Privacy Policy

Last Updated: November 5, 2024

1. Introduction

Welcome to StarJar ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our family behavior management platform, available via our website at starjar.uk and our mobile application (collectively, the "Service").

StarJar helps parents manage and track their children's positive behaviors, set goals, and provide rewards. We are committed to protecting your privacy and being transparent about our data practices.

By using StarJar, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use StarJar, we collect the following information that you provide:

• Parent/Guardian Account Information: Email address, password (encrypted), and optionally your name
• Children's Profile Information: Children's first names (or nicknames), ages, and optionally profile pictures you upload
• Behavior Tracking Data: Points awarded, behaviors tracked, goals set, rewards defined, and pocket money amounts
• Family Settings: Custom behaviors, milestones, rewards, interest rates, and weekly reset preferences
• Payment Information: Billing information is processed through our payment processor, Stripe. We do not store your full credit card details on our servers

2.2 Information Collected Automatically

When you access our Service, we may automatically collect:

• Device Information: Device type, operating system, browser type, and unique device identifiers
• Usage Data: Pages visited, features used, time spent in the app, and interaction patterns
• Technical Data: IP address, browser type, and access times for security and service improvement purposes
• Push Notification Tokens: If you enable push notifications, we collect device tokens to send you reminders and updates

2.3 Information We Do NOT Collect

We want to be clear about what we don't collect:

• We do NOT collect precise location data
• We do NOT collect data directly from children
• We do NOT access your contacts, call logs, or SMS messages
• We do NOT use tracking cookies for advertising purposes
• We do NOT sell your data to third parties

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Enable family behavior tracking, point management, goal setting, and rewards features
• Maintain Your Account: Manage your subscription, authenticate your login, and provide customer support
• Send Notifications: Deliver push notifications for daily reminders (if you opt in)
• Process Payments: Handle subscription billing through our payment processor
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

4.1 Within Your Family

Information about your children's profiles, points, and progress is accessible to:

• Anyone with whom you share your unique Family Dashboard link (typically your children)
• Co-parents or family members with whom you share your admin login credentials

You control this sharing by managing who has access to your family code and login details.

4.2 Service Providers

We share your information with trusted third-party service providers who help us operate our Service:

• Firebase (Google Cloud): Provides hosting, database, authentication, and cloud messaging services. Firebase Privacy Policy
• Stripe: Processes payment transactions. Stripe Privacy Policy
• Capacitor: Enables our mobile app functionality. Capacitor Privacy

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Legal process (e.g., court orders, subpoenas)
• Requests from government authorities
• Protection of our rights, property, or safety, or that of our users or the public

4.4 Business Transfers

If StarJar is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

4.5 What We DON'T Share

• We do NOT sell your data to advertisers or data brokers
• We do NOT share your data for third-party marketing purposes
• We do NOT provide your children's information to third parties except as described in this policy

5. Children's Privacy

5.1 Parental Responsibility

As a parent using StarJar, you are responsible for:

• The accuracy of any information you enter about your children
• Determining what information about your children is appropriate to track
• Obtaining any necessary consent before entering your children's personal information
• Managing access to the Family Dashboard (which can be viewed without login)

5.2 Data About Children

While parents enter information about their children (names, ages, behaviors, points), this data is:

• Provided by parents, not collected from children
• Used solely to provide the family behavior tracking service
• NOT used for advertising or marketing to children
• NOT shared with third parties for their own use
• Protected with the same security measures as all other data

5.3 Compliance with Children's Privacy Laws

We are committed to complying with applicable children's privacy laws, including:

• COPPA (Children's Online Privacy Protection Act): Because parents, not children, use our Service and provide any information about children, we believe COPPA does not apply to our Service. However, we take children's privacy seriously regardless.
• GDPR (General Data Protection Regulation): For users in the EU/UK, special protections apply to children's data, and parental consent is required for processing children's personal data.

5.4 If a Child Uses the Service

If we learn that a child under 18 has created their own account without parental supervision, we will delete that account promptly. If you believe a child has created an unauthorized account, please contact us at info@starjar.uk.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Firebase Security: Your data is stored in Google's secure Firebase platform with industry-standard security practices
• Access Controls: Only authorized personnel have access to your data, and only when necessary to provide support
• Password Protection: Your password is encrypted and never stored in plain text
• Regular Updates: We regularly update our security measures to address new threats

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Your Rights and Choices

7.1 Access and Update Your Information

You can access and update your account information at any time by logging into your admin dashboard. This includes:

• Updating your email address
• Changing your password
• Modifying children's profiles, behaviors, and goals
• Adjusting notification preferences

7.2 Delete Your Account

You have the right to delete your account and all associated data. To delete your account:

• In-App: Go to Settings → Account → Delete Account
• By Email: Contact us at info@starjar.uk with "Delete My Account" in the subject line

When you delete your account:

• All your personal data and your children's profiles will be permanently deleted within 30 days
• Your subscription will be cancelled
• This action cannot be undone
• Some information may be retained for legal or accounting purposes

7.3 Export Your Data

You can request a copy of your data by emailing info@starjar.uk. We will provide your data in a portable format (JSON or CSV) within 30 days.

7.4 Marketing Communications

We may send you service-related emails (e.g., subscription confirmations, password resets). You cannot opt out of these essential communications. We do not currently send marketing emails, but if we do in the future, you will be able to opt out.

7.5 Push Notifications

You can control push notifications through:

• Your device settings (Android system settings)
• The notification toggle in your admin dashboard

7.6 Additional Rights for EU/UK Users (GDPR)

If you are located in the European Union or United Kingdom, you have additional rights:

• Right to Access: Request confirmation of what data we hold about you
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at info@starjar.uk.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide you the Service. Specifically:

• Account Data: Retained until you delete your account
• Children's Data: Retained until you delete your account or remove a child's profile
• Payment Data: Stripe retains payment information per their retention policy; we only store transaction IDs
• Backup Data: May be retained for up to 30 days in secure backups
• Legal Requirements: Some data may be retained longer if required by law (e.g., for tax or accounting purposes)

9. International Data Transfers

StarJar is operated from the United Kingdom. If you are accessing our Service from outside the UK, please be aware that your information may be transferred to, stored, and processed in:

• The United Kingdom
• The United States (where Firebase/Google Cloud servers are located)

We ensure that such transfers comply with applicable data protection laws, including using Standard Contractual Clauses approved by the European Commission for EU data transfers.

10. Cookies and Tracking Technologies

10.1 What We Use

StarJar uses minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and security (session cookies)
• Firebase Analytics: Basic usage statistics to improve the Service (can be disabled)
• Local Storage: To remember your preferences and settings

10.2 What We DON'T Use

• Third-party advertising cookies
• Cross-site tracking
• Social media tracking pixels

10.3 Your Choices

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Service.

11. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., payment processors, social media). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you by email and/or a prominent notice in the Service
• Your continued use of the Service after changes constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Legal Basis for Processing (GDPR)

For users in the EU/UK, we process your personal data based on the following legal bases:

• Contract: Processing necessary to provide the Service you've subscribed to
• Consent: Where you've given explicit consent (e.g., for push notifications)
• Legitimate Interests: To improve our Service, detect fraud, and ensure security
• Legal Obligation: To comply with legal requirements (e.g., tax laws)

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act:

• Right to Know: Request information about data we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at info@starjar.uk.

15. Contact Us

16. Definitions

• "Service" refers to the StarJar website and mobile application
• "You," "Your" refers to the parent or guardian using the Service
• "We," "Us," "Our" refers to StarJar
• "Personal Information" means information that identifies you or your children
• "Child" or "Children" refers to individuals under 18 years of age (or the age of majority in your jurisdiction)

This Privacy Policy was last updated on November 5, 2024. By continuing to use StarJar after this date, you acknowledge that you have read and understood this Privacy Policy.