Privacy Policy

1. Our Commitment to Privacy

FamilySafeAI (“FSAI,” “we,” “us,” or “our”) was built on a foundational principle: your family's privacy is not a product. Unlike many technology services, our business model is based entirely on subscription revenue, not on the collection, sale, or monetization of your personal data.

We do not sell your data. We do not build profiles on you. We do not allow third parties to identify you through our Service.

This Privacy Policy explains what information we collect, how we handle it, and the architectural decisions we've made to protect your family.

2. How Our Privacy Architecture Works

FSAI is middleware — we sit between your family and AI providers. When you submit a request:

• Your request passes through our privacy layer, which removes identifying information before it is sent to any AI model
• All requests to AI providers are routed through a single shared credential, making it architecturally impossible for AI providers to distinguish one user from another
• AI providers receive the content of your request but never your name, email, account details, or any information that could identify you or your family

This is not a policy decision that could be reversed — it is built into the technical architecture of the Service.

3. Information We Collect

Account Information

When you create an account, we collect:

• Email address (used for authentication and essential communications)
• Password (stored in encrypted form; we cannot access your password)
• Your selected tier assignments for family members
• Filter preferences (faith denomination, political perspective, if enabled)
• Place of worship information (if voluntarily provided through the faith filter setup)

Usage Data

We track the cost and volume of AI usage per app for the purpose of billing and throttling. This includes:

• Number of requests made
• Token counts and associated costs per transaction
• Which AI model served each request

This data is associated with your account for billing purposes and is deleted upon account cancellation and completion of all billing obligations.

Payment Information

Payment processing is handled by Stripe. FSAI does not directly store your credit card numbers, bank account details, or other payment instruments. Stripe's handling of your payment information is governed by Stripe's own privacy policy and PCI compliance standards.

4. Conversation Data

This is the most important section of this policy for most users.

Conversation data is stored temporarily in short-term server memory solely to maintain continuity within an active session. This temporary storage allows you to have a back-and-forth conversation with the AI without starting over with each message.

Once your session ends, this data is automatically purged through standard infrastructure processes. We do not maintain long-term archives of your conversations. We do not review your conversations. We do not use your conversations for marketing, profiling, or any purpose other than delivering the Service to you in real time.

Your original request is temporarily held in server memory during processing. The anonymized version — the version that has had identifying information removed — is what is sent to the AI provider. Both are purged when your session ends.

5. The Feedback Exception

There is one exception to the conversation data practices described above: the Unexpected Response feedback feature.

When you voluntarily report an unexpected or unsatisfactory AI response:

• The response content and associated metadata (tier, age group, model used, active filter settings) are stored for analysis
• Your identity is not stored with this data. The feedback system is architecturally designed so that reports cannot be traced back to any individual user, account, or email address
• Reports are grouped together in a shared database with all other feedback — there is no per-account or per-user feedback history
• Once an issue has been categorized and resolved, only the metadata and issue category are retained. All other associated data is deleted

This data is used exclusively to improve prompt quality, response accuracy, and overall Service performance.

6. Third-Party Service Providers

The Service relies on the following third-party providers to operate. Each provider may process certain data as part of delivering their service:

• AI Model Providers (via OpenRouter): Receive anonymized request content only. Cannot identify individual users.
• Database and Authentication Provider (Supabase): Stores account information, preferences, and usage data. Hosted in AWS US-East-2 (Ohio, USA).
• Hosting and Infrastructure (Vercel): Processes requests and temporarily handles data in transit. Provides security services including DDoS protection and bot filtering.
• Payment Processor (Stripe): Handles all payment transactions. FSAI does not store payment instrument details.
• Caching (Upstash Redis): Caches shared system configuration data (prompts, filter definitions, routing rules). Does not cache personal data or conversation content.

None of these providers receive information that would allow them to identify which specific individual made a particular AI request. This is by design.

7. What We Do Not Do

To be explicit:

• We do not sell, rent, lease, or trade your personal data to anyone, for any reason, under any circumstances
• We do not build behavioral profiles on users
• We do not serve advertisements or allow third parties to advertise to you through our Service
• We do not track your browsing habits outside of the Service
• We do not share your conversation content with anyone other than the AI provider processing your request, and that provider cannot identify you
• We do not use your personal data for AI model training

8. Future De-Personalized Data Programs

FSAI may in the future make de-personalized, aggregated metadata available to AI companies for the purpose of model testing and optimization. If such a program is established:

• Only metadata will be shared — never personal information, conversation content, or anything that could identify an individual user
• No agreement will be entered into that involves the sale of personal data, identification of users, or targeted marketing
• Subscribers will be notified before any such program begins
• Such programs may provide user benefits including discounted or complimentary access to new AI tools, enhanced performance, and early access to emerging capabilities

9. Children's Privacy

FamilySafeAI provides services designed for use by children (KIDS tier, ages 10-12) and teenagers (TEEN tier, ages 13-17), but only under the supervision and control of an adult Admin account holder.

We do not knowingly collect personal information directly from children. Children's accounts are created and managed by their parent or guardian through the Admin account. The minimal information associated with a child's app (tier assignment and filter preferences) is set by the Admin, not the child.

FSAI is a middleware platform and does not make claims of COPPA compliance. We do not collect, store, or process children's personal data beyond what is described in this policy. If you believe a child has provided personal information to us directly, please contact us at dsd.gr8ful@gmail.com and we will promptly delete it.

10. Data Retention and Deletion

Conversation data: Temporarily stored during active sessions only. Automatically purged when the session ends.

Feedback data: De-identified metadata retained for service improvement. Cannot be traced to individual users.

Usage data: Retained during active subscription for billing and throttling. Deleted upon account cancellation and completion of all billing obligations.

Account data: Upon cancellation and completion of all financial obligations, all account information, preferences, and usage records are permanently deleted. The only information retained is what our payment processor is legally required to maintain (typically email address and transaction records).

We delete data as early as we conceivably can while still operating the Service and meeting our legal obligations.

11. Security

We employ multiple layers of security to protect your data:

• Network-level protection including DDoS mitigation, web application firewall, and bot filtering
• API rate limiting to prevent abuse
• Row-level database security ensuring users can only access their own data
• Encrypted password storage
• Automatic session timeout after periods of inactivity

No system is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. If you become aware of any security breach, please contact us immediately at dsd.gr8ful@gmail.com.

12. Your Rights

You have the right to:

• Access the account information we store about you
• Correct inaccurate account information
• Delete your account and all associated data (subject to completion of billing obligations)
• Cancel your subscription at any time

California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any of these rights, contact us at dsd.gr8ful@gmail.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active subscribers via email at least 30 days before taking effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices:

DsD Adventures LLC

Email: dsd.gr8ful@gmail.com

Website: familysafeai.org