Home ยท Privacy Policy

Privacy Policy

Last updated ยท May 22, 2026 ยท Effective May 22, 2026

We built TinyWins to make families calmer, not louder. That goal extends to your privacy: we don't sell your data, we don't show third-party ads, and we don't track your family across other apps or sites. This page explains what we do collect, why, and how to control it.

1. What we collect

We try to collect the minimum needed to make the app work. Specifically:

From every account holder

  • Email + display name โ€” for sign-in and the name your family sees on approvals.
  • Sign-in identifier โ€” Apple, Google, or email password hash. We never see the password.
  • Notification token โ€” so we can deliver push notifications you've opted into.
  • Subscription state โ€” whether your family is on the free, monthly, annual, or lifetime tier. We do not see your credit card; Apple handles billing.
  • Crash & diagnostic data โ€” anonymized reports that help us fix bugs. You can turn this off in iOS Settings.

From kids using the app

  • First name + age + avatar emoji โ€” chosen by the parent at setup.
  • Mission completions โ€” what was finished, when, and the coin value.
  • Photo proofs โ€” pictures kids take to confirm chores. These stay encrypted and visible only to family members.
  • Device token โ€” to deliver the kid's own celebration notifications.

We never collect a kid's last name, email, phone number, precise location, or any other identifier beyond what the parent provides at setup.

2. Why we collect it

Every category above maps to a specific feature:

  • Sign-in + family code โ†’ so family members can find each other across devices.
  • Mission history + photos โ†’ so the Memory Book has something to remember.
  • Notification tokens โ†’ so "Emma's photo is waiting" reaches you within seconds.
  • Subscription state โ†’ so unlocked features stay unlocked.
  • Diagnostics โ†’ so we can find and fix crashes before they reach you.

We do not use this data for advertising, behavioural profiling, or any purpose unrelated to running TinyWins.

3. Kids' privacy & COPPA

TinyWins is designed for families with children. We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and the UK / EU GDPR for children's data. A short version below โ€” the formal language follows.

What parents authorize

By creating a TinyWins family, the parent provides verifiable consent (per COPPA ยง312.5) for the child's first name, age, avatar, and chore activity to be processed by us solely for operating the service.

What kids can do

Kids can mark missions done, take photos for the missions they completed, and view their own rewards + progress. Kids cannot: make purchases, share photos outside the family, post publicly, message other users, or see any third-party advertising.

What we don't do

  • We don't profile kids.
  • We don't show kids any ads, third-party or otherwise.
  • We don't sell, lease, or rent kids' data โ€” ever.
  • We don't use kids' data for any purpose other than operating the features they're using.

Parental control

The primary parent has full visibility into and control over every kid in the family. From Settings, they can review, edit, or delete a kid's profile + all associated data at any time.

4. Who we share data with

We share data with three categories of providers, each under strict data-processing agreements:

  • Google Firebase (Authentication, Firestore database, Cloud Storage, Cloud Functions, Cloud Messaging) โ€” our infrastructure backbone.
  • Apple โ€” for Sign in with Apple, App Store purchases, push notifications via APNs, and App Attest device verification.
  • RevenueCat โ€” manages subscription state. Receives your Firebase UID (a random string) and your purchase status. Does not see your name, email, or family content.

We do not share data with advertisers, marketers, data brokers, or analytics-as-a-service vendors. We don't have a Facebook Pixel, Google Analytics, or any third-party tracker in the app.

5. Where data lives

Family data is stored on Google Firebase, which uses Google Cloud's secure infrastructure. By default the primary storage region is us-central1; large photos are served via Google's global CDN. Cloud Functions process events in the same region. If you'd like a specific data region (e.g. EU-only), email us at support@tinywins.app.

6. How long we keep it

  • Active account data โ€” kept while the family is using the app.
  • Photos โ€” kept until the related mission, memory entry, or family is deleted.
  • Crash logs โ€” purged after 90 days.
  • Backup snapshots โ€” Firebase keeps rolling backups for 30 days for disaster recovery.
  • Deleted accounts โ€” purged from primary storage immediately; backups age out within 30 days.

7. Your rights

You can do all of the following without contacting support:

  • Access โ€” Settings โ†’ Privacy & Data โ†’ Export my data. We email you a JSON archive within 72 hours.
  • Delete โ€” Settings โ†’ Privacy & Data โ†’ Delete my account. Three-step confirmation, then a server-side cascade.
  • Rectify โ€” edit any field directly in Settings or your profile.
  • Object / restrict processing โ€” turn off notifications, photo proof, or content moderation in Child Safety settings.
  • Portability โ€” your exported archive is machine-readable JSON.

EU + UK residents may also lodge a complaint with their national supervisory authority. California residents have additional rights under CCPA; we honour those identically to GDPR rights.

8. Security

Security choices we've baked in:

  • All traffic between the app and Firebase is encrypted in transit (TLS 1.2+).
  • Data at rest is encrypted by Google Cloud Storage.
  • Authentication is delegated to Apple, Google, or Firebase Auth โ€” we never see passwords.
  • Device attestation via Apple App Attest blocks cloned-app and tampered-device requests.
  • Family-scoped Firestore + Storage rules prevent any cross-family access at the database level.
  • Photo uploads run Cloud Vision SafeSearch before they're visible to family members โ€” flagged images are quarantined and a parent is notified.

No system is perfect. If you spot a security issue, please email security@tinywins.app โ€” we respond within 48 hours.

9. Account deletion

In-app: Settings โ†’ Privacy & Data โ†’ Delete my account. Three taps, type your family name, and everything is purged within minutes.

When you delete your account we:

  • Remove your member doc from every family you belong to.
  • If you're the primary parent, transfer ownership to the longest-tenured co-parent. If none, the family is marked orphaned and archived 14 days later.
  • Delete every photo you personally uploaded.
  • Cancel your RevenueCat customer record.
  • Delete your Firebase auth user.

Kids' photos stay with the family even if you (the primary parent) delete your account, since they belong to the kid, not to you. When the kid's profile or the whole family is deleted, their photos go too.

10. Third-party services

Each provider's own policy applies to the data they receive from us:

11. Cookies & this website

The TinyWins app does not use cookies โ€” there's no browser. This website (tinywins.app) does not set tracking cookies and has no embedded analytics. The site is served as static HTML + CSS.

12. Changes to this policy

If we change how we handle data, we'll update this page and bump the "Last updated" date at the top. For material changes โ€” anything that expands what we collect or how we use it โ€” we'll email primary parents at least 14 days before the change takes effect.

13. Contact

Privacy questions, deletion requests, data exports, or anything else:

We respond within 5 business days. EU and UK families can also reach our Data Protection Officer at dpo@tinywins.app.

โ† Back to TinyWins