Privacy Policy

Last updated: April 11, 2026

1. Introduction

Your privacy matters to us. This Privacy Policy explains how Family AI Zone collects, uses, and protects personal data in a minimal and transparent way.

We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR (EU) and CCPA (California).

2. What Personal Data We Collect

We collect only what is necessary to operate the service:

  • Email address - For authentication and account recovery
  • Username - For display within the app
  • Family name/slug - To organize family accounts
  • User role - To enforce permissions (owner, adult, child)
  • IP address - For security and fraud prevention
  • Technical data - Browser type, device information, timestamps (automatic)
  • Coarse location - Country-level geolocation provided by our hosting platform for aggregate site statistics

We do NOT collect sensitive personal data such as health information, financial data, or biometric data.

3. What We Do NOT Do

We are committed to data minimalism:

  • We do NOT sell personal data to third parties
  • We do NOT use personal data for advertising or marketing
  • We do NOT track users across websites
  • We do NOT profile or analyze user behavior for commercial purposes
  • We do NOT share data with third parties except as required to operate the service (see Section 7)
  • We do NOT use AI-generated content or conversations for model training

4. Purpose of Data Collection

We use personal data solely to:

  • Authenticate users and manage accounts
  • Provide access to the service and its features
  • Maintain security and prevent fraud or abuse
  • Communicate important service updates (e.g., security alerts)
  • Comply with legal obligations
  • Improve the service based on anonymous, aggregated operational statistics such as daily visits and country-level usage

5. API Keys & User Content

Third-Party API Keys:

  • If you provide third-party API keys (e.g., OpenAI), they remain your property and responsibility
  • API keys are stored encrypted at rest in our database
  • We use them only to make API calls on your behalf when you use the service
  • We do NOT analyze, share, or reuse your API keys

User-Generated Content:

  • Chat conversations and generated images are stored to provide conversation history
  • Content is associated with your account and visible only to you and your family members (if shared)
  • We do NOT use your conversations or images for any purpose other than displaying them back to you
  • Content moderation for child safety is automated and does not involve human review

6. Data Retention

We retain personal data only as long as necessary to operate your account:

  • Active accounts: Data is retained while your account is active
  • Deleted accounts: Personal data is deleted within 30 days of account deletion
  • Chat history: Automatically purged based on your configured retention settings (default: preserve last X chats)
  • Logs: Security and access logs may be retained for up to 90 days for fraud prevention

7. Data Sharing & Third Parties

We share data with third parties only when necessary:

Essential Service Providers:

  • Database hosting (e.g., Supabase, Neon) - stores encrypted user data
  • Authentication (NextAuth.js) - manages login sessions
  • Hosting platform (e.g., Vercel) - hosts the application
  • Operational metrics processing - hosting and database providers process limited request metadata so we can compile daily visit totals and country-level usage statistics

AI Service Providers (User-Controlled):

  • When you use your own API keys, your prompts are sent to your chosen provider (OpenAI, Google, etc.)
  • These providers have their own privacy policies - we recommend reviewing them
  • We are NOT responsible for third-party data handling

Legal Requirements:

We may disclose data if required by law, court order, or to protect our rights and safety.

8. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Correction: Update inaccurate or incomplete data
  • Right to Deletion: Delete your account and associated data (via account settings)
  • Right to Data Portability: Export your data in a machine-readable format
  • Right to Withdraw Consent: Stop using the service at any time
  • Right to Object: Object to specific data processing activities
  • Right to Lodge a Complaint: Contact your local data protection authority

To exercise these rights, contact us at support@familyaizone.comor use the account deletion feature in your settings.

9. Cookies & Tracking

Family AI Zone uses essential cookies only, required for authentication and basic functionality:

  • Session cookies: Keep you logged in
  • Security cookies: Prevent CSRF attacks
  • Preference cookies: Remember your dark mode setting

We do NOT use:

  • Advertising cookies
  • Tracking pixels
  • Third-party analytics (e.g., Google Analytics)
  • Social media cookies

We do collect limited server-side operational metrics without analytics cookies or client-side tracking scripts. These metrics may include the request date, hosting-provider country code, and a short-lived anonymized daily hash derived from request metadata to estimate daily unique visitors. We do not store raw IP addresses in analytics tables and we do not use these metrics for advertising, profiling, or cross-site tracking.

See our Cookie Policy for more details.

10. Data Security

We use reasonable technical and organizational measures to protect personal data:

  • Passwords are hashed using bcrypt (never stored in plain text)
  • API keys are encrypted at rest using industry-standard encryption
  • HTTPS encryption for all data in transit
  • Access controls and authentication for database access
  • Regular security updates and patches

No system is 100% secure, but we continuously work to minimize risk. If you suspect a security issue, please report it to support@familyaizone.com.

11. Children's Privacy (COPPA Compliance)

Our Family-Centric Model

Child accounts are a core feature of Family AI Zone. We are designed specifically to allow parents to create safe, filtered AI experiences for their children.

Parental Consent Model

  • Only adults (18+) can create family accounts - children cannot register independently
  • Family owners create child accounts - by creating a child account, parents provide verifiable parental consent under COPPA
  • Parents maintain full control - family owners can view all child conversations, modify settings, and delete accounts at any time
  • Children under 13 require parent/guardian to create their account - this satisfies COPPA's parental consent requirement

Data Collection from Children

For child accounts, we collect minimal data:

  • Username (chosen by parent, no email required for child accounts)
  • Role (marked as "child" to enable content filtering)
  • Conversation history (to provide chat functionality and enable parental review)
  • Usage data (to enforce quotas and show parents usage statistics)
  • Minimal operational metrics (daily visit counts and country-level usage, stored in aggregate form)

We do NOT collect from child accounts: Email addresses, phone numbers, precise geolocation, photos/videos (except AI-generated images), or any sensitive personal information.

How Child Data is Protected

  • Content filtering: All prompts and responses are filtered for age-appropriate content
  • Parental visibility: Family owners can view all child conversations
  • No third-party sharing: Child data is never sold, shared with advertisers, or used for profiling
  • Same security standards: Child data receives the same encryption and protection as adult data
  • No AI training: We do not use child conversations to train AI models
  • No behavior profiling: Operational visit metrics are used only for aggregate traffic measurement and capacity planning

Parent Rights

As a family owner, you have the right to:

  • Review all data collected from your child's account
  • Request deletion of your child's data at any time
  • Refuse further collection by deleting the child account
  • Export your child's conversation history

If you have any questions about our children's privacy practices, please contact support@familyaizone.com.

12. International Data Transfers

Our service may be hosted on servers located outside your country. By using the service, you consent to the transfer of your data to these locations. We ensure that data transfers comply with applicable data protection laws through standard contractual clauses or other legal mechanisms.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

14. Contact & Data Protection Officer

If you have questions, requests, or concerns regarding privacy, please contact us:

Email: support@familyaizone.com

← Back to Home