Privacy Policy

Effective: June 2026 | Last updated: June 2026 | Version: 1.1

St. Cloud Collective Ltd ("we", "our", "us") operates the FamJam mobile application ("the app"). We are a New Zealand company (NZBN forthcoming). This policy explains what data we collect, why we collect it, and your rights under the New Zealand Privacy Act 2020 and, where applicable, the GDPR and COPPA.

FamJam is a social coordination app for families. Kids propose plans. Parents approve them. We handle data from both children and adults, and this policy reflects that.

Quick summary

We collect only what the app needs to function: names, phone numbers, plans, friend lists, and device push tokens.
We do not track live GPS location. The map tab uses geocoded place names (e.g. "Sylvia Park"), not real-time coordinates.
We do not run analytics, advertising, or behavioural tracking of any kind.
Children cannot create accounts independently. A parent or legal guardian must complete setup and provide explicit consent.
You can delete your account at any time. Data is fully purged within 30 days.
All data lives in AWS Sydney (ap-southeast-2) and is encrypted in transit and at rest.

What we collect

Information you provide

Data	Kids	Parents	Purpose
Phone number	✓	✓	Authentication via one-time code (OTP). Your primary account identifier.
Display name	✓	✓	Shown to family members and accepted friends.
Date of birth	✓	✗	Age verification. Required for COPPA compliance and to gate under-13 accounts behind parental consent.
Relationship to child	✗	✓	Recorded at parental consent (mother / father / guardian).
Plan contents	✓	✗	Activity type, time window, location text, invited friends, transport notes. This is the core purpose of the app.
Friend connections	✓	✗	Who your child is friends with. Friend requests require parent approval on both sides.
Approval decisions	✗	✓	Whether you approved or declined a plan. Stored so both parents can see the state of each request.
Availability rules	✗	✓	Recurring busy windows you set for your child (e.g. "School nights"). Up to 5 rules.

Information collected automatically

Data	Purpose
Timezone	Detected from your device. Used to display plan times correctly. Stored on your user profile.
Country	Inferred from your phone number prefix (ISO-3166 alpha-2). Used for geocoding region bias and locale defaults. Stored on your profile and family.
Push notification token	Generated by Apple (APNs) or Google (FCM). Stored so we can send you plan updates, approval requests, and reminders. You can revoke this in your device settings at any time.
Vibe colour preference	Kids choose an avatar colour. Stored as a preference.

Device permissions

Permission	Why	Optional?
Contacts	To find friends who are already on FamJam when sending invites. We read your contacts locally on your device to show the list. We never upload your address book. Only the single phone number of a contact you explicitly choose to invite is sent to our server, and only to check whether that person is already on FamJam.	Yes
Camera	To scan QR codes when joining a family or accepting an invite. We do not store photos or video.	Yes
Notifications	Plan approvals, reminders, and status updates. You can disable these in your device settings.	Yes

What we do NOT collect

Email addresses: FamJam does not use email for authentication or account management.
Live GPS location: the map tab geocodes place names you type (e.g. "Sylvia Park") into coordinates. We do not track your device's real-time location.
Photos, videos, or camera roll: the camera is used only for QR scanning. Nothing is saved.
In-app messages: FamJam does not have a messaging feature. There is nothing to collect.
Analytics or advertising identifiers: we run zero analytics SDKs, zero ad networks, zero behavioural trackers.
Payment or financial information: FamJam is free during pilot. No payment data is collected.
Biometrics, health data, or browsing history: none of these are relevant to the app and none are collected.

How we use your data

Every piece of data we collect serves the core function of the app: coordinating plans between kids and parents. Specifically:

Authentication: your phone number lets you log in via one-time code.
Plan coordination: activity details, times, locations, and attendee lists are shared between plan participants and their parents.
Parental approval: when a kid proposes a plan, the parents of every accepted participant receive a notification and can approve or decline.
Friend discovery: kids can find and connect with friends. Parent approval is required on both sides.
Availability (Jam Radar): your free/busy windows are shared as a boolean (free or busy) with accepted friends. Plan details are never shared through this mechanism.
Family map: saved places and transport options are shared within your family group.
Push notifications: plan requests, approvals, reminders, and status changes.

We do not use your data for marketing, profiling, automated decision-making, or any purpose beyond operating the app.

Within the app

Your family group: display name, plan participation, approval status, saved places, and transport options are visible to members of your family.
Accepted friends: your child's display name, vibe colour, and free/busy availability windows are visible to accepted friends. Plan contents are visible only to participants of that specific plan and their parents.
No public profiles exist: there is no discoverability, no search, no public directory. Users only see people in their family or accepted friend list.

Third-party service providers

Service	What they process	Location
Supabase	All user data (database, authentication, file storage). Supabase hosts our Postgres database and manages phone-based OTP authentication via Twilio.	AWS Sydney (ap-southeast-2)
Twilio (via Supabase)	Phone number, used solely to deliver the one-time verification code via SMS. Twilio does not retain the message content or use your number for any other purpose.	Global (SMS routing)
Apple Push Notification service (APNs)	Push token, notification title and body. Required for iOS notifications. Apple's privacy policy applies.	Apple servers
Firebase Cloud Messaging (FCM)	Push token, notification title and body. Required for Android notifications. Google's privacy policy applies.	Google servers
Google Maps Geocoding API	Location text you type (e.g. "Sylvia Park"). Converted to latitude/longitude coordinates for the map tab. No user identifiers are sent with geocoding requests.	Google servers
Expo	Push token (for push notification routing). Expo's push service routes notifications to APNs and FCM. Expo does not retain notification content.	Expo servers

We do not sell, rent, or trade your data with any third party. All subprocessors are bound by data processing agreements consistent with this policy.

Children's privacy

FamJam is designed for use by children under 13 with parental involvement. We take this seriously.

Parental consent is mandatory. A child cannot create an account independently. A parent or legal guardian must complete the onboarding flow, provide their own identity, and explicitly consent to their child using the app. This consent is recorded in an auditable consent record with timestamp.
Parents control the account. A parent can view their child's plans, friends, and activity at any time. The parent can edit or delete their child's profile, revoke consent, or delete the account entirely from the Family tab.
Kids are not discoverable. There are no public profiles. Kids can only interact with people in their own family or accepted friends, and friend requests require parent approval on both sides.
No advertising, no tracking. We do not serve advertisements to anyone. We do not track children's behaviour across apps or websites. We do not build profiles on children for any purpose.
No messaging, no strangers. FamJam does not have in-app messaging. Communication is limited to plan proposals and approvals within closed family and friend groups.

Under the New Zealand Privacy Act 2020 and, where applicable, the United States Children's Online Privacy Protection Act (COPPA) and the EU General Data Protection Regulation (GDPR), parents have the right to:

Review the personal data we hold about their child
Request correction or deletion of that data
Withdraw consent at any time
Refuse further collection or use of their child's data

To exercise any of these rights, contact us at privacy@stcloud.co.

Data retention & deletion

Active accounts

We retain your data for as long as your account is active. You can delete your account at any time from the app (Family tab → Manage my family → Delete).

30-day grace period

When you request deletion, your account enters a 30-day grace period. During this time your data is soft-deleted (hidden from other users but recoverable if you change your mind). After 30 days, your data is permanently and irreversibly purged from our systems by an automated process (daily at 03:00 UTC).

What gets deleted

The purge removes: your user profile, phone number, display name, date of birth, push token, plan history, friend connections, approval records, availability data, notification history, consent records, and all associated metadata. Plans you created are deleted (cascading to all participants and approvals). Any family or organisation records you owned are reassigned to surviving members where possible.

Expired plans

Plans whose start time has passed are automatically marked as expired. They remain visible in plan history until account deletion.

Security

Encryption in transit: all communication between the app and our servers uses TLS 1.3.
Encryption at rest: our Supabase Postgres database is encrypted at rest using AWS-managed keys.
Row-Level Security (RLS): every database query is filtered at the server level. A user can only see rows belonging to their own family or accepted friends. There is no way for one family to access another family's data; this is enforced by the database, not by application code.
Server-side invariants: critical state transitions (e.g. plan locking, approval fanout) are enforced by Postgres triggers running with security-definer privileges. Client code cannot bypass these rules.
Device security: authentication tokens are stored in the device's hardware-backed secure storage (iOS Keychain / Android Keystore), never in plain text or shared preferences.
Minimal contact access: your address book is read only on your device and is never uploaded to our servers. When you choose a specific contact to invite, only that one phone number is sent to look up an existing FamJam account.

Legal jurisdiction

Operating entity: St. Cloud Collective Ltd, a New Zealand company.
Governing law: New Zealand Privacy Act 2020.
Data hosting: All personal data is stored in AWS Sydney (ap-southeast-2), Australia, via Supabase.

New Zealand has an adequacy decision from the European Commission: NZ privacy law is recognised as providing equivalent protection to the GDPR. If you are located in the EU/EEA, UK, or other jurisdictions with data protection laws, you may have additional rights.

Your rights

Under the New Zealand Privacy Act 2020, you have the right to:

Access: request a copy of the personal data we hold about you.
Correction: ask us to correct any information you believe is inaccurate.
Deletion: request deletion of your personal data (subject to the 30-day grace period described above).
Complaint: lodge a complaint with the New Zealand Privacy Commissioner if you believe we have breached your privacy rights (privacy.org.nz).

To exercise any of these rights, email us at privacy@stcloud.co. We will respond within 20 working days as required by NZ law.

Changes to this policy

We will notify users of material changes to this policy via the app and/or the email address associated with your account (parents only). The version number and effective date at the top of this page will always reflect the current policy. Continued use of the app after changes take effect constitutes acceptance of the updated policy.

Contact

St. Cloud Collective Ltd
Email: privacy@stcloud.co
Founder: founder@stcloud.co
Website: www.stcloud.co/famjam

For privacy-specific enquiries or to exercise your data rights, please use privacy@stcloud.co. For general enquiries about the app, founder@stcloud.co.