Privacy Policy

Last Updated: January 31, 2026

1. Introduction

AuPairSync (“we,” “our,” or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and iOS application.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the data practices described in this policy.

2. Data We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and role (parent or au pair) when you create an account
  • Family Data: Children's names and ages, family preferences, schedules, tasks, and messages you create within the app
  • Contact Information: If you contact us for support or inquiries

2.2 Automatically Collected Information

  • Analytics Data: Page views, session duration, device type, browser type, and operating system via Google Analytics 4
  • App Usage Data: Feature usage, crash reports, and performance metrics via Firebase Analytics and Crashlytics
  • UTM Parameters: Marketing campaign source, medium, and campaign name from URL parameters
  • Cookies: Google Analytics cookies for user identification and tracking (see Cookie Policy below)

2.3 Data We Do NOT Collect

We practice data minimization. We do not collect:

  • Payment card details (payments are processed securely by Apple via the App Store)
  • Sensitive personal data (race, religion, health information, etc.)
  • Precise location data (we only infer country-level from IP address for analytics)
  • Contacts or photos from your device (unless you explicitly share them in-app)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service: To operate the app, manage your account, sync family data, and deliver notifications
  • Communication: To send you important updates, onboarding tips, and respond to support requests
  • Analytics and Improvement: To understand user behavior, fix bugs, and improve the app experience
  • Legal Compliance: To comply with legal obligations and protect our rights

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Data Storage and Security

4.1 Where We Store Your Data

  • Primary Storage: Firebase Firestore (Google Cloud Platform)
  • Authentication: Firebase Authentication (email/password, Apple Sign-In, Google Sign-In)
  • Email Service: Resend (email delivery service)
  • Analytics: Google Analytics 4 and Firebase Analytics
  • Error Monitoring: Sentry (crash and error tracking)

4.2 Data Retention

  • Account Data: Retained while your account is active, and for up to 30 days after account deletion
  • Family Data: Retained while your account is active; deleted upon account deletion request
  • Analytics Data: Retained for 26 months (Google Analytics default)
  • Support Communications: Retained for 2 years for record-keeping purposes

4.3 Security Measures

We implement industry-standard security practices:

  • Encrypted data transmission (HTTPS/TLS)
  • Firebase Security Rules to restrict unauthorized access
  • Secure authentication with support for Apple Sign-In and Google Sign-In
  • API key restrictions and domain whitelisting
  • Regular security audits and updates
  • Rate limiting on API endpoints to prevent abuse

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website through Google Analytics 4. These cookies help us:

  • Distinguish unique visitors and track returning users
  • Understand how users navigate our site
  • Measure the effectiveness of our marketing campaigns
  • Improve site performance and user experience

Cookie Types Used

  • _ga: Google Analytics user identification (expires after 2 years)
  • _ga_[container-id]: Google Analytics session state (expires after 2 years)

You can control cookie preferences through our cookie consent banner (displayed on first visit) or through your browser settings. Note that blocking cookies may affect site functionality and analytics accuracy.

6. Third-Party Services

We use the following third-party services that may process your data:

Google Analytics 4

Purpose: Website analytics and performance monitoring
Data Shared: Anonymous usage data, device information, page views
Privacy Policy: https://policies.google.com/privacy

Firebase (Google Cloud)

Purpose: Database, authentication, analytics, crash reporting, and push notifications
Data Shared: Account data, family data, usage analytics, crash reports
Privacy Policy: https://firebase.google.com/support/privacy

Resend

Purpose: Transactional email delivery
Data Shared: Email addresses, email content (welcome emails, notifications)
Privacy Policy: https://resend.com/legal/privacy-policy

Sentry

Purpose: Error and crash monitoring
Data Shared: Error logs, device information, stack traces (no personal data)
Privacy Policy: https://sentry.io/privacy/

Apple (App Store)

Purpose: App distribution and in-app purchases
Data Shared: As per Apple's terms when downloading from the App Store
Privacy Policy: https://www.apple.com/legal/privacy/

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. We will delete your account and all associated data upon request.

Right to Data Portability

You can request your data in a machine-readable format (JSON/CSV) for transfer to another service.

Right to Object

You can object to processing of your data for direct marketing or analytics purposes.

Right to Restrict Processing

You can request limitation of how we process your data in certain circumstances.

Right to Withdraw Consent

You can withdraw consent for data processing at any time (e.g., unsubscribe from emails, delete account).

Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we have violated your privacy rights.

8. Data Requests and Contact

To exercise any of your GDPR rights or for privacy-related inquiries, please contact us at:

Email: privacy@aupairsync.com

We will respond to all requests within 30 days as required by GDPR.

How to Request Data Deletion

  1. Email privacy@aupairsync.com with subject “Data Deletion Request”
  2. Include the email address associated with your account
  3. We will confirm your identity and process deletion within 30 days
  4. You will receive confirmation once deletion is complete

9. Children's Privacy

AuPairSync is designed for use by parents and au pairs (adults). While the app manages information about children (names, ages, schedules), this data is entered and controlled by the parent account holder. We do not knowingly collect personal data directly from children under 16. If you believe we have collected data from a child, please contact us immediately at privacy@aupairsync.com.

10. International Data Transfers

Your data may be transferred to and processed in the United States where our servers and third-party services are located. We ensure adequate safeguards are in place:

  • Google Cloud Platform (Firebase) complies with EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs) with third-party processors
  • GDPR-compliant Data Processing Agreements (DPAs) with all vendors

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the “Last Updated” date at the top of this page
  • Sending an email notification to registered users (for material changes)
  • Displaying a notice in the app or on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: Email signup and account creation (you explicitly opt-in)
  • Contractual Necessity: Providing the Service, managing your account, and syncing family data
  • Legitimate Interest: Analytics, app improvement, and security (balanced against your privacy rights)
  • Legal Obligation: Compliance with applicable laws and regulations

13. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

AuPairSync

Email: privacy@aupairsync.com

General Inquiries: support@aupairsync.com

This Privacy Policy is effective as of January 30, 2026 (Version 2.0)