How we handle your family's data.

We store your family's educational records — photos of work, entry summaries, attendance, reading log — to produce a year-end portfolio. We do not sell data. We do not show ads. We do not use children's data to train AI models. Photos are stored privately and only your family can view them. You can export or delete your data at any time.

To run the product, we need:

• Account info: your name, email, and password (hashed). If you sign in with Google, we receive your email and name from Google.
• Family info: your family name, state, school year, and the names, grades, and (optionally) birthdates of your children.
• Educational records: entries you log, photos you upload, attendance, reading list. This is the core data the product exists to manage.
• Payment info (if you subscribe): handled entirely by Stripe. We never see card numbers — we only receive a subscription status and a customer ID.
• Email events (if you use email-to-entry): sender, subject, status of each forwarded email, and any photo attachments.

• We do not sell your data to anyone, ever.
• We do not show advertising in the product.
• We do not train AI models on your children's data or photos.
• We do not share data with school districts, the state, or anyone else, unless you explicitly export or share a portfolio link.
• We do not require children's birthdates — if you provide one, it's used only to display grade levels in the app.

Account data and educational records are stored in Supabase (Postgres) hosted in the US. Photos are stored in Supabase Storage with private access controls and signed URLs that expire. When AI features are used, the relevant data (a photo, an entry summary) is sent to Anthropic and/or OpenAI for processing under their respective enterprise data policies — they do not train on this data.

Stripe handles all payment processing. We use Postmark for transactional and inbound email (the email-to-entry feature).

The product is designed for parents, not children. The account holder is the parent, and the parent controls all data about the children in the family. Children do not have direct accounts.

If a child under 13 ever signs up — for example, in a hypothetical future "child self-capture" feature — we will require verifiable parental consent before collecting any personal information from them, consistent with COPPA. We do not currently have that feature.

• You and any co-parents you grant access to (v2 feature).
• Anyone you send a portfolio share link to, for as long as that link is valid. Share links expire and can be revoked at any time.
• Our small operations team, when necessary for support, security investigation, or legal compliance. We minimize this access.
• Service providers (Supabase, Stripe, Anthropic, OpenAI, Postmark, Vercel) under contract, only to the extent they need to perform their service.

Row Level Security policies in our database enforce family-level isolation: no parent's data is accessible to another parent, period.

We keep your data for as long as your account is active. If you cancel and don't return, we keep your data for at least 2 years after subscription end — that's the Florida statute's portfolio retention requirement, and we don't want to be the reason you lost records during a district inspection window.

You can request deletion of your data at any time by emailing us. We will permanently delete account, family, child, and entry data within 30 days of a deletion request, except as required by law (payment records, etc.).

You can, at any time:

• Export your data (portfolios are exportable as PDF; raw data export available on request).
• Correct or delete entries from inside the app.
• Revoke share links.
• Cancel your subscription from the billing page.
• Request complete account deletion by emailing us.

If we make material changes, we'll email account holders and update the effective date at the top of this page. Continued use of the product after notification constitutes acceptance.

Questions, concerns, or deletion requests: privacy@homeschoolportfolio.com.