Privacy Policy

Last updated: 25 May 2026

OurFamilyGrid ("we", "us", "our") is committed to protecting the privacy of your personal information. This policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

OurFamilyGrid is a family management platform operated by Timothy Jollie, UK. Contact: timjollie@gmail.com

2. Data We Collect

• Account data: name, email address, password (bcrypt hashed), household name.
• Profile data: date of birth, gender, phone number, postcodes — all optional.
• Health data: mood logs, appointments, blood pressure, medications — entered voluntarily by you.
• Financial data: bank transactions imported via Plaid (read-only), manual transactions you enter. Transaction descriptions from bank feeds are encrypted at rest.
• Household data: tasks, shopping lists, garden, vehicles, pets, calendar events, and other content you choose to add.
• Usage data: basic server logs (IP address, pages visited) retained for 30 days for security purposes.

3. How We Use Your Data

• To provide and operate the OurFamilyGrid service.
• To allow household members you have invited to share relevant data.
• To connect to third-party services you explicitly authorise (e.g. Plaid for bank feeds, DVSA for MOT data).
• We do not sell, rent, or share your personal data with advertisers or third parties for marketing purposes.

4. Legal Basis for Processing

We process your data under the following lawful bases:

• Contract: to provide the service you have signed up for.
• Legitimate interests: to maintain security and prevent fraud.
• Consent: for optional third-party integrations (bank feeds, AI features).

5. Data Storage and Security

• All data is stored on UK-based servers.
• Passwords are hashed using bcrypt (cost factor 12) and never stored in plaintext.
• Bank transaction descriptions from Plaid are encrypted at rest using AES-256-GCM.
• All connections use TLS 1.2+ (HTTPS enforced).
• Server access is restricted to the developer via SSH key authentication.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time via Profile → Security → Delete My Account, or by emailing timjollie@gmail.com.

Server access logs are automatically deleted after 30 days.

7. Android Health Connect

The OurFamilyGrid Android app integrates with Android Health Connect to optionally read and write health and fitness data on your device. This section explains exactly how that data is handled.

Data types accessed (with your explicit permission):

• Steps
• Heart rate
• Blood pressure
• Weight
• Sleep sessions
• Blood glucose
• Active calories burned

How we use Health Connect data:

• Health data is read solely to display your personal health trends within the OurFamilyGrid app.
• With your permission, we write values (e.g. blood pressure readings you enter) back to Health Connect so they are available to other apps you use.
• Health Connect data is stored on your device and, if you are logged in, synced to your personal account on our UK-based servers in encrypted form.
• Health Connect data is never sold, rented, shared with advertisers, or disclosed to third parties for any purpose other than providing the OurFamilyGrid service.
• Health Connect data is never used for advertising or marketing.
• Health Connect data is never used for any purpose incompatible with the Health Connect Permissions policy.

Revoking Health Connect permissions: You can revoke Health Connect permissions at any time via Android Settings → Health Connect → App permissions → OurFamilyGrid. Revoking permissions stops all future data access; previously synced data can be deleted by emailing timjollie@gmail.com or via Profile → Security → Delete My Account.

9. Third-Party Services

• Plaid: used for read-only bank transaction imports. Plaid's privacy policy applies to data shared with them during bank connection.
• Anthropic Claude AI: used for plant identification and health note summaries. Data sent is limited to the specific content you submit.
• DVSA: vehicle registration numbers are sent to the DVSA MOT History API to retrieve MOT records.
• GoFundMe: our donation widget is served by GoFundMe and governed by their privacy policy.
• Google Analytics / Tag Manager: used on the public landing page only. Not used inside the authenticated application.

10. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to processing.
• Data portability.
• Lodge a complaint with the ICO (ico.org.uk).

To exercise any of these rights, email timjollie@gmail.com. We will respond within 30 days.

11. Cookies

We use a single session cookie to keep you logged in. No advertising or tracking cookies are used within the application. The public landing page uses Google Analytics cookies.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be notified via the application. The current version is always available at ourfamilygrid.com/privacy.

OurFamilyGrid · UK-hosted · GDPR compliant · timjollie@gmail.com