Privacy Policy

Last updated: 2025-08-27

This Privacy Policy explains how FamilyWeave ("we", "us", "our") collects, uses, and protects personal information when you use the FamilyWeave application (the "Service").

1. What We Collect

• Account Data: Name, email address, and authentication identifiers (via supported identity providers).
• Journal Content: Titles, rich text bodies, tags, entry types, visibility selections, and associated family subjects.
• Family Graph Data: Persons you add (names, basic demographics you supply) and defined relationships (parent/child, partnerships).
• Media Placeholders: We may prepare storage references for future photo or audio uploads (if you opt in when that feature is enabled).
• Usage & Technical: Basic request logs, timestamps, and error diagnostics for reliability and security.

2. How We Use Information

• Provide core features: onboarding, family tree visualization, journal timeline, entry creation, and tagging.
• Enforce visibility rules (immediate vs. extended family) and access permissions.
• Improve performance, troubleshoot issues, and enhance user experience.
• Maintain security, detect abuse, and comply with legal obligations.

3. Legal Basis (If Applicable)

If you are in a jurisdiction requiring a legal basis (e.g. GDPR), we process data under: (a) performance of a contract (providing the Service); (b) legitimate interests (improving and securing the Service); and (c) your consent where explicitly requested.

4. Data Sharing

We do not sell personal data. Limited sharing occurs with infrastructure/service vendors (e.g. hosting, databases, storage, email/auth providers) strictly to operate the Service. Each vendor is bound by contractual and/or policy obligations.

5. Family Visibility Model

Your journal entries are never public. Visibility options restrict content to your immediate or extended family graph as defined within the application. Adjusting relationships can change who can access historical entries consistent with the selected scope.

6. Data Retention

Data is retained while your account remains active or as needed for legitimate operational or legal reasons. You may request deletion of your account; irreversible deletion of journal content may be queued and processed asynchronously.

7. Security

We apply industry-aligned measures (scoped database access, least-privilege credentials, server-side validation, and ongoing patching). No system is perfectly secure; we encourage using strong, unique credentials with your identity provider.

8. Your Choices & Rights

• Access / Export: Contact us to request a structured export (feature may be automated later).
• Rectification: You can edit journal entries and person records you created.
• Deletion: Request account deletion to remove associated data (subject to minimal legal/abuse-prevention retention).
• Consent Withdrawal: Where processing relies on consent, you may withdraw it—this may limit functionality.

9. Children

Profiles for minors are managed by adult account holders. Direct accounts for children under applicable age thresholds are not supported without guardian oversight.

10. International Use

Data may be processed in regions where our infrastructure or service providers operate. We take measures intended to safeguard cross-border transfers consistent with applicable regulations.

11. Changes

We may update this policy. Material changes will be highlighted within the application or via email before taking effect when required.

12. Contact

Questions or requests: privacy@familyweave.app

This document is provided for transparency and is not legal advice.