Privacy Policy

Effective Date: November 30, 2025

Summary for Families: We prioritize data minimization. We do not ask for or store your children's last names. We are fully GDPR compliant, encrypt your sensitive data, and give you full control over retention.

This Privacy Policy explains how OurFamilyGrid ("We," "Us," or "Our") collects, uses, and protects information when you use our web application (the "Service"). By using our Service, particularly features related to health tracking and family management, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1. Personal & Family Data

To provide our family management services, we collect:

  • Account Data: Parent/Guardian full name, email address, and encrypted password.
  • Family Members (Children): First Name (or Nickname) ONLY, and Date of Birth.
  • Contact Lists: Details for third parties relevant to your family care (e.g., Doctors, Teachers).
Data Minimization: We strictly do not collect the full names (surnames) of children. We encourage the use of First Names or Nicknames only to ensure their privacy.

1.2. Special Category Data (Health & Medical)

Under GDPR Article 9, we process "Special Category Data" only with your Explicit Consent. This includes:

  • Medication Schedules: Names of medications, dosages, and administration times.
  • Medical Appointments: Dates, times, locations, and notes regarding doctor visits.
  • Health Notes: Allergy information, symptoms, or medical history notes you explicitly enter into the system.
Encryption: All Special Category Data is encrypted at rest in our database. We cannot see the specific medical details of your entries; we only process the alerts and reminders associated with them.

1.3. Integrated Services Data

If you choose to link third-party services:

  • Google Calendar: We access event titles, times, and descriptions to sync your schedule.
  • WhatsApp Business: We process your phone number and incoming message commands to update your lists/calendar. We do not store message history.
  • TikTok Pixel: If you accept marketing cookies, we collect aggregated usage data for advertising effectiveness.

2. Children's Data & Parental Consent

2.1. The Role of the Parent/Guardian

Our Service is intended for use by adults (Parents/Guardians) to manage family data. We do not knowingly collect data directly from children under 13.

By adding a child's profile to OurFamilyGrid, you represent and warrant that:

  • You are the legal parent or guardian of the child.
  • You explicitly consent to the processing of the child's data (including health data) for the purpose of family management.
  • You understand that providing only a First Name/Nickname is a security feature we enforce.

2.2. Age of Majority & Data Transfer

We recognize that children grow up and acquire rights over their own data, even if that data is pseudonymized (First Name only).

  • Upon turning 18: The legal ownership of data regarding a specific individual theoretically transfers to them.
  • Retention Policy (The "21 Years + 3 Months" Rule): To comply with potential medical record retention requirements (often required for limitation periods regarding medical negligence claims), our system allows retention of health logs for up to 21 years and 3 months from the date of birth.
  • The Mechanism: When a child profile reaches the age of 18, the Primary Account Holder will be notified. You must either:
    1. Transfer: Invite the (now adult) child to create their own account.
    2. Consent: Obtain explicit consent from the (now adult) child to keep managing their data.
    3. Delete: If no action is taken, data specifically linked to that individual profile will be scheduled for deletion once they reach the age of 21 years and 3 months.

3. How We Use Your Data

  • Service Provision: To provide reminders for medication, appointments, and family logistics.
  • Emergency Access: To allow you to generate "Carer Sheets" or "Emergency Cards" for babysitters or medical personnel.
  • Notifications: To send emails or WhatsApp messages regarding upcoming tasks.

4. Data Retention & The Right to Erasure

4.1. General Retention

We retain your data only as long as your account is active. You may delete data entries (e.g., a specific appointment) at any time, and it will be immediately removed from our active database.

4.2. Account Deletion

You have the Right to Erasure (Right to be Forgotten). You can request full account deletion via your Dashboard Settings.

  • Immediate Effect: Your login will be disabled.
  • Grace Period: Data remains in encrypted backups for 30 days (for disaster recovery purposes).
  • Permanent Erasure: After 30 days, all data, including medical and children's records, is permanently scrubbed from our servers.

5. Data Security

Given the sensitivity of the data we hold:

  • Pseudonymization: By strictly storing only First Names/Nicknames for dependents, we reduce the risk of personal identification in the event of a breach.
  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest (AES-256).
  • Access Control: Our staff does not have access to your specific medical notes or children's details. Support is handled via metadata only.
  • Data Sovereignty: Your data is hosted on servers located within the United Kingdom/EU (as applicable) and complies with GDPR data transfer requirements.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of all data we hold about you and your family (Data Portability).
  • Rectify: Correct any inaccurate data via your dashboard.
  • Withdraw Consent: You may withdraw consent for processing health data at any time by deleting the medical profile or the account.

7. Contact Us

For specific inquiries regarding Medical Data retention or Children's Privacy:

Data Protection Officer
Email: dpo@ourfamilygrid.com

General Support
Email: hello@ourfamilygrid.com