Legal

Privacy Policy

Last updated: June 9, 2026 · Effective: June 9, 2026

Level Up Home is a family-organizer app. We try to keep this policy short and human, because we don't do many of the things that make most privacy policies long. We don't sell your data. We don't show ads. We don't train AI on your content. We don't track you across other apps or sites.

This policy explains exactly what we do collect, why, and who can see it. If anything here is unclear, email privacy@leveluphome.app and we'll fix the policy or fix the app.

1. What we collect

Information you give us

When you create a household account, we store your email address and a hashed password (handled by our authentication provider; the plaintext never reaches our servers).

Inside the app, you can create:

• Family-member profiles — a name, optional avatar emoji and color, optional birthday.
• Household data — tasks/chores, calendar events, shopping and to-do lists, meal plans, recipes, rewards, reward redemptions, and the dashboard layout you pick.
• Settings — household display name, theme choice, default weather location, your preferred clock format, and any other in-app preference.

Information your device gives us

When you use the app, the system reports:

• A per-device identifier we generate ourselves the first time you launch the app. This is a random UUID; it is not your phone's hardware ID, advertising ID, or anything we could use to recognize you outside the app. It resets when you reinstall.
• Platform + OS version (iOS / Android / web) for diagnostic purposes.
• A push notification token (Expo's "Expo Push Token") if you grant notification permission, so we can send the alerts you configure — e.g. when someone in your household redeems a reward.

Optional integrations you turn on

• Your device calendar — if you grant permission, the app reads events from the calendars you select on your phone (iOS Calendar / Android Calendar Provider). These already sync with whatever services you've added to your phone (Google, iCloud, Outlook, Exchange). We never authenticate to those services directly; we just read what your phone already knows. Events you create in Level Up Home can be written back to a calendar you pick.
• Weather location — if you enter a city for the dashboard weather widget, we send that string to Open-Meteo's geocoding and forecast APIs. We don't send your IP address or any other identifier.
• Your own Anthropic API key — if you paste an Anthropic key into Settings (used by the optional recipe-import feature), it's stored encrypted on your device. We never receive it.

2. What we don't collect

• We do not use any analytics or telemetry SDKs.
• We do not use advertising SDKs or fingerprinting.
• We do not collect precise location, contacts, photos outside the avatar picker you explicitly use, microphone input, or camera input.
• We do not use Apple's IDFA or Google's GAID. We do not need App Tracking Transparency consent because we don't track.
• We do not have access to your Google account, iCloud account, or any other service — only what you've allowed your phone's native calendar to surface.

3. Who can see your data

Your household

Anyone signed in to your household account on any device sees the same household data. That is the point of the app. The authentication credentials decide who is "in" the household.

Friended households

If you accept a "Family Friends" invitation, that household can see your display name (the one you set in Settings) so they can quickly share lists or calendar events with you. They do not see your email, your member profiles, your private tasks, or anything you have not explicitly shared.

Shared lists

When you share a specific list with another household, both households see that list's items, who added each one, and who checked it off. The other household does not gain access to your other lists, tasks, calendar, or settings.

Us

Our database is gated by row-level security policies that key off your household identifier. Engineering staff at Level Up Home can access the database only when investigating a bug you've reported or a security incident, and only with the minimum data needed. We don't read your household data for any other reason.

4. Where your data is stored

We use the following service providers to run the app. Each one sees only the data needed for the function we use them for:

• Supabase — primary database and authentication. Hosted in the United States. Stores everything described in Section 1 except items marked "stored only on your device."
• Expo / Apple / Google — push notification delivery. Receives only the token issued by your device and the body of the notification (e.g. "Avery redeemed 'Movie Night.'").
• Open-Meteo — public weather API. Receives only the city string you enter and the date range.
• Vercel — marketing site + web app hosting. Sees standard request logs (IP + user-agent) that are retained briefly and not joined to your account.

We do not transfer your data to any other third party. We do not allow these providers to use your data for their own purposes.

5. How long we keep your data

• Live data — as long as your account is active.
• Deleted lists and calendar events — stay in a "Recently Deleted" trash for 30 days, then are hard deleted from every device automatically.
• Closed account — when you delete your account, every database row keyed to your household is hard-deleted within 30 days. Push tokens are removed immediately.
• Server logs — kept up to 90 days for security and debugging, then rotated out.

6. Children's privacy

Level Up Home is designed for families with kids, but kids don't sign in. The household account holder — an adult — is the only person who creates an account, agrees to these terms, and decides what information about their kids (a name, an emoji, optional birthday) to enter. We do not knowingly collect personal information directly from children under 13. If you believe a child has created an account without parental consent, contact privacy@leveluphome.app and we will delete it.

7. Your rights

You can:

• Access and export your data — visible in the app, or request a JSON export by emailing privacy@leveluphome.app.
• Correct any information by editing it in the app.
• Delete individual items in the app, or delete your whole account from Settings → Account → Delete account.
• Object or restrict processing, where applicable under your local privacy law (GDPR / UK GDPR / CCPA / etc.). Email us — see "Contact" below.

We do not sell or share personal information for behavioral advertising purposes, so there is no "Do Not Sell or Share" opt-out toggle required by CCPA — there's nothing to opt out of.

8. Security

Data in transit is encrypted with TLS. Data at rest in our database provider is encrypted at the disk level. Row-level security policies enforce household scoping at the database layer, not just in the app. We follow standard practices for access control, dependency updates, and incident response. No system is perfectly secure, and we'll notify affected users if a security incident exposes household data.

9. Changes to this policy

If we change this policy in a way that materially affects what we collect or who sees it, we'll notify you in the app before the change takes effect. The "Last updated" date at the top reflects every revision.

10. Contact

Email privacy@leveluphome.app for any privacy question — including data access, deletion, or correction requests. We aim to respond within 5 business days.