Privacy Policy

Last Updated: October 15, 2025

1. Introduction

AupairSync (“we,” “our,” or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our beta testing platform and landing page.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you consent to the data practices described in this policy.

2. Data We Collect

2.1 Information You Provide

  • Email Address: Collected when you sign up for beta testing access
  • Contact Information: If you contact us for support or inquiries

2.2 Automatically Collected Information

  • Analytics Data: Page views, session duration, device type, browser type, and operating system via Google Analytics 4
  • UTM Parameters: Marketing campaign source, medium, and campaign name from URL parameters
  • Performance Metrics: Core Web Vitals (LCP, FID, CLS, TTFB, FCP, INP) to improve site performance
  • Cookies: Google Analytics cookies for user identification and tracking (see Cookie Policy below)

2.3 Data We Do NOT Collect

We practice data minimization. We do not collect:

  • Passwords or authentication credentials (beta access is email-based only)
  • Payment information (beta testing is free)
  • Sensitive personal data (race, religion, health information, etc.)
  • Location data beyond country-level (inferred from IP address by analytics)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Beta Testing Communication: To send you TestFlight invitations, updates, and important notifications
  • Analytics and Improvement: To understand user behavior, optimize our platform, and measure marketing effectiveness
  • Customer Support: To respond to your questions, feedback, and support requests
  • Legal Compliance: To comply with legal obligations and protect our rights

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

4. Data Storage and Security

4.1 Where We Store Your Data

  • Primary Storage: Firebase Firestore (Google Cloud Platform, US servers)
  • Email Service: Resend (US-based email delivery service)
  • Analytics: Google Analytics 4 (Google Cloud Platform)

4.2 Data Retention

  • Email Addresses: Retained until you request deletion or for up to 2 years of inactivity
  • Analytics Data: Retained for 26 months (Google Analytics default) for historical analysis
  • Support Communications: Retained for 2 years for record-keeping purposes

4.3 Security Measures

We implement industry-standard security practices:

  • Encrypted data transmission (HTTPS/TLS)
  • Firebase Security Rules to restrict unauthorized access
  • API key restrictions and domain whitelisting
  • Regular security audits and updates
  • Rate limiting on signup endpoints to prevent abuse

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies through Google Analytics 4. These cookies help us:

  • Distinguish unique visitors and track returning users
  • Understand how users navigate our site
  • Measure the effectiveness of our marketing campaigns
  • Improve site performance and user experience

Cookie Types Used

  • _ga: Google Analytics user identification (expires after 2 years)
  • _ga_[container-id]: Google Analytics session state (expires after 2 years)

You can control cookie preferences through our cookie consent banner (displayed on first visit) or through your browser settings. Note that blocking cookies may affect site functionality and analytics accuracy.

6. Third-Party Services

We use the following third-party services that may process your data:

Google Analytics 4

Purpose: Website analytics and performance monitoring
Data Shared: Anonymous usage data, device information, page views
Privacy Policy: https://policies.google.com/privacy

Firebase (Google Cloud)

Purpose: Database and backend infrastructure
Data Shared: Email addresses, signup metadata, UTM parameters
Privacy Policy: https://firebase.google.com/support/privacy

Resend

Purpose: Transactional email delivery
Data Shared: Email addresses, email content (TestFlight invitations, notifications)
Privacy Policy: https://resend.com/legal/privacy-policy

Vercel (Hosting)

Purpose: Website hosting and edge delivery
Data Shared: Server logs, IP addresses (transient)
Privacy Policy: https://vercel.com/legal/privacy-policy

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. We will delete your email address and associated signup data upon request.

Right to Data Portability

You can request your data in a machine-readable format (JSON/CSV) for transfer to another service.

Right to Object

You can object to processing of your data for direct marketing or analytics purposes.

Right to Restrict Processing

You can request limitation of how we process your data in certain circumstances.

Right to Withdraw Consent

You can withdraw consent for data processing at any time (e.g., unsubscribe from emails, delete account).

Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we have violated your privacy rights.

8. Data Requests and Contact

To exercise any of your GDPR rights or for privacy-related inquiries, please contact us at:

Email: privacy@aupairsync.com

We will respond to all requests within 30 days as required by GDPR.

How to Request Data Deletion

  1. Email privacy@aupairsync.com with subject “Data Deletion Request”
  2. Include your email address used for beta signup
  3. We will confirm your identity and process deletion within 30 days
  4. You will receive confirmation once deletion is complete

9. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@aupairsync.com.

10. International Data Transfers

Your data may be transferred to and processed in the United States where our servers and third-party services are located. We ensure adequate safeguards are in place:

  • Google Cloud Platform (Firebase) complies with EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs) with third-party processors
  • GDPR-compliant Data Processing Agreements (DPAs) with all vendors

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Updating the “Last Updated” date at the top of this page
  • Sending an email notification to beta testers (for material changes)
  • Displaying a notice on our landing page

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: Email signup for beta testing (you explicitly opt-in)
  • Legitimate Interest: Analytics and site improvement (balanced against your privacy rights)
  • Contractual Necessity: Providing beta access and support as part of our service agreement
  • Legal Obligation: Compliance with applicable laws and regulations

13. Contact Information

For any questions, concerns, or requests related to this Privacy Policy or your personal data:

AupairSync

Email: privacy@aupairsync.com

General Inquiries: support@aupairsync.com

This Privacy Policy is effective as of October 15, 2025 (Version 1.0)