Overview
Fundy Digital ("we", "us", "our") builds mobile apps for iOS and Android. We respect your privacy and collect as little data as possible. This policy explains what data we collect across all Fundy Digital apps, why we collect it, and how it is handled. Individual apps may collect additional data specific to their features; where that is the case, the app-specific privacy policy is the controlling document for that app.
Data Controller
Fundy Digital is the data controller for all personal data processed through our apps. For questions about how your data is handled, contact us at [email protected].
Data We Collect
The categories of data we collect depend on which app you use and how you interact with it. Below is a summary of data collected across all Fundy Digital apps.
a. Crash and Diagnostics Data
All of our apps use Firebase Crashlytics (operated by Google LLC) to collect anonymous crash reports. This includes:
- Device model and operating system version
- App version and build number
- Stack traces when a crash occurs
- Crashlytics installation identifier
Crash data is used solely for diagnosing and fixing software defects. It does not include your name, email address, or the content you create in our apps.
b. Device Identifiers
Some of our apps generate and store a persistent, randomly generated device identifier (a UUID we call an "install ID") on your device using platform-secured storage (iOS Keychain or Android EncryptedSharedPreferences). This identifier:
- Is not linked to your name, email, or any account
- Is used for per-device rate limiting and abuse prevention
- Is transmitted to our server infrastructure with each API request
- Is considered personal data under GDPR (Recital 30) and is treated accordingly
c. Purchase and Subscription Data
Apps that offer in-app purchases use native platform billing — Apple StoreKit (iOS) and Google Play Billing (Android). No third-party purchase middleware is used. When you make a purchase, the respective platform may collect:
- Purchase history and entitlement status
- Device identifiers associated with your store account
- App and device metadata (OS version, app version)
Payment processing (credit card, billing address) is handled entirely by Apple (App Store) or Google (Google Play). We never receive or store your payment card information. A local cache of your purchase status is stored on your device to avoid unnecessary store checks.
d. AI-Processed Content (SayItWell)
SayItWell uses artificial intelligence to generate communication messages. When you request a message, the context you provide (such as the scenario, tone, and your answers to questionnaire prompts) is transmitted through our server proxy to Anthropic, PBC for AI processing. Specifically:
- Your input text is sent to Anthropic's API via a Cloudflare Worker proxy operated by us
- Our proxy does not store or log the content of your messages
- Anthropic may retain API inputs for up to 30 days for safety and abuse monitoring purposes, as described in Anthropic's Privacy Policy
- Anthropic does not use your inputs to train its AI models when data is submitted via its API
- Generated messages are stored only on your device
e. Device Attestation
Some of our apps use Firebase App Check to verify that requests to our servers originate from genuine app installations. This involves sending device attestation tokens (via Apple App Attest on iOS and Google Play Integrity on Android) to our server. These tokens do not contain personal information but do confirm that the request came from an authentic copy of our app.
f. On-Device Data
Our apps may store additional data locally on your device that is never transmitted to us, including:
- Message history and saved messages (SayItWell)
- User-configured signatures or display names
- Age verification status and consent records
- App preferences and settings
This data remains on your device and is deleted when you uninstall the app or use the in-app "Delete All Data" function.
What We Do Not Collect
- No location data
- No contacts, photos, or files from your device
- No advertising identifiers or tracking cookies
- No email addresses (except in apps that explicitly require login, such as ChoreQuest)
- No biometric data
Individual apps may collect additional data where required by a feature. For example, ChoreQuest collects a parent's email address for account login via a one-time verification code. In every case, the app-specific privacy policy is the controlling document for that app.
Data Categories Summary (App Store / Play Store Alignment)
The following table summarizes the categories of data collected across Fundy Digital apps, for alignment with Apple App Privacy Nutrition Labels and Google Play Data Safety disclosures.
| Data Category | Collected | Linked to Identity | Purpose |
|---|---|---|---|
| Crash Data | Yes | No | App diagnostics and stability |
| Device ID (install ID) | Yes (SayItWell) | No | Rate limiting and abuse prevention |
| Purchase History | Yes (apps with subscriptions) | No | Subscription management |
| User Content | Processed transiently (SayItWell) | No | AI message generation |
| Diagnostics (performance) | Yes | No | App stability |
Third-Party Data Processors
We use the following third-party services to operate our apps. Each processor handles data on our behalf and under contractual obligations to protect your data.
| Service Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Google LLC (Firebase Crashlytics) | Crash reporting and diagnostics | Device info, crash logs, Crashlytics installation ID | Link |
| Google LLC (Firebase App Check) | Device attestation and fraud prevention | Device attestation tokens | Link |
| Anthropic, PBC | AI text generation (SayItWell) | User-provided message context (scenario, tone, questionnaire answers) | Link |
| Apple Inc. / Google LLC | In-app purchase processing (native StoreKit / Play Billing) | Purchase history, device identifiers, payment information (handled by platform) | Apple / Google |
| Cloudflare, Inc. | API proxy and infrastructure | IP address, request metadata (processed transiently) | Link |
| Apple Inc. / Google LLC | Payment processing (in-app purchases) | Payment and billing information (handled by platform, not by us) | Apple / Google |
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the app's core features, including AI message generation (SayItWell), subscription management, and device identification for service delivery.
- Legitimate interest (Art. 6(1)(f) GDPR): Crash reporting and diagnostics via Firebase Crashlytics, rate limiting via install ID, and device attestation via App Check. Our legitimate interest is maintaining app stability, preventing abuse, and ensuring service integrity. We have assessed that these interests do not override your fundamental rights, given that the data is pseudonymous and used solely for operational purposes.
Your Rights Under GDPR
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your personal data
- Right to restriction of processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to lodge a complaint — file a complaint with your local data protection supervisory authority
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Because SayItWell stores all user-created content on your device only, deleting the app or using the in-app "Delete All Data" function effectively exercises your right to erasure for locally stored data. For server-side data (install ID, crash logs), contact us and we will process your request.
Your Rights Under CCPA / CPRA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Categories of Personal Information Collected
- Identifiers: Device-generated install ID (UUID), Crashlytics installation ID
- Commercial information: Purchase history (via Apple App Store / Google Play Store)
- Internet or electronic network activity: Crash logs, IP address (processed transiently by Cloudflare)
Sources of Personal Information
Personal information is collected directly from your device through your use of our apps.
Business Purpose for Collection
We collect personal information for the following business purposes: providing and improving our apps, processing subscriptions, diagnosing crashes, preventing fraud and abuse, and generating AI content at your request.
Do Not Sell or Share My Personal Information
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information of consumers in the preceding 12 months. Because we do not sell or share personal information, we do not offer a "Do Not Sell or Share" opt-out mechanism, as none is required.
Sensitive Personal Information
We do not collect or process sensitive personal information as defined under the CPRA (e.g., Social Security numbers, financial account numbers, precise geolocation, racial or ethnic origin, genetic data, biometric data, health data, or sexual orientation).
Your CCPA Rights
- Right to know: You may request the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request that we delete your personal information.
- Right to correct: You may request correction of inaccurate personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To submit a request, email [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days. You may also designate an authorized agent to submit a request on your behalf by providing written authorization.
International Data Transfers
Our third-party service providers (Google, Anthropic, Cloudflare, Apple, Amazon Web Services) are based in the United States. If you are located outside the United States, your data may be transferred to and processed in the United States. These transfers are conducted under appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable
- The EU-U.S. Data Privacy Framework, where the processor has self-certified
- Contractual data processing agreements with each sub-processor
Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Crash data (Firebase Crashlytics): Retained by Google for 90 days
- Install ID: Persists on your device until you uninstall the app or use "Delete All Data." Our server does not store install IDs beyond the immediate API request.
- Purchase data (Apple / Google): Retained by Apple and Google in accordance with their respective privacy and data retention policies
- AI-processed content (Anthropic): Anthropic may retain API inputs for up to 30 days for safety monitoring, after which they are deleted
- On-device data: Retained on your device until you delete it or uninstall the app
Children's Privacy
Our apps are designed for users aged 13 and older. We do not knowingly collect personal information from children under 13. Apps with age-gating features (such as SayItWell) verify age at first launch and block access for users who indicate they are under 13. The age verification check momentarily processes the user's birth year to determine eligibility; users who do not meet the age requirement are immediately blocked and no data is retained.
If you believe a child under 13 has provided personal information through one of our apps, please contact us at [email protected] and we will promptly delete it.
Individual apps may have additional age-related requirements. See each app's privacy policy for details.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant data protection supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34
- Comply with applicable U.S. state data breach notification laws, including providing notice within the timeframes required by each applicable jurisdiction
- Maintain a record of all data breaches, including their effects and remedial actions taken
App-Specific Privacy Policies
Individual apps may use additional third-party services or collect additional data. The app-specific privacy policy is the controlling document for that app. Where there is a conflict between this parent policy and an app-specific policy, the app-specific policy controls for that app.
- SayItWell Privacy Policy — AI message generation, Anthropic data processing
- Tendence Privacy Policy
- ChoreQuest Privacy Policy
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated effective date. If we make material changes to how we handle personal data, we will provide notice through our apps or by other appropriate means prior to the changes taking effect.
Contact
If you have questions about this privacy policy or wish to exercise your privacy rights, contact us at [email protected].
For data protection inquiries related to GDPR, you may also write to us at:
Fundy Digital
Attn: Data Protection
Email: [email protected]
See also: Terms of Service