:

  • No email address, full name, physical address, phone number, or social security number
  • No location data or GPS tracking
  • No audio or video recordings
  • No persistent identifiers used for behavioral advertising
  • Date of birth is used only for age-group determination and is not exposed publicly

3.3 Mood Data

Children may optionally log daily mood check-ins (rating 1-5 with optional text notes). This data is visible only to parents/guardians within the same family. If a child logs consistently low moods (3+ consecutive days at level 1-2), parents are notified within the app. This data is never shared outside the family or used for any purpose other than helping parents stay connected to their child's emotional well-being.

4. How We Share Information

We do not sell, rent, license, or trade your personal information or your children's personal information to any third party. Period.

We share information only in the following limited circumstances:

  • Within your family: Family members can see each other's display names, avatars, chore progress, points, levels, badges, and mood check-ins. Parents can see all family data. Children can see family members' names and avatars.
  • Connected families (friends): If your family connects with another family, limited information is shared: family name, member display names, and challenge participation data. No behavioral data (moods, strikes, good deeds) is shared between families.
  • Service providers: We use Supabase (database hosting and authentication), Vercel (web hosting), and in the future, Stripe (payment processing). These providers process data on our behalf under strict contractual obligations and do not use your data for their own purposes.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Security

5.1 Where Data Is Stored

Your data is stored on Supabase-managed PostgreSQL databases hosted in the United States. Our web application is served globally via Vercel's edge network.

5.2 Security Measures

We implement industry-standard security measures including:

  • All passwords and PINs are hashed using bcrypt with 12 rounds of salting before storage
  • All data transmission is encrypted via TLS/HTTPS
  • Row-Level Security (RLS) policies enforce data isolation between families at the database level — one family cannot access another family's data even in the event of an application-level vulnerability
  • Authentication tokens are signed with secret keys and expire after a limited duration
  • Admin/helper accounts have granular permission controls set by parents

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours via email (for parent accounts) and prominently within the application.

6. Data Retention and Deletion

6.1 Retention

We retain your data for as long as your account is active or as needed to provide the Service. Behavioral data (chore completions, moods, strikes, good deeds) is retained to provide historical analytics and progress tracking.

6.2 Deletion

When a parent removes a child from the family or deletes a child account, all data associated with that child is permanently deleted, including: chore completions, mood check-ins, strikes, good deeds, reward redemptions, badges, scenes, votes, and notifications. This deletion is cascading and irreversible.

When a family account is deleted, all family data — including all children's data, chore records, reward records, meeting history, and group goals — is permanently deleted.

To request account deletion, parents may remove children from the Family settings screen or contact us through our website at skafld.io.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you and your children
  • Correction: Update or correct inaccurate data (available through app settings)
  • Deletion: Request deletion of your account and all associated data
  • Data portability: Request your data in a machine-readable format
  • Objection: Object to certain processing of your data
  • Restriction: Request limitation of how we process your data

To exercise any of these rights, contact us through our website at skafld.io. We will respond within 30 days.

8. International Users

SKAFLD is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We are committed to complying with applicable data protection laws in jurisdictions where our users reside, including the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

9. Third-Party Links

The Service does not contain links to third-party websites or services, and we do not embed third-party content. Avatar generation is performed entirely on your device using the DiceBear library — no avatar data is sent to external servers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify users through the application and update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy, your family's data, or your children's privacy, please contact us: