← Back to Pax Family  ·  Legal

Privacy policy.

Last updated: April 24, 2026  ·  Plain-English summary at the top.

The 30-second summary.

We collect the minimum data needed to run Pax Family for your family. We don't sell it, share it with advertisers, or use it to train AI models. Our only subprocessors are Stripe (payments), Postmark (email), and — for the AI summary feature — Anthropic's Claude API. You can export or delete your data at any time by emailing support@paxfamilyapp.com.

The short version: Pax is a paid product. You are the customer — not the product. Everything below is the long-form version of that promise.

Who we are.

Pax Family (the "Service") is operated by [TODO: legal entity name] ("we," "us," "our"). You can reach us at support@paxfamilyapp.com or at our mailing address: [TODO: mailing address or PO box].

What we collect.

Information you provide

  • Account info: your name, email address, family name, and a hashed password.
  • Family data: the children you add (names, nicknames, avatars, color preferences) and any tasks, events, categories, notes, and settings you create.
  • Completion history: which tasks got checked off, when, and by whom (parent vs. child).
  • Payment info: when you subscribe, Stripe collects your card details directly — we never see or store card numbers. We keep only your Stripe customer ID and subscription status.

Information collected automatically

  • IP address — used for rate limiting, security, and audit logs. Not shared.
  • Device info — a hashed user-agent string so we can show you which devices have accessed your family page (useful for spotting unauthorized access). We don't collect precise device IDs.
  • Usage events — page views within your family space so we can build better reports. These are per-family and never aggregated across customers for sale.

What we don't collect

  • We don't use third-party analytics (no Google Analytics, no Facebook pixel, no Mixpanel).
  • We don't collect precise location data.
  • We don't track you across other websites.
  • We don't read or scan uploaded photos beyond resizing and storing them.

How we use your data.

  • To run the Service — show your family their tasks, send daily summaries, generate reports.
  • To communicate with you — verification emails, account notifications, and (if you opt in) daily/weekly summaries, missed-task alerts, and product updates. You can opt out of non-essential email from your family settings.
  • To process subscription payments (via Stripe).
  • To detect and prevent abuse, fraud, and security incidents.
  • To provide customer support when you email us.

We do not use your family's data to train AI models, target advertising, or build profiles for sale.

Subprocessors.

We rely on a small number of third-party services ("subprocessors") to deliver Pax Family. We share only the minimum data each one needs:

  • Stripe — handles all payment processing. Your card details go directly to Stripe and never touch our servers.
  • Postmark — sends our transactional emails (verification codes, daily summaries, password resets). Postmark sees recipient email addresses and message content.
  • Anthropic (Claude API) — powers the AI-generated weekly summaries. When you view a summary, your child's recent completion data is sent to the Claude API for processing. Anthropic does not retain that data for model training.
  • [TODO: hosting provider] — servers that run the application and store your data at rest.

We do not share your data with any other third party, except where required by law (see below).

Cookies.

We use only the cookies strictly necessary to make Pax Family work:

  • Session cookie — keeps you logged in while you use the admin interface.
  • CSRF token cookie — prevents cross-site request forgery attacks on form submissions.
  • Referral code cookie (30 days) — if you arrived via a referral link, we remember the code long enough to attribute your signup.
  • Device info cookie — stores lightweight metadata about your browser (touch support, screen size, PWA standalone mode) so the app adapts to your device.

We do not use cookies for advertising or cross-site tracking, and we do not work with any third party that does.

Children's data.

Pax Family is designed to be used by families, including children. However, child accounts are created and managed by the parent, not directly by the child. Children never create their own accounts, provide their own email addresses, or agree to any terms — the parent does so on behalf of the family.

Children access the family page via a shared token-based URL (no child login, no child password, no child email). The data we collect about a child is limited to what the parent enters (name, avatar, colors) plus the child's own task completions.

If you are a parent and want to review, export, or delete your child's data, email support@paxfamilyapp.com. We comply with applicable children's privacy laws, including COPPA where it applies.

Data retention.

  • Your family's data is retained for as long as your subscription is active.
  • If you cancel, your data is kept for up to 90 days so you can restart your subscription without losing anything.
  • After 90 days of cancellation with no renewal, your family's data may be permanently deleted.
  • You can request immediate deletion at any time by emailing us.
  • Rate-limit logs and audit logs are kept for up to 30 days.
  • Error logs are kept for up to 30 days after the error is resolved.

Your rights.

You have the right to:

  • Access — request a copy of the data we hold about you and your family.
  • Correct — update inaccurate information. Most account data can be edited directly in the admin interface.
  • Delete — request permanent deletion of your family's data.
  • Export — receive your data in a machine-readable format.
  • Opt out of non-essential email — manage your notification preferences in your family settings.

To exercise any of these rights, email support@paxfamilyapp.com. We'll respond within 30 days.

Security.

We take reasonable measures to protect your data:

  • All traffic is encrypted in transit using HTTPS.
  • Passwords are hashed with industry-standard algorithms — we never see or store your plain-text password.
  • Every family's data is isolated in the database by a tenant ID, with queries scoped per-family at the application layer.
  • Payment details are handled entirely by Stripe (PCI-DSS Level 1 certified).
  • We maintain rate limiting, audit logs, and alerting for suspicious activity.

No system is 100% secure. If we ever discover a data incident that affects you, we'll notify you promptly.

International users.

Pax Family is operated from the United States. If you use the Service from outside the U.S., your data will be transferred to and processed in the U.S. By using Pax Family, you consent to this transfer.

We will share data with law enforcement only when required by valid legal process (a subpoena, court order, or equivalent). We will notify the affected family unless prohibited by law.

Changes to this policy.

If we change this policy in any meaningful way, we'll email every account holder at least 30 days before the change takes effect. Minor wording fixes (typos, clarifications) we'll just update inline, with the "Last updated" date at the top reflecting the change.

Contact.

For privacy questions, data requests, or anything else:

A real person reads every message.

Still have questions?
We answer privacy emails personally — usually within a day.
Email us → Start free trial