← Back to app

Privacy Policy

Effective date: 23 March 2026

1. Who we are

Earrnd ("Earrnd", "we", "us", "our") is a family calendar and task management application operated from Australia. We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the service you agree to this Privacy Policy. If you do not agree, please stop using the service.

2. Data we collect

We collect only what is necessary to provide the service:

  • Account data: email address, display name, colour preference.
  • Family data: family name, member names, timezone.
  • Calendar data: events, categories, recurrence rules you create.
  • Chore and wallet data: chores, completion records, wallet transactions.
  • Security data: hashed PINs (stored using bcrypt — we cannot read your PIN), session tokens.
  • Technical data: IP addresses (for rate limiting and security auditing), browser user-agent strings.

We do not collect payment card details (handled by Stripe), sell your data, or use it for advertising.

3. Children's data

Earrnd is designed for family use and may hold the first names and activity schedules of children. Children's accounts are created and managed exclusively by a parent or guardian. We do not knowingly collect data directly from children under the age of 13 without verifiable parental consent. If you are a parent and believe we hold data about your child that you did not authorise, please contact us at privacy@earrnd.com and we will delete it promptly.

4. How we use your data

  • To provide, operate and improve the service.
  • To send login links and invite emails you have requested.
  • To enforce rate limits and detect abuse.
  • To comply with legal obligations.

We do not use your data for profiling, targeted advertising, or any purpose unrelated to operating the service.

5. Data storage and security

Your data is stored in a PostgreSQL database hosted on Railway. Email delivery is provided by Resend. All connections use TLS encryption in transit. PINs are hashed with bcrypt and are unreadable by us. Session tokens are rotated on every login. We maintain security audit logs for up to 90 days.

Overseas storage: Railway and Resend are US-based services and your data may be stored on servers located outside Australia. By using the service you consent to this. These providers are bound by their own privacy policies and applicable data protection laws.

Despite reasonable precautions, no system is perfectly secure. You use the service at your own risk.Earrnd accepts no liability for unauthorised access to your data resulting from circumstances outside our reasonable control.

6. Data sharing

We share data with third parties only where strictly necessary:

  • Railway — cloud hosting and database.
  • Resend — transactional email delivery.
  • Stripe — payment processing (if applicable; Stripe handles card data, we never see it).

We do not sell, rent, or share your personal data with any other third party. We may disclose data if required by law or to protect the safety of users.

7. Your rights (Australia)

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

  • Access — request access to the personal information we hold about you. You can download your data directly via Settings → Download My Data.
  • Correction — request correction of inaccurate or out-of-date information. You can update most details in Settings, or contact us for anything else.
  • Deletion — delete your account and all associated data via Settings → Delete Account. This is permanent.
  • Portability — export your data in JSON format via Settings → Download My Data.
  • Complaints — if you are unhappy with how we handle your information, contact us first. If unresolved, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, email privacy@earrnd.com.

8. Cookies and local storage

We use a single HttpOnly session cookie to keep you logged in. We also store a limited offline cache in your browser's IndexedDB (calendar events only, no PINs or payment data) to support offline access. We do not use tracking cookies or third-party analytics cookies.

9. Data retention

Your data is retained for as long as your account is active. When you delete your account, all personal data is deleted within 30 days (including backups). Anonymised aggregate statistics (e.g. total event count) may be retained indefinitely. Security audit logs are retained for 90 days then deleted.

10. Limitation of liability

The service is provided "as is" without warranty of any kind, express or implied. Earrnd shall not be liable for any indirect, incidental, special, consequential or punitive damages, or any loss of profits, data, or goodwill, arising from your use of or inability to use the service. Our total liability to you for any claim shall not exceed the total amount you paid us in the 12 months preceding the claim.

11. Changes to this policy

We may update this policy from time to time. We will notify you by email or in-app notice at least 14 days before material changes take effect. Continued use after that date constitutes acceptance.

12. Contact

Earrnd
Australia
Email: privacy@earrnd.com
For privacy complaints, contact the OAIC at oaic.gov.au.

Terms of Service · Back to app